In its eastward sweep across the U.S., the CXO Revolutionaries team recently completed successful events in Houston and Chicago on its way to New York.
The executive events provided attendees the opportunity to learn from and interact with top security personnel from major multinationals in the midst of their digital transformation journeys. Any would tell you their companies haven’t yet crossed the finish line, but they are lapping those who’ve yet to start.
At CXO Summit Live Houston on September 28, security leaders from Shell, Salesforce, and NOV sat down with Steve House, SVP of Product Management at Zscaler and Helmuth Ludwig, former Chief Information Officer at Siemens, to discuss how the zero trust journey evolved their business.
At CXO Summit Live Chicago on October 11, Zscaler VP of Transformation Strategy and Field CTO Sanjit Ganguli hosted a panel discussion featuring Cushman & Wakefield Global CISO Erik Hart alongside Ricardo Lafosse, CISO at Kraft Heinz.
Here are some of the key learnings we’ve gathered from industry-leading CXOs from our time on the road so far.
Managing costs doesn’t mean skimping on security
What drives an organization’s transformation? The catalyst for NOV was when oil prices cratered in 2014. Suddenly its CIO, Alex Phillips, was under pressure to secure the business while shaving tens of millions of dollars from the IT budget.
“We had 10 to 12 different hubs around the world, and we had to find a way to save money while legacy vendors urged us to ‘buy more boxes.’ That’s when my colleague Patricia Gonzalez-Clark introduced us to Zscaler,” Phillips recalled. “We implemented Zscaler Internet Access, we got rid of all our security appliances, and, through architecture sessions with Zscaler, we learned that we could also get rid of our hub-and-spoke architecture. Today we’ve driven out $4 million in cost just by getting rid of MPLS, and we’re not done yet. We’re seeing a 20 times speed increase at a fourth of the cost.”
Saša Zdjelar, SVP of Security Assurance at Salesforce, shared a similar experience: “Usually you see tradeoffs between performance and productivity enhancements and either trust, security, or cost. Zero trust is possibly the only enterprise initiative that I’ve run into where you dramatically improve security, productivity, and performance for your customer while reducing your costs.”
Digital transformation means making data actionable
As Lafosse pointed out, digital transformation means different things to different companies. For Kraft Heinz, it’s a matter of gaining efficiencies, reducing downtime, and turning data into insights. "Being a very traditional manufacturer, Windows 7 and Windows 95 are pretty commonplace,” he said. The company’s digital transformation journey entails upgrading those systems to capitalize on decades of improvement to security features, but also to garner more actionable insights from the data they collect.
For Hart’s Cushman & Wakefield, this may entail deploying AI technology to route issues with a property to the right department to address them, whether that be maintenance, electrical replairs, or security. At Kraft Heinz, it may mean ensuring products like hot dogs and ketchup are automatically marked down for Super Bowl Sunday.
“If we see you always stock up on A-1 Steak Sauce on Wednesdays after work, we’ll make sure to send you coupons and targeted ads on that day.”
A better user experience accelerates digital transformation
Besides positive financial outcomes realized from zero trust, improved user experience is another big win. And when users are happier, organizations benefit from better productivity, higher morale, lower support costs, and increased customer retention and market share.
Craig Clay, former Lead Connectivity Architect at Shell, can relate to those savings. He says the most beneficial aspect of zero trust for users is simplicity. For the IT team, it’s been easier to enable people to work from anywhere.
Philips recalled an outcome that surprised him when NOV began its digital transformation. “The user experience went through the roof. Things just started working better from a user perspective, and this really energized us and made the ZPA implementation smoother,” he says. The organization’s transition from on-premises solutions to the cloud was rooted in cost analysis and flexibility, “a cloud smart approach,” as he called it.
As Hart put it, “water will follow the path of least resistance.” If a security solution sufficiently degrades the user experience, users will develop a workaround. On the other hand, a simplified security experience will spur its more widespread adoption.
The zero trust journey is the modern-day canary in the coal mines
Here are some nuggets of wisdom and valuable lessons learned—sometimes the hard way—from these Fortune 500 technology leaders:
√ Get the basics right. These include asset management, identity management, and patch management. The foundation of a successful zero trust program is knowing what you have, who you have, and what they should have access to.
√ Save yourself time by bringing together the necessary groups. Involve your identity access management and network security teams to define the problem and scope out your zero trust architecture together. "Find those key transformational agents on the business end and make sure you have those strong relationships with them," Lafosse said.
√ Ensure your zero trust ecosystem is robust. As Clay put it: “In the early stages, we had the right floor plan—zero trust—but we picked the wrong carpenter. Fortunately, we could easily switch that out because we had a solid foundation.” As Shell moved to Zscaler, they loved how seamlessly they could incorporate additional capabilities into the ecosystem.
√ Keep teams laser-focused on outcomes. Invest in outcomes, not tools, advises Hart. When you focus on where you’re ultimately headed, you’re less likely to be distracted by the shiniest new solutions that come to market.
It’s time to leverage those platforms. You’ll discover that incorporating a zero trust architecture into your IT environment is a natural and necessary progression in securing your environment.
What to read next: