Zscaler announces Industry-First, integrated SaaS supply chain security capabilities with the acquisition of Canonic Security

Feb. 15, 2023
New capabilities further expand the Zscaler Zero Trust Exchange Data Protection Set of services enabling enterprises to protect data being accessed through third-party applications and integrations.

San Jose, CA., Feb. 14, 2023  Zscaler, Inc. (NASDAQ: ZS), the leader in cloud security, today announced the intent to acquire Canonic Security, a SaaS application security platform innovator. Canonic’s platform is designed to prevent organizations' growing risks of SaaS supply chain attacks. With the massive migration to the cloud, as organizations are adopting hundreds of SaaS platforms, their users are connecting thousands of third-party applications and browser extensions to their critical SaaS platforms like Atlassian Suite, Microsoft 365, Salesforce, Google Workspace, and Slack without IT’s permission.

Corporate IT believes its critical data assets are stored and protected in enterprise-ready SaaS platforms. In reality, these assets are held in third-party drives, email clients, and chatbots, bringing data exposure and cyber risk to their SaaS supply chain. Canonic’s solution allows cybersecurity and IT teams to quickly gain visibility to this ungoverned surface area and streamline SaaS application governance and enforcement.

By integrating the new supply chain security capabilities into its data protection services, Zscaler strengthens its CASB (Cloud Access Security Broker) and SSPM (SaaS Security Posture Management) offerings enabling companies to consolidate point products reducing cost, and simplifying management. This new capability builds upon the company’s recently announced industry-first, zero configuration data protection solution, and Zscaler’s commitment to data protection wherever the data resides.

“When I speak with the top global CIOs, they consistently express their challenges with efficiently securing supply chain logistics due to the massive blind spot in SaaS-to-SaaS communications. While protecting SaaS platforms is necessary with CASB and SSPM, enterprises must reduce the supply chain attack surface, detect SaaS-native threats and automate responses,” said Jay Chaudhry, CEO, chairman and founder, Zscaler. “The addition of Canonic augments our CASB and SSPM capabilities and further strengthens the growing set of services on the Zscaler Zero Trust Exchange, the world’s largest cloud security platform, and provides our customers with unprecedented visibility and security of their SaaS applications. I am pleased to welcome the Canonic team to the Zscaler family as we execute on our vision to advance SaaS security.”

“While the SaaS ecosystem continues to grow, traditional CASB and SSPM solutions fall short to secure against the massive amount of supply chain attacks that are targeting organizations and their critical business applications,” said Boris Gorin, co-founder and CEO, Canonic Security. "The combination of Canonic with Zscaler’s existing inline and out-of-band CASB and SSPM offerings is an ideal technology fit that will accelerate how enterprises address SaaS-native threats and simplify operations by reducing the number of tools for SaaS security.”

According to research firm Gartner, “SaaS remains the largest public cloud services market segment, forecasted to reach $176.6 billion in end-user spending in 2022. Gartner expects steady velocity within this segment as enterprises take multiple routes to market with SaaS.”1 This large-scale move to the cloud has made it difficult for enterprise security operations teams to take control over their growing SaaS app estate and address exposure of their critical cloud data due to the SaaS supply chain – creating a greater attack surface for data breaches. These pain points are amplified due to the current IT skills gaps in the rapidly evolving cloud security space, resulting in an inability for IT to effectively manage the unwieldy set of settings and permissions for which they are responsible.

The addition of Canonic’s advanced SaaS security to Zscaler’s existing data protection will enable customers to:

  • Monitor SaaS Security Posture: Automate continuous monitoring of potentially fatal misconfigurations and compliance violations in SaaS platforms such as Atlassian Suite, Google Workspace, Microsoft 365, Salesforce and Slack.
  • Discover and Assess Third-Party Apps and Extensions: Gain full visibility over first, second and third-party apps and API integrations across the enterprise business application estate. Uncover rogue and vulnerable apps, assess each integration posture, behavior and the risk involved with its API access and browser extensions.
  • Reduce Attack Surface: Quarantine suspicious apps, reduce excessive and inappropriate privileges, revoke and block access if necessary.
  • Enforce Access Governance: Enable app integrations by automating app-vetting and app access recertification processes.

The transaction is expected to close following the completion of Zscaler’s fiscal second quarter subject to the satisfaction of customary closing conditions. Terms of the transaction were not disclosed.