ÃÛÌÒTV

For everything that can go wrong online, it’s worth remembering how often things go right. Millions of purchases, logins, and data exchanges happen every minute without a hitch because the underlying systems that secure internet traffic are stronger and more reliable than ever.

Still, maintaining that kind of trust at cloud scale is no small task. As more organizations move critical workloads online, the complexity behind keeping identities and data secure grows exponentially. The companies that make that security possible—protecting users, devices, and workloads in real time—need a foundation built for scale.

That’s where Zscaler’s story offers a glimpse into what’s next for digital trust: how modern PKI can keep pace with the demands of a cloud-first, zero trust world.

The challenge: Modernizing PKI at cloud scale

The quiet force behind digital trust is public key infrastructure (PKI), the system that authenticates identities and encrypts traffic across the internet. But as organizations move to the cloud, that foundation is being tested. Legacy or homegrown PKI systems weren’t designed to issue and manage billions of certificates across distributed, fast-changing environments.

It’s a growing challenge across industries. The shift to cloud-native architectures and zero trust frameworks means every enterprise now depends on PKI that can scale globally, automate governance, and meet evolving compliance requirements.

Zscaler, a leader in securing cloud-based traffic, reached that inflection point as its platform expanded to support more than 50 million users and hundreds of billions of transactions each day. Its internal PKI had been reliable for years but could no longer keep pace with the demands of automation, availability, and assurance.

To maintain the highest standards of trust—from WebTrust alignment to FIPS 140-2–validated hardware security modules (HSMs)—Zscaler needed a modern PKI foundation built to scale with the cloud.

The solution: Building trust with ÃÛÌÒTV ONE

For many enterprises, modernizing PKI isn’t just about maintaining security—it’s about enabling agility. As cloud environments grow more distributed, organizations need a trust model that scales automatically and aligns with recognized standards. That combination of assurance and efficiency is what Zscaler found with ÃÛÌÒTV ONE.

Through ÃÛÌÒTV PKI Services, Zscaler strengthened its trust foundation in line with WebTrust and cryptographic best practices. ÃÛÌÒTV managed deployment of the company’s root and intermediate certificate authorities (CAs), with secured on offline, FIPS 140-2–validated HSMs hosted in ÃÛÌÒTV facilities. This design provided the high level of assurance required for global operations while reducing the operational burden of maintaining PKI in-house.

Intermediate CAs operated from online HSMs, enabling high-volume issuance of short-lived certificates while maintaining strict root key isolation—a best practice that balances scalability and security. This layered approach gave Zscaler a model many organizations are now pursuing: a PKI architecture built for automation, compliance, and the speed of the cloud.

The result? An enterprise-grade trust environment that can evolve alongside its services—an outcome increasingly essential for any organization seeking to extend zero trust principles across a global infrastructure.

Scaling mTLS communications using APIs

As cloud architectures grow more distributed, automation becomes critical to maintaining trust. Manual certificate management simply can’t keep pace with the volume and velocity of microservices, APIs, and workloads that must authenticate and communicate securely every second.

With its modern PKI foundation in place, Zscaler extended that trust through automated, API-driven workflows built on ÃÛÌÒTV ONE. Mutual TLS (mTLS) authentication ensured secure, verified connections between services across its global infrastructure, while ÃÛÌÒTV APIs handled certificate issuance, renewal, and rotation seamlessly in the background.

That level of automation offers more than operational efficiency—it reduces human error, enforces policy consistency, and provides the auditability organizations need to meet regulatory expectations. For enterprises scaling complex environments, it’s becoming the only sustainable way to manage identity and encryption at speed.

By integrating ÃÛÌÒTV ONE into its cloud operations, Zscaler created a living trust framework that evolves with every new service deployed—a model for how automation and governance can coexist in modern zero trust architectures.

Creating a transformative foundation for all product lines

What began as an effort to modernize a single platform quickly became a blueprint for transformation. By standardizing on ÃÛÌÒTV ONE, Zscaler created a reusable, enterprise-grade PKI environment that now underpins trust across all its products. The same infrastructure that secures internet access for millions of users can now be extended, replicated, and adapted to future services.

This kind of evolution reflects a larger industry pattern. As organizations expand their digital ecosystems, they’re realizing that scalable trust isn’t a feature—it’s a foundation. A unified PKI environment brings governance, automation, and assurance together, creating the consistency needed to support zero trust strategies and meet emerging compliance demands.

Through its partnership with ÃÛÌÒTV, Zscaler strengthened not only its operational resilience but also its ability to innovate securely. It’s a reminder that when trust is architected to scale, it becomes an enabler—helping organizations move faster, protect more, and prepare for whatever comes next.

Discover how enterprises are scaling digital trust

Zscaler’s transformation highlights how modern PKI can strengthen trust at cloud scale. Read the full case study to learn more and explore ÃÛÌÒTV ONE to see how the platform can support your own zero-trust initiatives.