Zscaler, Inc. (ZS) Earnings Call Transcript & Summary

Hello, everyone, and welcome. We are so excited to have you join us today for the special webinar. My name is Punit Minocha, and I'll be guiding you through our session today. We have thousands of customers that leverage Zscaler when they access SAP. It is the single most critical enterprise application used by our customers where security and data privacy are of utmost importance, and yet customers value user experience. In the past, the responsibility to make all this work has been with the customer. We are changing that. Today, I am excited to announce that Zscaler is formally joining the SAP RISE Program. And we will dive into the native integration of Zscaler Private Access in RISE with SAP customer environments, exploring how ZPA can help with zero trust adoption, secure business transformation and unlock new ways of enabling users and partners across the globe. We've got an incredible lineup of speakers who'll be sharing the insights, real-world experiences and actionable strategies. And now without further ado, it is my pleasure to welcome Adam Geller, Chief Product Officer at Zscaler; and Roland Costea, Chief Information Security Officer at SAP. In this keynote session, we'll be talking about the pivotal role of native integrated Zscaler Private Access in RISE with SAP customer deployments and how it enables secure business transformation with its industry-leading zero trust architecture. Let's get started.

Thank you, Punit. Business transformation is clearly a top C-level priority today. Now back in 2013 to 2017, I was spending a lot of my time evangelizing cloud adoption for customers, and that was both moving applications into the cloud as well as adopting cloud-delivered security services. And at that time, it really took a lot of convincing, but not anymore. Cloud truly is the new data center. Gartner is estimating that 95% of workloads deployed in 2025 are going to be deployed in the cloud. And secure access really is a key enabler to that cloud adoption. Zoom is estimating that 75% of the workforce and work environments expect that they're going to be hybrid for many years to come. So that access really needs to be ubiquitous. And it's not just for new application deployments either. So mature applications are going through a modernization as well. Gartner is predicting that 85% of organizations are going through application modernization efforts with a huge bend towards cloud. And what that means most often is that applications are transforming from monolithic legacy tech stacks into cloud-native applications built on a micro services architecture. Roland, can you share a little bit more about RISE with SAP for us?

All right, Adam. So we see cloud ERP as being the future. And by 2030, on-premise ERP will practically disappear or will actually be an exception rather than the norm. And this migration is driven by the need of those customers, those big enterprises out there to become more agile, more efficient and actually even globally -- having globally accessible systems from all over the world, from all over their locations and branches. In the same time, the customers need to adopt the new technologies to use the new features that SAP developed that will only be included in the cloud versions and cloud ERP, RISE with SAP, GROW with SAP. New features like AI capabilities, like the new developments and the new standardization of the business processes and how that is streamlined to what we call business technology platform, all this needs to be adopted and actually to benefit from how we see the agility and the security and the efficiency of the overall platform. At the same time, ECC as the old version of S/4 is going to be end of life by 2027. So the migration to S/4HANA, be it by themselves or in RISE with SAP, is a necessity for our customers. In the same time, looking back from 2020 and 2021, we've seen -- and up until today, we've seen an incredible adoption of RISE with SAP, an exponential growth. Today, more than 30% of the overall global economy runs on RISE with SAP. And from the total amount of customers that we get, we see more than 50% being actually net new customers. So not all customers that actually try to migrate their old systems but even new customers coming in from different ERP or different architectures moving to the setup where SAP is actually driving and helping them with what we try to call the future of business transformation. Now what do you think, Adam, about the, let's say, the main key 3 pillars of security and access to actually consider when the customers adopt RISE with SAP?

So I think that first pillar is really accepting that the hybrid workforce is going to demand seamless access from anywhere. And so anywhere could be a remote worker. They could be in the office, could be a road warrior or could be any sort of hybrid combination across all of that. So really, the employees and partners as well, their productivity is going to hinge on the ability to deliver secure and reliable access from any location. So that's kind of the first pillar. So the second pillar is understanding the risk potential with legacy access solutions. So let's dig into that a little bit more because solutions like VPN, they remain super common as an approach for SAP access, but they actually amplify security vulnerabilities and compliance challenges in today's dynamic threat landscape. So how do they do that? Well, VPNs are a network access-oriented approach, and they lack granular controls. So they're overly permissive, and they create broad attack surface areas and opportunities for lateral movement because they're opening up a path to the entire network and not just the in-scope application. Now the third pillar is that an organization needs to recognize that an SAP migration, it's a unique journey for every organization. So that migration to the cloud is not going to happen overnight. It's going to be a phased journey where systems are going to transition at their own pace based on business priorities and overall organizational readiness. So organizations are going to -- they have to expect to run in a hybrid environment where they have a mix of on-premises and cloud SAP implementations and during this transformation period, don't require or really need an adaptable access solution. So in 2016, Zscaler introduced Zscaler Private Access, or ZPA, and it was really to revolutionize how private apps are securely accessed. And it's the industry-leading zero trust access solution for all private applications, whether they're on-premises or in the cloud. And like I was describing before about those challenges around the network-based approach, Zscaler Private Access really leaps beyond those network-based approaches because it makes the target application really invisible to anyone. So you can't see it unless you are authenticated and authorized as a user and coming through Zscaler Zero Trust Exchange. The context of SAP, Zscaler Private Access will secure and unify access with a least privilege design. And its versatility really makes it ideal for simplifying and unifying access to any SAP application, whether it's running on-premises or in cloud as well as during and after the migration to RISE with SAP. So I'm excited to announce today that we are the first in the industry to natively integrate zero trust access into RISE with SAP. Zscaler's ZPA service now runs natively inside the SAP-managed Kubernetes cluster, which is what powers the customer's private RISE with SAP cloud environment. So let's talk a little bit more about how this works because it's quite simple. You ask SAP to provision ZPA in your RISE with SAP environment. And once that's enabled, you have simple zero trust connectivity with a superior user experience. There's no need for any bolted-on approach. There are no OS-level or hardware-level dependencies that you need to be considering or thinking about. Now that said, any environment like this will absolutely have a level of shared responsibility. So let's talk about who's responsible for what in this design. SAP, of course, is going to host and manage the underlying infrastructure and drive the supported SLAs for that environment. Zscaler is going to deliver zero trust access and broker connection through our Zero Trust Exchange and will own the responsibility in SLA around that infrastructure and service. Now you as the customer, you're going to control your ZPA tenant, which means you set the policies. You manage users and you do it all based on your unique security requirements. So overall, Zscaler Private Access provides flexibility, security and data protection for any kind of SAP user. Let's break that down into what those users typically look like. So you're going to have employees who are on managed devices. And for them, they're going to have a very simple and consistent experience and access, really, from any location across any network, primarily delivered through our client, our Zscaler Client Connector. You're also going to have business partners and employees who might be on unmanaged devices, so it's not really going to be practical to install an agent on those devices. And for them, they're still going to have secure access, and it will be directly through a standard web browser. Now in both scenarios, Zscaler's data classification and protection capabilities are going to be enabled to prevent sensitive data from being unintentionally or intentionally ex-filtrated out of SAP. And it's a great value that we can do that, whether there's a client or not, whether they're on managed devices or unmanaged devices. And finally, for extremely sensitive use cases, we also have the ability to completely isolate the user session really into a view-only type mode to further protect data from being ex-filtrated. Roland I'd love for you to share some final thoughts about this exciting integration.

Yes. I just want to first touch base a bit on an important aspect. You started talking about roles and responsibility, and I want to take it a bit back to the RISE with SAP model that also has a really complex roles and responsibility, where SAP stops at the administrative client triple zero of the application layer in ABAP and the client is still responsible for securing their application traffic for inspecting and deciding how their business users connect. So everything that belongs to the business tenants, business clients or users, the integration of that traffic, understanding what's happening there in that traffic, inspecting the traffic, seeing what can be or cannot be suspicious and how to actually segregate and allow the secure access to their own users from accessing it from everywhere. It's still under customer responsibility. So SAP implemented a lot of zero trust concepts inside the RISE environment to actually secure the overall layers of responsibility belonging to SAP. Still, customer owning the application layer and the application traffic is responsible to complement that picture or to complement the circle with the security on that layer. And that's why in order to have a complete end-to-end zero trust concept, the customer needs to come up with a setup that allows them to fill in the circle in the RISE with SAP model because I've heard there are questions like why exactly do we need to have that if we can benefit from the security of the RISE with SAP model. And the answer is really simple. There is still a responsibility with the customer, and that actually needs to be covered through a model and through an architecture that allows to complement the circle. And therefore, the partnership and Zscaler today is the first and only certified zero trust access partner that could actually offer this end-to-end zero trust concept. And like you had mentioned, yes, there are some benefits overall, and there are 4, I would say, main benefits that every customer adopting the model or implementing, let's say, the architecture that we've built will get. First is the streamlined access management. Definitely, there is this consistency of user-to-app connectivity and SAP running the ZPA agent on top of our Kubernetes environment, and that comes and is really linked with what we just said as consistent SLA. So the SLA that we offer for all the customers in RISE with SAP covers also the ZPA agent and covers also the overall architecture. So it comes with the availability, the performance, the response times and everything that is bundling to. Then it's what we together call secure access with zero trust. It means allowing the possibility to inspect the traffic to actually hidden the application traffic from the public Internet and apply what the customer can call the least -- or the least access privileges. And that is in full control of the customer. They can decide who gets access to what and how that access is actually streamlined. And definitely, maybe the last and not the least is this native provisioning of zero trust access on top of the RISE environment that will, like I said before, allow to fill in this circle and say that, actually, there is an end-to-end zero trust concept and solution that will benefit the customers in the end. Now some thoughts, some final thoughts in -- regarding the partnership and how we see together the architecture, Adam?

Yes. I think for me, RISE with SAP and Zscaler Private Access together kind of present 3 exciting opportunities. So the first one, if you're already using legacy solutions for access. I think this is a great opportunity to take a first step toward zero trust. So leverage this great partnership we have to prove out that you can quickly and securely enable private application access to SAP and do it in a modern and zero trust way that eliminates the security risks that are going to be posed by legacy network access solutions. And second, if you're already a Zscaler customer and you're using Zscaler Internet Access, or ZIA, well then you understand the fundamentals of zero trust. So make the first private application where you extend that same policy and operational paradigm of zero trust be RISE with SAP. And then last but certainly not least, I think you need to meet your business objectives simply in just the best way possible. So eliminate the risks while you're transforming your business by combining what you're doing with the migration to RISE with SAP with iron clad security on Zscaler. So on behalf of myself and Roland, thank you for listening, and we look forward to supporting you in your journey.

Thank you so much, Adam and Roland for those great insights. It's always exciting to see how ZPA is making such a great impact in the SAP world. Now let's see how customers are realizing the benefits of this new announcement. I'm thrilled to welcome Georgios Billios from Siemens. Tobias Thörmann from Volkswagen. And Nataliia Iskra from Deutsche Borse to join us for a fireside chat. They have been on the forefront of navigating SAP RISE and embracing zero trust strategies, and we'll dive into their journey, challenges and key takeaways.

Welcome, Tobias. Maybe I'll start with you as -- I'll give you the first question. Perhaps, Tobias, for you, paint a picture, if you will, about how Volkswagen is implementing SAP, what does that footprint look like and how you are using Zscaler in that journey to bring to your own users.

I'm Tobias from the Volkswagen Group [ IT ] within the Volkswagen Group. We have more than 600,000 employees across the globe, separated in more than over 1,000 brands. And the most known, Audi, Porsche, SEAT, and the most known car ever is obviously the Volkswagen Beetle made in Wolfsburg, Germany. And currently, we are using Zscaler since more than 5 years for more than 400,000 users globally. And as a global company, we have a huge SAP footprint at the Volkswagen Group. We have many implementations at all areas, for example, in the HR for employee management, in the purchasing department and many, many more. For us, it is very important that we improve the security culture with Zscaler and the user communications to corporate data.

Pleasure to have you here. Maybe I'll switch gears and go to Georgios at Siemens. I think everyone knows Siemens. They are a worldwide organization, 1 of the Fortune 50 organizations out there. Georgios, from your standpoint, can you talk about the scale and the breadth of IT at Siemens. And in particular, we are interested in trying to understand how Zscaler and SAP play a very critical part of your infrastructure?

Yes. Thanks for that question, Punit. So at Siemens, we take care of more than 250,000 people, over 1,000 locations in more than 100 factories and of course, too many SAP instances to account for. All of these are taking part in our zero trust strategy and execution, which we started a few years ago with one of our biggest driver being Zscaler Private Access solution. We segment our network. We move our users to the Internet and utilize ZPA to give them access to our workloads. This, for sure, includes also our factories, our OT networks. And on the other hand, of course, our SAP systems. So -- and we are utilizing ZPA's scalability, as we've seen also during COVID, right? It's amazing. We even run it on our [ scale products ]. And together with the security features it offers, it enables us to provide not only secure access to workloads to our users but also to our business partners that need access to our resources. One big part of those resources is our SAP systems. And this is very much assisted by the automations we've built around ZPA API, including like custom interface we also have built to provide our application owners with an easy way to onboard their application to ZPA. With more than 2,000 applications onboard already, many of those are SAP systems. And our zero trust journey continues.

Great. Georgios, I got to echo something you just said. We really do appreciate the partnership, especially during COVID time, where suddenly, everyone went remote. And there was all this pressure on traditional VPN concentrators, which were tipping over. But Zscaler and Siemens came together and enabled you guys to, at scale, move to remote work. Life with ZPA. So much appreciate the partnership and the quick feedback loop that you provided us. Now I'd love to welcome Nataliia from Deutsche Börse. Nataliia, usually, when I start to think of financial industries, cloud is always something that is something that they think about a little later. Security tends be more paramount than anything. And you're probably at the leading edge trying to bring the organization along. Talk to us a little about the transition from legacy to modern zero trust-based security, especially as it relates to data protection, which is so paramount to financial companies like yourself?

Yes. Thank you, Punit. I like this question. It's very interesting specifically because I like to compare our legacy and zero trust world to the treasury, which we have in the vault. And I always say, imagine when you have all your treasury in the vault with one locker and you have a set of people who can lock there. And this is our legacy world. So it's one -- normally, it's one lock with a set of keys, people who can access. What is zero trust and what we've seen the change? Imagine you have completely new set of parameters. You can really define who, when, how and with eye contact or with your fingerprint, can access to your treasury. This is from a very good comparison. In practice, what does it mean? I always like to take from 4 key parameters when we're talking about data protection, specifically. First of all, with zero trust, it's a completely new focus on looking for data protection from the authorization, right, and from the access point of view. So you clearly can define who can access when, what is the need for that. And the beauty of that, that, of course, us as leaders of the companies, we can really establish and make it clear who can do it. Second part, which is also, we are highly regulated financial institution. So for us, regulation is a very, very key part, where zero trust, of course, is also helping us to protect data, to find data and also to make sure we are compliant with regulatory requirements. The third aspect is, of course, our data protection from the risk attack surface, where we can say that the data are much more secure and reliable and where Zscaler, specifically with zero trust architecture is playing for us a key role in the setup. And last but not least, I'm always saying that it's not only about technology. It's also about people. And how do you protect your data together with your people? And I do believe that zero trust concept is a paramount there, where you can also protect your data. You can educate your people. You can explain what does it mean. Yes, that's at least how I've seen it also with our organization and how it is currently moving from legacy to new zero trust world.

That's great, Nataliia. I love the fact that as opposed to just being very specific about a product or a feature, you are taking a very holistic view in terms of how you're approaching zero trust within your -- for your enterprise here. Let's switch gears. Tobias, you talked a little about Volkswagen using SAP. Obviously, have been a long user of Zscaler ZPA. Thank you for that. Obviously, we have this new integrated solution that we are launching, where ZPA now is part of the SAP RISE. Talk to us a little about how this is going to help you and -- at Volkswagen and the business drivers that this will help you unlock.

Yes, that's an interesting point. We, as an industry leader, trust other industry leaders such as SAP for our data and Zscaler for zero trust journey. Therefore, this joint technology solution was a perfect fit for our strategy. The second thing is an easy implementation and management. With the new feature that is natively integrated in SAP RISE, we must only provide from our ZPA tenants the provisioning key to -- from the App Connector group to SAP. The rest is done for us. That is a very easy implementation with only one hand to shake. SAP is supporting us further with the management of the Zscaler App Connectors. This is helpful in daily operations of a global solution. And another thing is the security strategy, simply access and remove the risk by modernize the security stack. Modernizing security should go hand in hand with modernizing SAP and control the least privilege access on the communication stack.

No, that makes a lot of sense and just the idea that SAP now is partnering up with Zscaler to serve customers like you and stand behind this offering and provide the requisite SLAs that are needed for an organization like Volkswagen. Listen, we really do appreciate the partnership as well as you being an early adopter of this going forward. Georgios, maybe I'll come back to you now as it relates to this particular offering that, again, that we are bringing to market. Tell us about -- you've been using SAP. Clearly, you've been using ZPA. But now with this new integration, how is Siemens hoping to take advantage of it?

Well, as I mentioned before, we have too many SAP instances, and we are in the process of migrating them to SAP RISE. So the process, of course, of migrating SAP systems will -- is going to take a while. And the plan up to this point was to do the usual deployment of ZPA App Connectors near the SAP systems, but having such an integration with ZPA available natively in the SAP platform will for sure make it easier for our SAP colleagues to deploy it. Tobias also mentioned before about the integration. It will ensure better integration and performance from the get-go. I touched also before the topic of business partners and access to our SAP systems. It is a very sensitive topic from a security point of view. And by migrating our business partner access solution to ZPA now, we are assuming the best possible security also for our SAP systems. This new offering for SAP RISE on top and the future looks more and more secure, I would say. So I'm very excited.

No, that's great. I can understand this because once you have, as an organization, standardized on it, the fact that there may be different groups or business units inside of a large organization like Siemens that are going through their own migration, presumably, this integration is going to help in that standardization process so that you have a consistent security policy, consistent security posture and then something that is easy to -- easier to manage and deploy down the road. So that makes a lot of sense. Tobias, one question as it relates to Volkswagen that perhaps caught my mind. Such a large organization, so many different types of users, whether you have employees, third parties, contractors, et cetera. Maybe talk a little about how this integration is going to help you secure connectivity across that entire gamut for Volkswagen, be it users, partners, third party, et cetera.

Yes, this is a very important aspect of the solution to look at. When accessing to company application, we have many different groups of users, the internal users and contractors, the third-party vendors and partner requiring SAP access to fulfill different tasks. Remote employees have trouble connection reliable to SAP before the usage of ZPA because we used a BI infrastructure before, which had a bad user experience. And now with the least privilege approach, we can implement a set of communication rules for each user groups. Before we implement ZPA, we had limited visibility into whether the contractor devices were secure or compliant. These present a major risk like unauthorized data access.

Got it. No, that makes a lot of sense. Thank you for that, Tobias. Nataliia, I want to come back to you as we try and wrap this session up, very informative. You gave us a very holistic answer in the way you answered the first question. And so I think you are the most appropriate person in this panel to take this next one. In terms of as you start to look ahead, what role do you see security innovations like zero trust playing in shaping this future of enterprise IT and how this integration can play a role in that?

When we are discussing about future, I always like to say imagine paradise, where we have all seamless integration, easy scalability, all detected threats and attacks, and we have an easy integration with other new technologies. That's -- I mean, but seriously, on speaking from this perspective, I think, first of all, for me, the future, of course, it's easy and seamless integration with applications. So what we've currently been doing, and this is a very good example, was we did integration between SAP via Zscaler, which was, for us, very, very helpful. We did it via M&A process for the new company, so that show us already the future visibility what we can do. So this is part of future for me. The second part is, of course, easy to achieve the compliance level where we want to be and to target. And of course, when the new compliance requirements are coming, we are able not only be reactive but I would say, proactive via zero trust, of course. Then imagine innovations where you need to quickly adjust and to make sure that the new technologies are already in your radar instead of spending 6, 9 months of preparation. So there is already also zero trust. This is the future. And probably, I will repeat again myself another part important for me is the people education. And I do believe that now with zero trust, people culture towards security also changing and also towards different perception, how do we integrate, how do we connect, what time to market means and the most important, how to be safe with that, right, because without security nothing will happen. So for me, this is also a paramount future of zero trust. And yes, those are the parameters. Hopefully, we can achieve it in the future and to have this perfect life.

No, listen, I like the wish list. It gives us a challenge as a security vendor that we need to aspire to, to go fulfill those needs. So thank you. Listen, I really do appreciate all 3 of you taking the time. Nataliia, Tobias, Georgios, thank you for the partnership. Thank you for the trust that you have placed in Zscaler not just now but being long-standing Zscaler customers and now being early adopters of this integration. We look forward to working with each and every one of you closely and through this journey. And again, much appreciate the time. Thank you. Thank you so much in Nataliia, Georgios and Tobias for sharing your experiences and insights. It's always incredibly valuable to hear how organizations like yours are tackling these challenges and driving innovation. We truly appreciate your time and perspective. This is the part that perhaps was most exciting for me to moderate. As you guys know, SAP is one of the more critical applications that are -- that is used by enterprises. Needless to say, it requires a lot of thought and consideration in how it is deployed. It is no surprise that SAP works with some of the largest global system integrators to get this deployment up and running so that enterprises are able to fulfill their business needs. I'm very excited to have esteemed leaders from some of these global system integrators alongside me today. I have Geert from Capgemini. I have Britta from Accenture and Sachin from Deloitte. Thank you all for joining us. I'm going to go with Geert first with a question, and then we'll follow it up with Britta and Sachin. As you guys start to think about customers, your customers that are deploying SAP, clearly, they've been doing this for a few years now, moving -- lifting and shifting from on-prem to the cloud. But SAP RISE, in particular, has its own nuances and challenges. Talk to us a little, if you will, on some of the criteria, some of the considerations that your customers are going through in this journey, in this transformation. So Geert, maybe we start with you?

Thank you for this opportunity. Yes, you're right. The transformation to SAP RISE is not a standard transformation. It's a big impact for our clients. And it's a transformation that in the true nature of a service integrator like Capgemini is because it is actually more of a business transformation than a technical transformation. You could think, yes, it's just another cloud. I move my SAP environment to the cloud, and that's it. But that's not the case. It's a business transformation, where you need to transform your processes, your people, your technology from an on-prem situation to the SAP RISE situation, and you need to do that in a secure way. And then transformation is not just about a secure run. It's also about a secure transformation. What do I leave behind? How do I transform it in a secure way? And how do I operate it in a secure way and have that integrated with all the other technology and other processes in my company? So it's a big exercise and a big transformation from a business point of view.

No, that makes a lot of sense. Clearly, there's a lot of complicated pieces that go into it, that require careful consideration. Britta, from your vantage point, when Accenture gets into an engagement with a large enterprise customer, what are some of the things that come into play that you advise your team about in terms of how best to make that transformation a successful one?

Yes. And so a lot of this is education about security. It's important to understand how the SAP landscape has evolved over the years and moved into this hybrid cloud environment, really. SAP is not the silo anymore that it used to be. It's a highly integrated environment with the rest of the enterprise. And I think this is a very important aspect of migration and transformation. It's not just business and processes and technology. It's, again, the combination of this, the highly integrated component of it and the ability to change. So as a system integrator, we see a lot of these RFPs for SAP programs, and unfortunately, we see very little security requirements defined in them. And that is really the first challenge. So what we do with our education and discussions with client ideally before an SAP program even starts in the discovery process to select SAP as a transformational migration, we force the CISO organization into these discussions. So we have an approach that's called discover and envision for SAP S/4 programs, and that includes security as part of it. So we actually pull the various stakeholders of a CISO organization, the infrastructure team, the data folks, the compliance teams and again, the security office to actually look at the potential target state of an S/4 program and the considerations to be had around this. And that's where SAP RISE comes in with their hyperscaler at a robust infrastructure security model but then also the understanding that there is a shared responsibility model around decisions of security controls and services in that RISE framework, and certainly, also, how is this SAP cloud or hybrid model integrating to the rest of the enterprise and decisions around connection, authentication and again, zero trust principles of this net new landscape that is now being brought in and integrated with the rest of the enterprise. So again, it starts with a lot of education. It starts with bringing in the CISO organization, bringing in the right stakeholders to bring awareness to this topic to help define a approach, a road map for clients to really make these security architecture and design decisions early ideally out of the gate.

Britta, that's very forward thinking of you to get a CISO involved early in the discussion. So that's a very useful nugget. So Sachin, there's a lot of considerations that go into a deployment to SAP RISE. SAP is one of the largest enterprise applications out there and the considerations are quite complex in nature. How does Deloitte start to think about it when you're advising your customers in this journey and driving business transformation?

Yes, absolutely. And thanks, Punit, first of all, for inviting me to join this industry's panel. I'm really excited about this announcement and how it will help our customers meet their zero trust objectives. Now let's talk about Deloitte, our experience with the SAP RISE migrations. If you think about a typical customer who's running ECC right now, they have until 2027 to upgrade to S/4. Now in this time, they have to decide whether they want to do a greenfield, brownfield, bluefield or some other color of a transformation, right? Now there are customers where a pure lift and shift itself will require a multiyear project because of the sheer complexity, volume of data and the regulatory requirements they have to comply with. But a common question that we get is always around security. Now we have to recognize that traditionally, a lot of SAP applications have been sitting on premises protected behind the company firewalls. So this is a new paradigm. A natural question from our clients is around understanding how their data is going to be protected, how the application is going to be secured in the new cloud environment. And then now having this solution like a Zscaler that is supported by SAP to enable secure access to RISE applications will certainly help answer that question. Now organizations no longer have to use legacy VPN-based access that hinders that agility, creates security risk. So transitioning to zero trust access enables more secure, seamless connectivity to SAP applications as well as it's giving you that cloud scalability without the legacy bottlenecks so to speak. Back to you, Punit.

No, indeed, that makes a lot of sense. And I suspect, Sachin, that a lot of the traditional practitioners for SAP, do not want to get into nuts and bolts about secure access and VPNs. They'd much rather operate at the application or the data layer and have the infrastructure and security folks take care of it. And that's where, I think, you guys play a very pivotal role providing that glue, if you will, in bridging that gap and the complexity that comes. So we really, really do appreciate the partnership and the construct that you're providing in terms of that zero trust access and moving away from legacy VPNs. Geert, from your standpoint, obviously, these are some of the more critical enterprise applications. And the user experience matters significantly because, at the end of the day, it's all about making the users productive. Talk to me a little about how Capgemini addresses that and then more specifically, how Zscaler can help in that journey.

Yes, you're absolutely right. The way users experience a service is key. That sets the tone in an organization. It sets the tone on the success of an organization. So user experience is foundational. And that starts by that the experience needs to be consistent everywhere, anywhere, anytime, whether they are working from the office on-prem or remotely or are traveling and needs to be a smooth service. And with Zscaler, you have that uninterrupted digital experience. And as Capgemini is a global company, we deliver our services over the globe. That can be from China to the U.S., from Singapore to Nigeria. And with help of Zscaler, we have that consistent service, and that's why our users are so happy with this service. To add to that, what's also as important is that -- to have this seamlessly smooth service is that there is a proactive issue resolution. So the monitoring that Zscaler is doing, proactively identifying problems where a service can improve helps with this seamlessly service that Zscaler is providing. And that helps with the high user satisfaction that we have in Capgemini and with our clients with Zscaler.

Great. No, I really appreciate that commentary because once you make these users productive, they're just able to see a lot more out of the application and then certainly, make themselves more productive. Britta, from your standpoint, you talked a little earlier about trying to involve the CISO early on in the discussions of the migration. Everyone knows SAP has some of the crown jewels of an enterprise. Talk to the audience, if you will, all about how Accenture is working with Zscaler to make sure that during this migration to SAP RISE, that the data is secured and protected? Give us your views on that if you don't mind.

Having this SAP transformation or migration program is an amazing opportunity for clients to uplift or improve their security approach, their security strategy. Their view from a zero trust standpoint to secure connectivity, secure data and really understanding what is provisioned to what user, right, whether they are on -- in an office behind a computer or out in the field on a mobile device. So restricting or securing data and making sure the right people are accessing and/or changing respective data is, again, it's a multiple layer exercise. And we help our clients go through that exercise to, again, look at what is the data, what is, again, the processes, what technology are we looking at and defining the right design, the right strategy to make sure it's secure. It's either in line with regulatory compliance requirements or in line with a client's maturity goals, right, because they are very different. And Zscaler is absolutely a component there that helps clients really go beyond just regulatory requirements.

No, that makes a lot of sense, Britta. And I can sense the approach, I suspect, all of you guys take is one of being very holistic in the way you -- take this -- take these projects on, not just a security piece, not a particular data silo but taking a full view of the project, if you will, and then guiding these customers through that journey. Listen, as part of the announcement, all 3 of you are going to include Zscaler as part of the reference architecture for SAP RISE, and we truly are thankful for that. You are calling on some of the most complex environment, some of the largest and most demanding customers. And so perhaps for the audience here, share with them what does it mean to be included as part of this reference architecture. I suspect it's all around making it more scalable and replicable, but I would love to hear from all 3 of you. So Britta, maybe we'll have you go first.

It has been an incredible opportunity for our clients to take advantage of automation, right, reduce operational cost. And I think that's, for me, exciting for our clients, exciting to not just do this business transformation or technology transformation but also look at how can we be more efficient in how we're operating as an organization. And so for us, with this new reference model, and as a security person, always very exciting to come out with great tools and great technology that help our clients. And again, looking at that bigger picture of the enterprise and giving our clients this vision and this opportunity to help them not just be secure, right, but also reduce cost from an operational standpoint and improve a user experience to have a seamless connection, have a secure connection. I think that is the exciting part.

It's a good question around the reference architecture. Look, what CXOs are wanting a partner is that they are more than a one-trick show. They want from a service integrator like all the 3 of us are, they want thought leadership. They want an end-to-end view. They want a vision. As I said at the beginning of your interview, a transformation is a business transformation. If you want to make a transformation successful, you need to place that transformation in the context of a reference architect because the reference architecture shows how you connect all those components together and where Zscaler fits perfectly. And what you see is that Zscaler fits in several places in an end-to-end reference architecture for transformation to SAP RISE. And on top of that, what you also see is that your reference architecture is your foundation to make sure that you have a robust, reliable outcome of your transformation. And that means that you need to have reliable partners in your reference architecture, and Zscaler is such a partner. So for Capgemini, having Zscaler as part of the reference architecture of our -- corporate reference architecture is essential for delivering on the expectations and the thought leadership that our clients are expecting from us.

A few years back at Deloitte, what we did was we revised our SAP security framework. To help our clients think more holistically about securing SAP systems. So traditionally, if you think -- go back few years, the focus on SAP systems has been fine-grain authorization, segregation of duty type of controls, right? But with technology evolution, increasing attack surface, we were also forced to change our methodology, which means when we start a project, we discuss all aspects of cybersecurity controls with our clients. And one of the most important discussions in this area is securing access to applications and data. So we utilize our reference architectures and the cybersecurity framework during these early discussions with our clients to make sure they understand what are these different controls available, what is the broader ecosystem partner solutions to be able to achieve broader cybersecurity controls. So now having Zscaler integration with SAP RISE kind of makes it easy for us to have that discussion, the zero trust discussion with our clients early on to enable a more secure digital transformation aligned with these modern zero trust principles. So if you're a client that is already using ZIA, you are already seeing the benefits of this technology. So the discussion is going to be how do you expand now to your SAP -- critical SAP applications. But if you're a company who's thinking about it, then what better way to start your journey with a more critical application like SAP using a product that is supported by SAP. I would say it's a win-win for our customers.

Absolutely. Well, I couldn't have said that any better, Sachin. Thank you for that. Listen, what I've gleaned off this very rich discussion is you guys consummate partners, each of you helping customers engage early, think holistically, start thinking about security early on, all the implications, not just access but the actual data itself, keeping user productivity in mind and the user experience, monitoring that usage if you will. There's a lot of complexity that goes into it, and it requires a very knowledgeable systems integrator partner like yourselves to help customers through this journey. So we are delighted that we are partnering with each of you, and I really want to thank all of you for the time, and we look forward to working closely with each one of you as we help our customers through this journey. Thank you again. Wow, thanks so much for sharing your insights today, Geert, Sachin and Britta. It's been fantastic hearing all the different perspectives of how ZPA and zero trust are transforming the way businesses approach SAP RISE and multi-cloud environments. Clearly, SAP migration is going to be a focus for any SAP customer and removing the access and security concerns that come with it is important. We are happy to partner with each and every one of you to help customers with their migration journey. Before we wrap, I just want to say that these kinds of discussions really highlight the value of collaboration and our partnerships, whether it's with our strategic business transformation partner, SAP, our valued GSIs who enable transformation and most importantly, our joint customers who find the transformation valuable to them. Let's keep these conversations going as we navigate this exciting space with zero trust and business transformation together. It can't get better than this. Thanks again, everyone, for your time and thoughtful inputs.