KEY TAKEAWAYS - The Zscaler Virtual CXO Summit, Spring 2021 Episode #2 - Reenvisioning technical architectures in a changing threat landscape

KEY TAKEAWAYS - The Zscaler Virtual CXO Summit, Spring 2021 Episode #2 - Reenvisioning technical architectures in a changing threat landscape

About the Zscaler CXO Summit

The new cyber-threat era is complex, accelerated, and unrelenting. It demands leaders who can prioritize agility over complexity, security over complacency, and innovation over stagnation. Achieving those enterprise objectives requires perseverance, collaboration, and secure digital transformation. The Zscaler Virtual CXO Summit brings together industry-leading CIOs, CTOs, CDOs, and CISOs to share insights, expertise, and experience. The Spring 2021 Series focuses on the theme “IT Leadership in a New Cyber-threat Era: The Business, Technical, and Security Demands of Digital Transformation.”

Watch episode #2, “Reenvisioning technical architectures in a changing threat landscape” - Americas/International

CXO Perspectives Panel - “How a Zero Trust Architecture minimizes enterprise attack surface”

In the first sessions of the Americas and International events, Zscaler Senior Director of Transformation Strategy Pam Kubiatowski and Head of Transformation Strategy for the EMEA region Nathan Howe spoke with tech leaders on the topic of reducing enterprise attack surface with Zero Trust. Here are some of the key takeaways.

Attack risk is not just increasing, the dynamics of it are changing...fast.

For Karl Hoods, Chief Digital Information Officer with the UK Government’s Department for Business, Energy, & Industrial Strategy, the biggest threat to enterprise security is the one you don’t know.

“Attack Surfaces are changing regularly and increasing,” explained Hoods. “So for us, we've tried to focus on what we know and try and focus even more on what we don't know. Because clearly, that's where the overall threat is. That 'don't know' element for us, there's a fairly strong focus on third-party risk, so whether that be consumption of services, which is easy to use for any organization to go out and buy something on a company credit card, or subscribe to a particular service, or outsource something to another organization. How are we looking at that third-party risk?”

The new way of work? It’s hybrid, with a disparate workforce connecting from anywhere, at any time, and on any device.

David Branik is a VP and Head of Telecom Services for DHL’s Information Services team in Czechia. As DHL has pivoted to a hybrid work environment, he has had to shift focus -- particularly with regard to troubleshooting connectivity issues.

“Suddenly, we have a significant remote workforce,” noted Branik, “so we get a lot more incidents. Is it their wi-fi? Is it their home network? Is it something on the internet? Is it really something we can really fix? That also reflects on the attack surface and the security.”

Abdul Khan, VP of Global Infrastructure and Operations for Manpower, sees a secure, work-from-anywhere ideal as his next Zero Trust objective.

"We were ready [to respond to COVID-imposed workforce changes] thanks to Zscaler,” commented Khan, “and our strategy in terms of SD-WAN, hybrid cloud, many of the things we had done over the past many years -- I think it has prepared us well...The next big thing [for Manpower] will be secure remote access."

Zero Trust provides greater visibility, control, performance, and of course, security.

For each CXO, Zero Trust can have a different connotation, particularly in its application within a particular IT environment or corporate culture.

Jarrod Benson, CIO with Koch Business Solutions, calls out two specific adjectives he associates with Zero Trust: seamless and secure.

“To me, Zero Trust means employees can securely and seamlessly...access their applications and data when they need it, where they need it, wherever they are globally,” said Benson. “The other key word there, obviously, is ‘securely.’ You don't just want to open everything up. In terms of Zero Trust, it means it limits the risk profile, it limits the risk surface for attacks, but it also gives our employees the ability to be more productive, no matter where they are globally."

DHL’s Branik concurs, but cites control and visibility as additional Zero Trust impacts.

“I think security obviously is number 1,” explained Branik. “What it drives though, is a much better understanding within our group as to what connects to where and why...The other advantage is better control of externals that connect in to our applications, be it the support companies, vendors, contractors, as well.”

Khan from Manpower employs a domestic analogy for his unique definition of Zero Trust.

“In our daily lives, we practice Zero Trust without even thinking about it,” noted Khan. “Why can't we do that the same for our digital life? We allow our friends and family to come into our homes, but we both accept and understand the limits. If our guests try to go to our master bedroom/bathroom, instead of using the one in the hallway, we get concerned! I think the same limitation and micro-segmentation should be applied to our digital lives. Zero Trust is basically giving least-privilege access to users, devices, and even premises. Authenticate each for access to each area, continually re-authenticate, and re-authorize."

Want to start your enterprise transformation journey to Zero Trust? Just do it!

When it comes to kicking off a digital transformation initiative, Hoods of the UK Government’s BEIS division “challenges” fellow CXOs to just get on with it. His advice? “Start.”

“There can be a hesitance to it,” noted Hoods. “[In some organizations,] there's been a degree of separation from the CISO-type role, from the core technology team, and it sits elsewhere...So, for me, it's bring together the CISO, the IT director, whomever it may be, get them in and agree that this is the right thing to do. And if not, have the conversation and understand why it's not. And keep challenging.”

Benson’s counsel to other tech leaders looking to implement Zero Trust is similarly constructive, and he recommends a step-by-step approach.

“[D]on't boil the ocean, understand your high-risk areas and focus there first, gain visibility, and then optimize,” advised Benson. “That, to me, is something that's repeatable and can be leveraged. Koch acquires companies all the time, and that's kind of the path we take. Gain visibility, don't expect to fix everything...focus on high-risk areas, and then go through an optimization process.”

The Zscaler Virtual CXO Summit continues April 14 (Americas) and 15 (International) with episode #3, “The modern CISO: Cybersecurity strategies for the new threat landscape.” Learn more and register at CXOSummit.Zscaler.com.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics