CIOs zero in on zero trust in inaugural podcast
Aug 04, 2021
Experts say ZTA helps successfully align business and technology initiatives
I recently hosted the first episode of The CIO Evolution, a new podcast that joins CISO's Gambit and Cloudy with a Chance of Trust (for CTOs) to cover our entire CXO audience. My guests, former Great-West Life CIO Phil Armstrong, Zscaler Senior Director of Transformation Strategy Dan Shelton and I dived right into digital transformation at global organizations and how CIOs should securely move their enterprise into a multi-cloud environment built for agility and resilience.
We acknowledged that application transformation is well underway. Applications now reside in the public cloud and are accessed by mobile employees, customers, and partners. Business no longer takes place on a trusted corporate network or inside a security perimeter. And the legacy hub-and-spoke network with a castle-and-moat security model, which worked well during the pre-cloud and pre-mobile world, does not work anymore.
Unless you’ve been living under a rock, you know that zero trust has taken center stage as an alternative to legacy security best suited for the hub-and-spoke world. But what is zero trust? Certainly, everybody claims they know and can provide it. But can they? With the podcast recording still fresh on my mind, I'd like to reflect on this critical topic and the other great ideas my guests shared below.
What is working and not working in cybersecurity?
Advanced cybersecurity allows for sustainable, adaptable environments that do not sacrifice data or network integrity. Leaders can unite cybersecurity, application, and network teams when adopting a zero trust architecture with least-privileged access principles. This effort also reduces overall IT run rates attributed to patching, licenses, applications, and staff.
Phil Armstrong emphasized the importance of cybersecurity as part of business initiatives, not just an IT checkbox: “When you have a progressive cybersecurity architecture that is embedded into your business architectures and your corporate culture, it allows you to enable a few things. And these things are vitally important. No one would say, ‘business flexibility isn’t important.’”
Is cybersecurity purely an IT function, or is it strategic, and why?
Cybersecurity architecture is not just an IT initiative. By integrating it with business planning and corporate culture, companies can gain a competitive advantage. This, of course, requires executive buy-in and board-level awareness. CTOs have a unique opportunity to proactively partner across business units for broader organizational growth.
As Phil emphasized, it’s a strategic imperative: “We’ve gotten to the point where having a good cybersecurity plan, architecture, and approach that’s integrated with your business plans and business architecture and the culture of your company is strategic. It’s a strategic advantage.”
What is zero trust? Is this the moment CXOs and tech leaders have been waiting for?
Zero trust also enables a pivot toward cloud-focused digital transformation. This methodology can create openings for improved innovation, distribution, customer satisfaction, and employee productivity in alignment with corporate goals. In turn, IT can implement agile cloud solutions that empower key contributors and accelerate strategic initiatives without forfeiting security or insight.
Zscaler’s Dan Shelton remarked, “Zero trust is really about following least-privileged access principles. But you don’t just center it around the network, but instead center it around identities, endpoints, applications, the data that resides in those applications, and the overall infrastructure.”
This focus on who is accessing what, rather than a network perimeter, allows business leaders to deploy infrastructure that matches business goals rather than technology limitations.
Zero trust architecture (ZTA), previously known as a software-defined perimeter, seeks ways to connect users to their applications and data when it’s increasingly likely that neither users nor applications will be sitting on the network. To become digitally enabled, organizations must make their systems, services, APIs, data, and processes accessible anywhere, anytime, from any device over the internet. To do so securely, they leverage ZTA to provide the precise, contextual access necessary while shielding services from attackers. ZTA offers significant benefits in user experience, agility, adaptability, and simplified policy management, and cloud-based ZTA provides the added benefits of scalability and ease of adoption.
What are the challenges that companies face when attempting to implement a ZTA?
Headlines about cybersecurity threats, malware-infected parts, and compromised websites are a frequent occurrence that has proven time and again to be devastating PR and IT debacles for enterprises. With new types of risks always on the edge of the periphery, private and public sectors are ramping up to protect assets, business functions, and consumers from costly breaches. In 2019, it was projected that cybercrime would cost businesses around $2 trillion. It is vital that company IT and business teams work together for ongoing security strategy tactics that keep themselves and their consumers safer.
Dan offered: “The challenge is getting all the IT teams together to discuss the business strategy. Understand what you need and don't need in your infrastructure to achieve your business goals. Every single security vendor says they can do zero trust. Get the buzzwords out of the conversation. Assume that everyone is on the internet, and your security infrastructure should reflect that.”
The first episode of The CIO Evolution was a great conversation with two technology leaders familiar with securely deploying cloud- and mobile-first solutions. Listen and learn how new infrastructures are necessary to provide an expanding hybrid workforce with the tools and experience to be agile, productive, and secure.
Watch out for future episodes of the podcast, coming soon.
What to read next