Change agents needed: How top IT executives ensure their organization’s security, resilience, and success
Mar 03, 2022
IT leaders need to ask themselves this fundamental question: What are the foundational principles that will guide today’s evolving corporate culture as organizations embark on their digital transformation journeys?
On Tuesday, March 1, 2022, we hosted the inaugural Zscaler Global IT Leadership Summit “The Transformational CXO: Opportunity, Community, and Purpose” to get to the answer. Zscaler CEO and Founder Jay Chaudhry kicked off the event by noting that, while cloud, mobility, Internet of Things (IoT), operational technology (OT), and other technology trends have powered digital transformation, “CXOs are flourishing because they have transformed themselves.” The summit featured top IT executives from Microsoft, Siemens, Hitachi, VF Corporation, and Zscaler to illustrate this theme. These successful IT leaders discussed their own transformation journeys, the need for a zero trust networking and security architecture, and how to lead digital transformation.
Microsoft: The two pillars of success in the changing digital landscape
Satya Nadella, CEO and Chairman of Microsoft, led off the event by sharing the principles that kept him him grounded while he steered Microsoft toward its digital transformation from legacy IT to the cloud and mobile world.
In his early days as CEO, he grounded himself in the two pillars he believed were necessary for any transformation: the “why,” or the core sense of purpose and mission for the company, and the “how,” or the values that shape the company’s culture. Looking back to when Microsoft first got off the ground in 1975, he noted that it was created as “a company to build technology tools so that others can create more technology. That’s the core DNA of Microsoft.”
With this in mind, Nadella described how technology and culture work hand in hand: “We ground ourselves in that sense of purpose and do things out of that sense of purpose and, on the culture side, embody a learning culture. And this is where we picked our growth mindset as our cultural meme. Ultimately, you’ve got to get your strategy right and the technology paradigms right, but the necessary conditions to be able to do all that stem from, I believe, your mission and your culture.”
Nadella also spoke about the structural change brought about by the “hybrid paradox,” as he calls it, where people want both the human connection of working on-site and the flexibility of remote work. Another cultural trend he believes deserves attention is the “Great Reshuffle”: people are not just asking about where and when they work but also about why they work. He observed that continual learning, collaboration, and even the workplace's physical environment all need to change to accommodate this hybrid paradox.
When asked about his advice to CIOs who are grappling with how to secure their data and applications in the cloud, he responded that, “It is the topic of our time, because, as digital technology has become so pervasive, so important, and so mission-critical, it is important to prioritize not just the digital capability you have, but also its security.” And that’s where a zero trust architecture comes into play, which he views as not only a technology but also a practice. “It’s not just the implementation of the technology but the operational security posture that every organization has that is so important,” he emphasized.
His advice for IT executives embarking on their digital transformation journey is based on three principles of leadership.
- The innate ability to create clarity when there is ambiguity and uncertainty: “No leader comes in and says, ‘I’m very smart; let me confuse things more.’ That’s not leadership. Leadership is about bringing clarity when confusion reigns.”
- The ability to create energy: He defines this as “being able to bring multiple constituencies to go after something bold and audacious. It is the ability to drive success in an over-constrained environment.”
- Approaching the here and now with vigor and energy: “I never waited for my next job to do my best work. The first job I had at Microsoft I felt was the best job I could ever have. I wouldn’t have become CEO if I was not really into my job before.”
The stages of a cyberattack and zero trust in action
In the second session, Zscaler Chief Information Security Officer and VP Security Research Deepen Desai and Chief Information Officer and Executive Vice President of Emerging Technologies Patrick Foxhoven led a demo of the four stages of an attack cycle to illustrate how zero trust works in real life. They presented a side-by-side comparison of what an attack cycle looks like in a legacy organization using a traditional hub-and-spoke network architecture with castle-and-moat security at best, versus a modern digital enterprise that has implemented a zero trust security architecture.
In a nutshell, there’s a near-zero attack surface in a zero trust environment. Application servers are not exposed to the internet, and there’s no VPN or other point of entry into the network. If the attacker does end up tricking a user into clicking a malicious Google-hosted payload, the Google doc is encrypted by default, identified as malicious through SSL inspection, and blocked.
In the unlikely scenario that the attacker does manage to get into the network, all they could see would be the Zscaler application connector and nothing more. In the unlikely circumstance that the attacker still manages to compromise the environment, the likelihood of data exfiltration is minimized with zero trust, as all traffic leaving the environment is inspected through data loss prevention measures. At every stage of the attack cycle, zero trust reduces cyber risk.
Driving change to deliver transformative outcomes
VF Corporation, the parent holding company for multiple retail brands including Vans, The North Face, Dickies, Supreme, Timberland, Eastpack, Jansport, and Smartwool, was featured in the third session. The successful retailer has approximately $11 billion in revenue and 50,000 employees. Ken Athanasiou, vice president and chief information security officer, shared how VF Corporation employed a zero trust architecture to reduce its attack surface and set the company up for secure business growth.
He highlighted some of the significant activities they are focused on and offered his words of wisdom for young leaders eager to drive change in their organization.
With a heterogeneous environment consisting of many acquisitions, Athanasiou and his team are working on pulling together their multiple brands and simplifying their environment. They are also taking steps to make sure they have strong privilege access management and ubiquitous multifactor authentication. Another big focus is attack surface management and implementing internal network segmentation in preparation for zero trust activities. To move these initiatives forward, they recently deployed two Zscaler solutions: the Zscaler Zero Trust Network Access platform and Zscaler Internet Access, a cloud-native security service edge (SSE) solution. Athanasiou notes that, “We implemented Zscaler in the beginning of last year, and we’re making some good progress down that evolutionary path.”
When it comes to driving change to deliver transformative outcomes, he pointed to the importance of communicating with your people and understanding their emotions: “You really have to make sure you understand people’s fears, desires, uncertainties, and doubts. You have to really put them at ease and make them understand how that transformation is going to do great things for your organization. Empathy is the most important thing. Understand how you’re interacting with and affecting your technology leaders within your organization, and make sure that you bring them along.”
The internet as corporate network
The fourth session of the day was a CXO panel discussion moderated by Chaudhry with two Zscaler customers demonstrating how they led the digital transformation in their organizations and the impact of using Zscaler. Frederick Janssen, VP of IT strategy and governance at Siemens spoke about his responsibility for overseeing the digital transformation activities for Siemens. Jaya Ramaswamy, SVP and CIO at Hitachi Americas Ltd. shared her perspective as regional CIO for Americas.
Chaudhry started the panel discussion by broadly defining digital transformation and its value: “As users are becoming mobile and organizations are embracing software-as-a-service and the public cloud, the network must transform. We must add data connectivity to applications. Security sitting in the data center on premises makes no sense. We must transform security as well. Application transformation plus network transformation plus security transformation actually brings the whole value of digital transformation.”
He continued to explain what digital transformation looks like in the end, noting, “Once you go through this journey, your ecosystem or platform and technologies become very simple… The whole complicated world can be and should be simplified.”
Siemens revamps its corporate network from the ground up
Janssen clearly laid out how he began the process of digital transformation at Siemens, a German conglomerate with 300,000 employees and $62 billion in revenue as of 2021. With operations in 190 countries, it has one of the largest IT environments in the industry. It was a multipronged approach that required rethinking the entire IT infrastructure: the network architecture, application provisioning, cloud migration, how to best make use of SaaS, and changing the way they ran clients.
“We had a two-year plan with ambitious targets. The idea was to drive down costs significantly and increase agility, but also to achieve resilience through cloud migration. This would lead to less effort for our IT organization, which would help free up capacity and enable us to really focus on value creation in digital transformation while also increasing our level of cybersecurity,” he said.
For the 1,900 Siemens campus sites, Janssen and his team made the decision to use the internet as the primary transport layer, which meant they had to fundamentally change the way they looked at their network architecture. This increased the resilience in many ways. Chaudhry recalled that it was Janssen who originated the idea that the internet is the corporate network.
“During the pandemic, clearly, this was the right decision to make,” he explained. “We were able to very quickly ramp up additional users and resources. Being ready for remote work was one of the biggest examples of how this resilience can really help the company in a critical situation.”
Janssen explained that his bread-and-butter use case for Zscaler is to connect users securely to applications while leveraging that central enforcement point or serial trust engine. He adds, “Furthermore, we wanted to avoid lateral movement, particularly for our user’s endpoints.”
In terms of measuring the success of digital transformation, Janssen identified a number of key performance indicators (KPIs). “We were looking at things like money saved, user satisfaction, network performance, the number of applications where you see cybersecurity incidents, the number of applications that were moved to the cloud, and sites that had been fully enabled on the internet,” he recounted.
Janssen’s advice to leaders driving transformation is to “…start with a bold vision and the business outcome in mind. Avoid scope creep because you need to make sure that the team doesn’t get derailed by complexity. Make sure that you stay focused.”
Hitachi does the impossible with zero downtime
Over at Hitachi, a 111-year old multinational with 350,000 employees globally and $82 billion in revenue, Ramaswamy and her team of only 15 people worked tirelessly to drive their digital transformation, completely changing the network architecture and adding Zscaler for cloud security over a span of only six months. The team decommissioned their last data center in July 2020. “Lots of effort and passion went into this well-defined project, which affected 35,000 users. This was a springboard to do more—and nothing was shut down during the process,” she said proudly.
Ramaswamy noted five key value drivers in Hitachi’s digital transformation:
- User experience
- Business resiliency
- Cost efficiency
“The focus was changing the network,” she asserted. “We also had to perform mail routing web modernization into containers and clusters, new services on Platform-as-a-Service (PaaS) for file shares, and updating our legacy DNS.”
For Ramaswamy, the predominant driver of change with respect to cybersecurity was to add the Zscaler cloud service in order to provide users with secure access to the internet, as Hitachi had numerous SaaS applications and private applications on Amazon Web Services and Microsoft Azure.
“From a zero trust architecture perspective,” she explained, “Zscaler helped us minimize lateral threat movement. In addition, we enabled complementary policies based on data loss prevention (DLP). And we enabled DLP for end-user data exchange internally and externally. Also, its cloud security management tool enforces security standards and policy. These helped us from a cybersecurity perspective, and we have other transformation activities underway now.”
Ramaswamy noted that one of her metrics was a 50% improvement in network performance efficiency, a big win that did not go unnoticed by her organization.
What is Ramaswamy’s advice to global IT leaders? “Be prepared to transition to the next paradigm. Change will constantly come. Start small, show quick wins, and measure and showcase them.”
Concluding the session, Chaudhry highlighted that the most important role for IT leaders is to be change agents. “Transformation requires significant changes,” he stated. “Inertia will hold your company back. People get comfortable with the technology they have used for 30 years. You don’t do application development in the cloud the same way you did in the data center. Similarly, you can’t build network security for the cloud world with IP-based networking and firewalls and VPN-based security. Zscaler pioneered the zero trust architecture to help your digital transformation be secure.”
What it means to be resilient and have a growth mindset
The final session of the day was truly stirring and thought-provoking. I had the honor and pleasure of hosting award-winning disability rights activist and speaker Dr. Malvika Iyer. Dr. Iyer spoke about the meaning of resilience, cultivating a growth mindset, and how leaders can be more inclusive of people with disabilities. She shared her poignant story of how she became disabled, how she relied on her grit and internal resolve to overcome her own attitudinal blocks, and how she navigated societal discrimination.
Twenty years ago, Dr. Iyer survived a bomb blast that tore off her hands, crushed both of her legs, and almost killed her. She was only 13 years old at the time, but aware that her very survival was at stake. Though the doctors had all but given up on her, this courageous woman proved them wrong after a few years of diligent work. She was determined to build a fulfilling life.
This immensely challenging experience showed her how people with disabilities face exclusion in so many aspects of their lives—both personally and professionally. After all, she experienced it first-hand. But, rather than fall into despair and inertia, she felt a strong call to do something about it, not only to help herself but also to help others. Dr. Iyer persevered in her education and career, and is proud that, today, she can say she is a product of inclusion and a role model for the disabled. She attributes her ability to turn a negative into a positive to her growth mindset.
“I think a growth mindset is the key to everything,” she said. “It creates a powerful desire for learning, for improving, and I think it allows us to try even in the worst of situations. People with a growth mindset believe in hard work, determination, learning, and improving.”
As she suggested, we all come to a crossroads at some point in our lives where we must choose to follow either our fixed mindset voice or follow our growth mindset voice. “Losing is not failing, but when we give up, that is failing. Resilience is the ability to pick yourself up in the face of uncertainty, challenges, or adversity. If we are resilient, I don’t think we ever give up because people with resilience need only one thing—and that is hope,” she remarked. “And I think if we have hope, there is nothing we can’t do. I believe that the bravest thing I ever did was find hope when there was none.”
For Dr. Iyer, IT leaders' most important call to action is to share their success stories, just as she is sharing hers, and that is how progress occurs. “When I was young, I had no role models and didn’t know anyone with disabilities… Now I see so much change. No one stares at me anymore, and people only say positive things. I am inspired by the millions and millions of people who treat those who are different as human beings and give them the rights and respect they deserve,” she observed.
Do what it takes to become an agent of change
This highly inspiring and motivating event showcased how IT leaders can become agents of change by bringing empathy and resilience in the face of adversity in the area of cybersecurity. How else to respond to a world increasingly saturated with online engagement and transactions, greater competition, ballooning customer expectations for flawless and secure digital experiences? IT leaders, like the exemplars that graciously shared their time with us at this summit, are stepping into a more prominent role as drivers of business success.
What to read next