HCA has proven that Zscaler ZIA works for ~150k users. The question is whether to keep building on that architecture — adding more Zscaler products, more configurations, more day-to-day noise — or introduce an alternative before it becomes permanently embedded.
The case for Cloudflare is simple: it creates operational quiet, makes the experience faster by design, and gives HCA a platform that goes well beyond just Zero Trust.
Zscaler built a cloud security exchange that HCA’s traffic must be steered to so it can be inspected. Cloudflare built a global network that internet traffic already flows through, so inspection and protection happen along the direct route instead of at a separate destination. For a CIO, that means fewer detours, fewer things to manage, and a faster, more predictable experience everywhere HCA operates.
Operational quiet means fewer alerts, fewer vendors, and fewer moving parts — not hiring more people to manage more tools. It comes from reducing the number of systems, configurations, and dependencies required to deliver secure services.
HCA runs ZIA for a portion of its user population today. Expanding to its full suite of Zero Trust products means adding ZPA, ZDX, ZIdentity, and SPLX — each with its own policies, logs, and moving parts. The platform is built as an inspection point, so traffic must be steered to it. Private application access depends on connector software inside data centers and on routing paths that vary by location, which all require ongoing care and feeding. Every additional product adds another place to configure, troubleshoot, and explain when something breaks.
Cloudflare delivers the full Zero Trust portfolio as one cloud service, deployed once. Policy is written once and applies to users, applications, APIs, and AI everywhere. Beyond a lightweight connector, nothing is deployed or maintained inside HCA’s environment — no virtual machines, no appliances, no infrastructure to size or patch. Enforcement runs on the same Anycast network at every location, so behavior is consistent wherever care is delivered.
On Zscaler, traffic detours to a separate inspection point, and the user waits for that extra trip. On Cloudflare, inspection happens where the traffic already is. Zscaler sits closest to where infrastructure lives, in AWS. Cloudflare is the edge — closest to both infrastructure and users. For a CIO, that means fewer detours, fewer performance outliers, and a more predictable experience in the field.
Cloudflare has 2.24× more coverage in the key locations where care is delivered — present at 94 of 147 mapped HCA locations, compared to Zscaler’s 42. Cloudflare owns and operates its global network; Zscaler’s service runs on AWS data centers, so proximity is limited to where AWS chose to build. That gap is most visible in the markets that matter most to HCA:
The impact on traffic flow: A nurse in Houston opens a clinical app. With Zscaler, that traffic detours out of Houston to a separate inspection point, then comes back. With Cloudflare, the request is inspected and allowed in Houston itself, so the app simply feels faster and more reliable at the bedside.
The same experience in Nashville, Hyderabad, or a rural community hospital. A hybrid workforce and international growth require enforcement that performs everywhere. Coverage gaps make that conditional.
The same network that accelerates clinical apps also runs AI inference in 200+ cities, so AI copilots and agents show up fast in the exact facilities where they’re used.
Note: The capabilities in this section are outside the scope of what Zscaler offers.
HCA will not just consume AI, it will build agentic AI into its own clinical and operational workflows — and those agents need somewhere safe and fast to live. AI will sit inside clinical workflows, patient interactions, and day-to-day operations, not off to the side as a lab experiment. What most teams discover too late is that building AI and securing AI are the same problem, and that problem has to be solved at the network layer, not patched in afterward.
Cloudflare’s network is not only a security layer; it is a development environment. HCA’s teams can write and deploy code — the applications, the logic, and the AI agents themselves — directly onto the same infrastructure that secures and delivers them. That means a clinical workflow, a patient intake agent, or an internal operations tool can be built, deployed, and protected without provisioning servers, choosing cloud regions, or adding a different vendor for each layer of the stack. The compute runs in the same cities where the users are, and the security is not a separate system the application calls — it is the environment the application runs in.
Cloudflare runs AI inference in 200 cities worldwide, including 92 cities directly where care is delivered. The network already carries AI at enterprise scale, allowing AI applications, copilots, and agents to operate closer to users while benefiting from the same security, performance, and reliability that protect the rest of the platform.
Cloudflare started with a question. In 2004, its founders built Project Honey Pot, a free tool that let website owners track the spammers and fraudsters abusing their sites. Tens of thousands of sites joined. Then one participant asked the question that changed everything: don’t just track the bad guys. Stop them.
Stopping them — for any site, of any size, anywhere on earth — required something nobody had built: a single global network that could inspect and protect traffic in hundreds of cities at once, with every location running the same services. The founders chose the hardest possible path: build that network in software instead of selling hardware boxes into data centers, which is how every networking company of that era made money.
In 2017, Cloudflare made what may prove to be its most important decision: it opened that network to developers. Anyone — including enterprises like HCA — could now run code directly on the same servers, in the same cities, behind the same protections. The network stopped being only a shield and became a place where applications live.
Then AI arrived. AI agents need compute that is globally distributed, millisecond-fast, secure by default, and instantly available — with no servers to provision and no regions to choose. That is not a description of what the hyperscalers built. It is a description of what Cloudflare had spent fifteen years building. Not for AI. For the hardest problems on the internet. And then AI arrived.
A compact appendix of selected podcasts, analysis, and primary sources on Cloudflare, AI infrastructure, quantum readiness, and the current threat landscape.
Useful overview of what Cloudflare is and why its role in internet infrastructure is unusual.
Independent essay on network-layer convergence.
Official earnings calls, investor days, and presentations.
February 2026 milestone.
How attacks are changing across the network.
The largest attacks mitigated on the network.
Independent snapshot of attack tempo.