Advancing the Zoho Enterprise Security Stack

Advancing the Zoho Enterprise Security Stack

The News: Zoho introduces a number of capabilities to simplify and strengthen security for its enterprise customers. Additional detail is available in Zoho’s press release.

Advancing the Zoho Enterprise Security Stack

Analyst Take: Today, a hybrid mishmash of working from home and other remote locations as well as more traditional office settings has become the norm for most businesses. This greatly expands the traditional attack surface, as traditional office security measures may not extend to employees’ personal devices or unsecured home networks, creating potential entry points for hackers. Additionally, managing access controls becomes more complex as employees shift locations, potentially increasing the risk of unauthorized access to sensitive data. At the same time, cybersecurity has become a board-level priority. The Futurum Group’s Cybersecurity Decision Maker IQ data indicates that more than half of organizations consider the CIO to be the most influential purchase decision-maker in their organization for cybersecurity technology, and well over one-third considers the CISO.

Against this backdrop, the challenge for organizations becomes facilitating this user productivity, while also optimizing security measures to protect against the modern threat landscape. For its part, Zoho has been investing for years in the development of the Zoho Enterprise Security Stack, to optimize the security of its cloud-hosted enterprise apps, which include CRM, accounting, human resources management, project management, inventory management, and email and communication.

The company’s objective is to simplify enterprise security by offering a platform that is inter-connected – that is, the Zoho apps themselves are integrated, and customers can connect with other tools such as Microsoft Active Directory or SIEM platforms that are used for important functions such as controlling user access to data and network resources, threat detection, and incident response. Specifically, the core components of the Zoho Enterprise Security Stack are:

  • Zoho Vault for password management
  • Zoho OneAuth for multi-factor authentication (MFA)
  • Zoho Directory for workforce identity and access management (IAM)
  • Zoho Ulaa, a secure browser.

Zoho is announcing a number of additions and enhancements to its security stack that are geared primarily toward protecting user identities, preventing phishing and other social engineering attacks and improving the ability to detect attacks. Specifically, it has announced:

The ability to have one centralized credential for access to all Zoho applications, with conditional access for adaptive protection as users’ requirements and the threat landscape evolves. For example, a user can be automatically locked out based on failed login attempts. A key differentiator is that Zoho supports both device- and network-based authentication, for a comprehensive approach.
The ability to use a passkey to autofill passwords and MFA credentials that are stored in Zoho Vault, as a result supporting users’ productivity.
AI-supported behavioral threat analytics, which can support phishing prevention and crypto mining protection. It is material to note that Zoho’s AI capabilities are home-grown; they are not based on an open-source model such as Google Gemini or OpenAI.

The Futurum Group views the announcement as another example of Zoho’s now long-standing focus on investing R&D in security capabilities that are into its products, as well as those that are used from a customer perspective – as opposed to bolt-on, acquired technologies that may have trouble integrating. What’s more, these capabilities are addressing the fact that attackers are increasingly targeting user identities and credentials – that is, logging in versus hacking in – which is a particular threat as users work across a variety of applications, devices, and even networks.

Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.

Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.

Other Insights from The Futurum Group:

Zoho CEO Sridhar Vembu on the Long Game, Transnational Localism, and the Future of AI

Zoho Strategy Melds Social Responsibility, Value, and Functionality

Embracing the Long Game: Zoho’s Vision for Sustainable IT Innovation

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately a decade of experience providing research and advisory services and creating thought leadership content, with a focus on IT infrastructure and data management and protection. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data center practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

Krista holds a Bachelor of Arts in English Journalism with a minor in Business Administration from the University of New Hampshire.


Latest Insights:

The Six Five team discusses Sequoia/A16Z/Goldman rain on the AI parade.
The Six Five team discusses Oracle & Palantir Foundry & AI Platform.
The Six Five team discusses AWS Summit New York 2024.