Zscaler Review
Zscaler Review: Complete Analysis of the Cloud-Native Security Platform for 2025
Zscaler stands as one of the leading cloud-native security platforms in today’s cybersecurity landscape. The company has revolutionized how organizations approach network security by moving away from traditional perimeter-based models. Zero Trust Network Access (ZTNA) forms the foundation of Zscaler’s architecture, providing secure connections without placing users on the network.
Organizations worldwide are adopting Zscaler’s solutions to enable secure digital transformation. The platform offers comprehensive protection for remote workforces, distributed networks, and cloud-first enterprises. This review examines Zscaler’s core products, features, pricing, and performance to help businesses make informed decisions.
We’ll analyze Zscaler Internet Access (ZIA) and Zscaler Private Access (ZPA) in detail. Both solutions deliver cloud-native security that scales with organizational needs. Understanding these platforms becomes crucial as companies transition from legacy VPN solutions to modern zero-trust architectures.
Overview of Zscaler’s Cloud Security Platform
Zscaler operates as a Security Service Edge (SSE) provider, delivering comprehensive cloud-native security services. The platform eliminates the need for traditional network security appliances by routing traffic through Zscaler’s global cloud infrastructure. This approach provides consistent security policies regardless of user location or device type.
The company’s architecture centers on moving security closer to users and applications. Network perimeter security becomes obsolete when organizations embrace Zscaler’s cloud-first approach. Users connect directly to authorized applications through secure tunnels, bypassing traditional network access entirely.
Zscaler’s global cloud infrastructure spans over 150 data centers worldwide. This extensive network ensures low latency and high performance for users accessing applications and internet resources. The platform processes billions of transactions daily, demonstrating its scalability and reliability.
Key benefits include:
- Elimination of VPN complexity and management overhead
- Consistent security policies across all locations
- Reduced attack surface through zero-trust principles
- Simplified network architecture and reduced infrastructure costs
- Enhanced user experience with direct-to-cloud connectivity
Core Security Philosophy
Zscaler’s security philosophy revolves around the principle of “never trust, always verify.” Traditional security models assumed internal network traffic was trustworthy. Zscaler challenges this assumption by treating all connections as potentially hostile.
Identity verification happens at multiple checkpoints throughout the user session. Location, device posture, and behavioral patterns influence access decisions dynamically. This continuous verification process adapts to changing risk conditions in real-time.
Application access follows the principle of least privilege. Users receive access only to specific applications they need for their roles. Lateral movement within the network becomes impossible since users never gain network access.
Zscaler Internet Access (ZIA) – Comprehensive Evaluation
Zscaler Internet Access functions as a cloud-native Secure Web Gateway (SWG) that protects users accessing internet resources and SaaS applications. ZIA intercepts and inspects all web traffic before allowing access to requested resources. This inspection happens transparently without impacting user experience.
Advanced threat protection capabilities include malware detection, data loss prevention, and cloud application security. The platform analyzes traffic patterns and content to identify potential security risks. Machine learning algorithms continuously improve threat detection accuracy over time.
SSL/TLS inspection provides visibility into encrypted traffic without compromising security. Organizations gain insight into application usage, data transfers, and potential policy violations. This visibility enables informed decision-making about internet access policies and risk management.
Core ZIA Features and Capabilities
| Feature Category | Capabilities | Business Impact |
|---|---|---|
| Web Security | URL filtering, DNS security, advanced threat protection | Blocks malicious websites and prevents malware infections |
| Data Protection | DLP, cloud app security, file type controls | Prevents sensitive data exfiltration and ensures compliance |
| Traffic Control | Bandwidth management, application control, user policies | Optimizes network performance and enforces usage policies |
| Visibility | Detailed logging, analytics, reporting dashboards | Provides insights for security and operational decisions |
SSL Inspection and Content Analysis
ZIA’s SSL inspection capabilities provide unprecedented visibility into encrypted web traffic. The platform decrypts, inspects, and re-encrypts traffic seamlessly. Users experience no performance degradation during this process.
Content analysis extends beyond basic URL filtering to examine file contents and data patterns. Advanced algorithms detect sophisticated threats that might bypass traditional security controls. This deep inspection capability proves essential for organizations handling sensitive data.
Policy enforcement happens at the content level rather than just the connection level. Administrators can create granular rules based on file types, data patterns, or application behaviors. These policies adapt dynamically based on user context and risk assessments.
Zscaler Private Access (ZPA) – In-Depth Analysis
Zscaler Private Access revolutionizes how organizations provide secure access to internal applications. ZPA eliminates the need for traditional VPN solutions by creating direct, encrypted connections between users and specific applications. This approach significantly reduces the attack surface compared to network-based access methods.
The platform operates on a “connect-to-application” model rather than “connect-to-network.” Users authenticate once and receive access only to authorized applications based on their identity and context. Lateral movement within the network becomes impossible since users never gain network-level access.
ZPA particularly benefits organizations with distributed workforces, remote employees, and third-party contractors. The solution works seamlessly with managed and unmanaged devices, providing flexibility for diverse organizational needs.
ZPA Architecture and Implementation
ZPA’s architecture consists of three main components: the ZPA Public Service Edge, ZPA Private Service Edge, and the Zscaler Client Connector. These components work together to create secure, direct connections between users and applications.
The Public Service Edge resides in Zscaler’s global cloud infrastructure. This component handles user authentication and authorization decisions. It also manages policy enforcement and session monitoring throughout the connection lifecycle.
Private Service Edge connectors deploy within the organization’s data centers or cloud environments. These lightweight connectors establish outbound-only connections to the Zscaler cloud. No inbound firewall rules are required, simplifying deployment and reducing security risks.
- Deployment Options:
- Physical appliances for data centers
- Virtual machines for cloud environments
- Container-based deployments for modern architectures
- Hybrid configurations for complex environments
Zero Trust Implementation with ZPA
ZPA implements zero trust principles through continuous identity verification and context-aware access controls. Every access request undergoes evaluation against multiple factors including user identity, device posture, location, and time of access.
Microsegmentation capabilities ensure users access only specific applications they need. Application-level policies prevent unauthorized lateral movement and reduce the impact of potential security breaches. This granular control surpasses traditional network-based security models.
Policy engines evaluate risk continuously throughout user sessions. Suspicious activities trigger immediate response actions such as step-up authentication or session termination. This dynamic approach adapts to changing threat conditions in real-time.
Security Features and Threat Protection Assessment
Zscaler’s security features encompass multiple layers of protection designed to address modern cyber threats. The platform combines signature-based detection with behavioral analysis and machine learning algorithms. This multi-layered approach provides comprehensive protection against known and unknown threats.
Cloud sandboxing capabilities analyze suspicious files and URLs in isolated environments. This analysis happens without impacting user productivity or network performance. Threat intelligence feeds continuously update detection capabilities with the latest threat indicators.
Advanced persistent threat (APT) detection leverages behavioral analysis to identify sophisticated attack patterns. The platform correlates events across multiple users and timeframes to detect coordinated attacks. This capability proves crucial for organizations facing targeted threats.
Threat Intelligence and Detection Capabilities
Zscaler’s threat intelligence platform processes data from billions of daily transactions across its global network. This massive dataset enables the identification of emerging threats and attack patterns. Real-time threat feeds update all connected organizations simultaneously.
Machine learning models analyze traffic patterns, user behaviors, and content characteristics to identify anomalies. These models continuously learn and adapt to new attack techniques. False positive rates decrease over time as the algorithms become more sophisticated.
Integration with external threat intelligence sources enhances detection capabilities. The platform correlates internal observations with industry-wide threat data. This comprehensive approach ensures organizations benefit from collective security intelligence.
| Threat Type | Detection Method | Response Actions |
|---|---|---|
| Malware | Signature matching, behavioral analysis, sandboxing | Block download, quarantine file, alert administrators |
| Phishing | URL reputation, content analysis, domain intelligence | Block access, warn user, log incident |
| Data Exfiltration | DLP patterns, traffic analysis, policy violations | Block transfer, encrypt data, audit trail |
| Insider Threats | Behavioral analytics, privilege monitoring, access patterns | Flag unusual activity, require authentication, restrict access |
Data Loss Prevention and Compliance
Zscaler’s data loss prevention capabilities protect sensitive information across all communication channels. The platform identifies and classifies data based on content patterns, file types, and contextual information. Automated policy enforcement prevents unauthorized data transfers.
Compliance reporting features help organizations meet regulatory requirements such as GDPR, HIPAA, and SOX. Detailed audit trails track all data access and transfer activities. These reports provide evidence of compliance efforts during regulatory audits.
Integration with cloud applications extends DLP protection to SaaS environments. The platform monitors file uploads, email attachments, and messaging applications. This comprehensive coverage ensures consistent data protection across all business applications.
Performance and Scalability Examination
Zscaler’s global infrastructure delivers consistent performance regardless of user location or traffic volume. The platform’s distributed architecture ensures users connect to the nearest point of presence for optimal latency. Traffic routing algorithms continuously optimize paths based on network conditions and server availability.
Automatic scaling capabilities handle traffic spikes without manual intervention. The cloud-native architecture adds capacity dynamically based on demand. Organizations never need to worry about hardware limitations or capacity planning.
Performance monitoring tools provide real-time visibility into network conditions and user experience metrics. Administrators can identify bottlenecks and optimize configurations based on actual usage patterns. This data-driven approach ensures optimal performance for all users.
Global Infrastructure and Network Performance
Zscaler operates one of the largest security clouds globally, with data centers strategically located across six continents. This extensive infrastructure ensures users always connect to nearby servers for minimal latency. Anycast routing directs traffic to the optimal data center automatically.
Network peering agreements with major internet service providers enhance connectivity and reduce latency. Direct connections to cloud providers ensure optimal performance when accessing popular SaaS applications. These optimizations benefit organizations with globally distributed workforces.
Bandwidth optimization features include caching, compression, and traffic shaping. These capabilities reduce bandwidth consumption while maintaining application performance. Organizations can prioritize critical applications during peak usage periods.
Scalability for Enterprise Organizations
Enterprise organizations require security solutions that scale with their growth and changing needs. Zscaler’s cloud architecture scales automatically without requiring hardware upgrades or capacity planning. The platform handles millions of concurrent users across thousands of organizations simultaneously.
Multi-tenant architecture ensures resource isolation while maximizing efficiency. Each organization’s traffic and policies remain completely separate from others. This approach provides enterprise-grade security with cloud-scale economics.
API-driven management enables automation and integration with existing IT systems. Organizations can programmatically manage policies, users, and configurations. This automation capability becomes crucial for large-scale deployments and ongoing operations.
User Experience and Interface Evaluation
Zscaler prioritizes user experience design to ensure security doesn’t impede productivity. The platform operates transparently for end users, providing protection without requiring constant interaction. Single sign-on integration eliminates multiple authentication prompts throughout the day.
Administrative interfaces provide intuitive management capabilities for IT teams. Policy creation and management follow logical workflows that reduce complexity. Role-based access controls ensure administrators see only relevant features for their responsibilities.
Mobile applications extend Zscaler’s protection to smartphones and tablets seamlessly. Users experience consistent security policies regardless of device type or operating system. This consistency simplifies training and reduces support requirements.
Administrative Dashboard and Management
The Zscaler administrative console provides comprehensive visibility and control over all security policies and user activities. Dashboards display key metrics, security events, and performance indicators in real-time. Customizable views allow administrators to focus on relevant information for their roles.
Policy management tools simplify the creation and maintenance of security rules. Template-based configurations accelerate deployment for common use cases. Bulk operations enable efficient management of large user populations and application sets.
Reporting capabilities generate detailed analyses of security events, user activities, and policy effectiveness. Scheduled reports ensure stakeholders receive regular updates on security posture. Export functions enable integration with external analysis tools and compliance systems.
End-User Experience and Adoption
End-user adoption plays a critical role in security solution success. Zscaler’s transparent operation minimizes user friction while providing robust protection. Users typically don’t notice the security platform during normal operations.
Client connector software provides seamless integration with various operating systems. Installation and configuration happen automatically through enterprise deployment tools. Users receive protection immediately without requiring technical knowledge or configuration.
Offline capabilities ensure security policies remain active even when users disconnect from the corporate network. Local policy enforcement continues until connectivity resumes. This capability proves essential for mobile workers and remote employees.
Pricing Structure and Value Analysis
Zscaler’s pricing model follows a subscription-based approach that scales with organizational needs and user count. The company offers different service tiers to accommodate various security requirements and budget constraints. Pricing transparency helps organizations plan and budget for security investments effectively.
Cost calculations include per-user licensing fees and optional add-on services. Organizations pay only for active users, making the solution cost-effective for seasonal businesses or fluctuating workforces. Volume discounts apply for larger deployments.
Total cost of ownership comparisons often favor Zscaler over traditional security appliances. Organizations eliminate hardware procurement, maintenance, and upgrade costs. Operational savings include reduced IT staff time for security management and troubleshooting.
Service Tiers and Feature Comparison
| Service Tier | Core Features | Target Organizations |
|---|---|---|
| Business | Web security, SSL inspection, basic reporting | Small to medium businesses with basic security needs |
| Enterprise | Advanced threat protection, DLP, cloud app security | Large organizations with comprehensive security requirements |
| Transformation | Full zero trust platform, advanced analytics, integration APIs | Organizations undergoing digital transformation initiatives |
Return on Investment Considerations
Organizations typically see positive ROI from Zscaler implementations within the first year. Cost savings come from multiple sources including reduced hardware costs, simplified management, and improved operational efficiency. Quantifiable benefits include decreased security incident response time and reduced compliance audit costs.
Productivity improvements result from faster application access and reduced downtime. Users spend less time dealing with security-related issues or connection problems. These productivity gains often exceed the platform’s subscription costs.
Risk reduction benefits provide additional value that’s harder to quantify directly. Prevented security breaches, avoided compliance violations, and reduced business disruption contribute to overall value. Organizations should consider these factors when evaluating total value received.
Integration Capabilities and Ecosystem Compatibility
Zscaler’s integration capabilities enable seamless connectivity with existing enterprise systems and security tools. The platform supports standard protocols and APIs that facilitate integration with identity providers, SIEM systems, and IT service management platforms. Open architecture principles ensure compatibility with diverse technology environments.
Identity provider integration supports major solutions including Active Directory, Okta, Ping Identity, and Azure AD. Single sign-on capabilities reduce user authentication friction while maintaining security. Multi-factor authentication integration adds additional security layers without complexity.
SIEM integration enables security teams to correlate Zscaler events with other security data sources. Real-time log streaming and API access provide flexibility for custom integrations. This comprehensive visibility enhances overall security operations center effectiveness.
Third-Party Security Tool Integration
Zscaler integrates with endpoint detection and response (EDR) solutions to provide comprehensive threat visibility. Combined telemetry from network and endpoint sources enables more accurate threat detection and response. This integration creates a unified security ecosystem.
Vulnerability management tool integration helps organizations prioritize remediation efforts based on actual risk exposure. Contextual information from Zscaler enhances vulnerability assessments with real-world usage data. This combination improves security team efficiency and effectiveness.
Cloud security posture management (CSPM) integration extends Zscaler’s visibility into cloud infrastructure configurations. Organizations gain comprehensive visibility across network, endpoint, and cloud environments. This holistic approach addresses modern enterprise security requirements.
API Capabilities and Automation
Comprehensive APIs enable organizations to automate Zscaler management tasks and integrate with existing workflows. RESTful APIs provide programmatic access to all platform features and configurations. This automation capability scales management operations for large deployments.
Webhook support enables real-time integration with external systems for immediate response to security events. Custom applications can leverage Zscaler APIs to create specialized management interfaces or reporting tools. This flexibility accommodates unique organizational requirements.
Infrastructure as Code (IaC) support enables version-controlled security policy management. Organizations can treat security configurations like application code with proper change management processes. This approach improves consistency and reduces configuration errors.
Support Services and Customer Success Programs
Zscaler provides comprehensive support services designed to ensure customer success throughout the entire platform lifecycle. Support offerings include technical assistance, implementation guidance, and ongoing optimization recommendations. Customer success managers provide strategic guidance for maximizing platform value.
Technical support operates 24/7/365 with multiple contact channels including phone, email, and web portals. Support engineers receive extensive platform training to provide expert assistance. Escalation procedures ensure complex issues receive appropriate attention from specialized teams.
Professional services assist with implementation planning, migration strategies, and custom integrations. Experienced consultants help organizations design optimal configurations for their specific requirements. These services accelerate deployment timelines and reduce implementation risks.
Training and Certification Programs
Zscaler University provides comprehensive training programs for administrators, security professionals, and end users. Online courses cover platform features, best practices, and advanced configuration topics. Hands-on laboratories enable practical experience with platform capabilities.
Certification programs validate technical expertise and provide professional development opportunities. Multiple certification tracks address different roles and skill levels within organizations. Certified professionals receive ongoing education to maintain their credentials.
Partner training programs extend education to channel partners and system integrators. These programs ensure partners can effectively support customer implementations and ongoing operations. Regular updates keep partners informed about new features and capabilities.
Community Resources and Documentation
Zscaler maintains extensive online documentation covering all platform features and common use cases. Step-by-step guides help administrators implement specific configurations or troubleshoot issues. Regular updates ensure documentation remains current with platform releases.
Community forums enable customers to share experiences, ask questions, and collaborate on solutions. Zscaler experts participate in forums to provide authoritative answers and guidance. This community approach accelerates problem resolution and knowledge sharing.
Webinar series provide ongoing education about new features, industry trends, and best practices. Live sessions include Q&A opportunities with Zscaler experts. Recorded sessions provide on-demand access to training content.
Compliance and Regulatory Considerations
Zscaler addresses complex compliance requirements that modern organizations face across multiple industries and jurisdictions. The platform maintains certifications for major compliance frameworks including SOC 2, ISO 27001, and FedRAMP. Compliance automation features help organizations meet regulatory requirements with minimal manual effort.
Data residency controls ensure sensitive information remains within specified geographic boundaries. Organizations can configure policies to prevent data from crossing jurisdictional borders. These capabilities address requirements from regulations like GDPR and data sovereignty laws.
Audit trail capabilities provide comprehensive logging of all user activities and policy decisions. Immutable logs ensure audit evidence maintains integrity over time. Automated reporting generates compliance documentation for regulatory reviews and audits.
Industry-Specific Compliance Features
Healthcare organizations benefit from HIPAA-compliant configurations that protect patient health information. Automated data classification identifies and protects PHI across all communication channels. Access controls ensure only authorized personnel can access sensitive medical data.
Financial services organizations receive support for regulations like SOX, PCI DSS, and regional banking requirements. Transaction monitoring capabilities detect suspicious activities that might indicate fraud or compliance violations. Real-time alerting enables rapid response to potential issues.
Government agencies leverage FedRAMP authorization for cloud security compliance. Zscaler’s government cloud provides additional security controls and monitoring capabilities. These features address unique requirements for public sector organizations.
Data Privacy and Protection Measures
Zscaler implements comprehensive data privacy measures that exceed regulatory requirements. Privacy by design principles ensure data protection considerations integrate into all platform features. Users maintain control over their personal information and privacy settings.
Data encryption protects information in transit and at rest using industry-standard algorithms. Key management systems ensure encryption keys remain secure and properly rotated. These measures provide defense against data breaches and unauthorized access.
Data retention policies automatically remove personal information after specified periods. Organizations can configure retention periods based on business needs and regulatory requirements. Automated deletion ensures compliance with privacy regulations like GDPR’s right to be forgotten.
Competitive Analysis and Market Position
Zscaler competes in the rapidly evolving cloud security market against both established vendors and emerging startups. The company’s early focus on cloud-native architecture provides competitive advantages over vendors adapting legacy solutions for cloud deployment. Market leadership in the Secure Access Service Edge (SASE) category reflects this strategic positioning.
Competitive differentiation comes from Zscaler’s global infrastructure scale, zero-trust architecture, and comprehensive feature set. Many competitors offer partial solutions that require integration with multiple vendors. Zscaler’s unified platform reduces complexity and vendor management overhead.
Industry analyst recognition from firms like Gartner and Forrester validates Zscaler’s technology leadership and market position. Consistent placement in leadership quadrants reflects strong customer satisfaction and platform capabilities. These endorsements influence enterprise purchasing decisions significantly.
Comparison with Traditional Security Vendors
Traditional security vendors often struggle to match Zscaler’s cloud-native performance and scalability. Legacy appliance-based solutions require significant infrastructure investments and ongoing maintenance. Cloud economics favor Zscaler’s subscription model over capital-intensive hardware deployments.
Feature development cycles favor cloud-native vendors like Zscaler over traditional appliance vendors. New capabilities deploy automatically to all customers without hardware upgrades or complex migration projects. This agility enables faster response to emerging threats and customer requirements.
Global scalability differentiates Zscaler from regional or appliance-based competitors. Organizations with international operations benefit from consistent policies and performance worldwide. Traditional vendors often require complex multi-vendor deployments for global coverage.
Emerging Competitor Analysis
Emerging competitors focus on specific market segments or technical approaches that challenge Zscaler’s comprehensive platform strategy. Some vendors emphasize integration simplicity while others focus on specialized features for particular industries. Zscaler responds with continuous innovation and strategic acquisitions.
Price competition from newer vendors attempts to undercut Zscaler’s market position. However, total cost of ownership comparisons often favor Zscaler due to operational efficiency and reduced complexity. Organizations consider long-term value rather than just initial pricing.
Technology innovation from startups pushes the entire market forward and benefits customers. Zscaler incorporates successful innovations through development partnerships or acquisitions. This approach maintains technology leadership while providing customer stability.
Learn more about cloud security best practices and SASE implementations at Zscaler’s official website for the latest platform updates and resources.
Conclusion
Zscaler represents a mature, comprehensive cloud security platform that effectively addresses modern enterprise requirements. The combination of ZIA and ZPA provides complete coverage for internet and application access security. Organizations benefit from simplified architecture, improved security posture, and enhanced user experience.
The platform’s zero-trust approach aligns with current security best practices and regulatory guidance. Global infrastructure ensures consistent performance for distributed organizations. Strong integration capabilities and extensive support services facilitate successful implementations across diverse environments.
Frequently Asked Questions About Zscaler Platform
Common Questions and Answers for Zscaler Review
- Who should consider implementing Zscaler’s security platform?
Organizations with remote workforces, cloud-first strategies, or complex network security requirements benefit most from Zscaler. Companies seeking to replace legacy VPNs or modernize their security architecture find significant value in the platform. - What makes Zscaler different from traditional firewall solutions?
Zscaler operates as a cloud-native platform that eliminates network perimeter security models. Users connect directly to applications without network access, reducing attack surfaces and improving security posture significantly. - How does Zscaler pricing compare to traditional security infrastructure costs?
Zscaler’s subscription model typically costs less than traditional security appliances when considering total cost of ownership. Organizations save on hardware, maintenance, and operational expenses while gaining superior scalability and performance. - Can Zscaler integrate with existing identity and security management systems?
Yes, Zscaler supports integration with major identity providers, SIEM systems, and security tools through standard APIs and protocols. These integrations enable seamless incorporation into existing IT environments. - What level of technical expertise is required to manage Zscaler platforms?
Zscaler’s intuitive management interfaces reduce complexity compared to traditional security appliances. However, organizations benefit from security expertise for policy design and incident response. Training programs help teams develop necessary skills. - How does Zscaler ensure compliance with industry regulations and standards?
Zscaler maintains certifications for major compliance frameworks including SOC 2, ISO 27001, and FedRAMP. Automated compliance features and comprehensive audit trails help organizations meet regulatory requirements efficiently. - What happens to security protection when users work offline or have limited connectivity?
Zscaler client software continues enforcing local policies when connectivity is limited. Critical security controls remain active until connectivity resumes and policies sync with the cloud platform. - How quickly can organizations deploy Zscaler solutions across their entire workforce?
Deployment timelines vary based on organizational complexity but typically range from weeks to months. Cloud-native architecture eliminates hardware procurement delays, and professional services can accelerate implementation timelines.
Stack Insight is intended to support informed decision-making by providing independent information about business software and services. Some product details, including pricing, features, and promotional offers, may be supplied by vendors or partners and can change without notice.
I’ve been using Zscaler for about six months, and it has significantly streamlined our security setup. The transition from our traditional VPN to Zscaler’s Zero Trust Network Access was surprisingly smooth, and I appreciate how it has improved our overall compliance posture. The low latency is a game-changer as our remote teams can access applications faster without compromising security. However, I did notice some initial learning curve for our IT team in managing configurations, but they’ve adapted well over time.
Having implemented Zscaler’s Zero Trust Network Access (ZTNA) in our organization, I can confidently say it has transformed our approach to security. The ease of managing user access without needing to place them directly onto the network has streamlined our operations significantly. Additionally, the global scale low latency feature ensures that our employees working remotely experience minimal disruption, which is crucial for maintaining productivity. Overall, I’m impressed with the strong compliance certifications that give us peace of mind in terms of regulatory adherence.