Jay Chaudhry’s legendary passion for zero trust shined with brilliance yesterday during his keynote presentation at Zscaler Zenith Live 2022 in Las Vegas. As founder and CEO of a fast-growing company with the world’s only true zero trust platform, it should be no surprise. The passion carried through the dedicated half-day CXO REvolutionaries track that he kicked off.
The first panel represented a wide range of roles necessary for a project as involved as an enterprise-wide switch from legacy cybersecurity approaches to a zero trust architecture. It included Jason Truong, VP, Network & Security Engineering & Operations, Humana Inc.; Jeremy Embalabala, Chief Information Security Officer, HUB International; and Sudhir Nair, Chief Digital Officer, AmeriSave Mortgage Corporation.
These technologists shed light on peer collaboration through the lens of unique experiences and backgrounds yet connected as Zscaler customers on similar digital transformation journeys. There was no shortage of universal learnings.
Sudhir Nair, a repeat Zscaler customer, was the first to share the overall snapshot at AmeriSave by challenging conventional wisdom: “There is a thought process in the industry that digital modernization or digital transformation is initiated by technology and business folks, which is actually not accurate. It's initiated by all of us consumers. Why? Because our patterns have changed. Our requirements have changed.” He explained that companies like Amazon set a new bar for customer service, giving way to new customer expectations that made us rethink our business models.
There is a common saying at Zscaler that goes along the lines of “complexity is the enemy of security.” Working in financial services, a highly regulated industry, Nair laid out a perfect example of complexity as he described the challenges he faced serving customers and employees with various systems, devices, and compute requirements. Pile on networks, security, data centers, and clouds, and what you have is not just a hub and spoke, but a “hub and hub and sub hub,” which means very sophisticated requirements for protecting employees that are helping customers. With COVID-19, it all got even more complicated.
With cross-department collaboration, Nair met the challenge by turning to zero trust. He said, “It's not just software, or it's not just the role of a security office, but everybody. It's the network team.
Next, Jeremy Embalabala shared the CISO perspective on transformation, echoing Nair’s points about putting customer needs in the center and changing the business to meet those needs in the insurance space with increasingly more digital offerings. “We’ve had to work differently as a security organization with the business, with our IT partners to make that a reality and make that a success and to make sure they're providing the product, the services that our customers want in an efficient and secure manner.”
Getting to that point meant Embalabala had to work differently than before by shifting security to be more agile, enabling a DeVSecOp model, and managing toward quality outcomes. Hub has been a Zsacler customer for roughly five years, with 15,000 employees using Zscaler Internet Access and some third-party partners using Zscaler Private Access.
Next, Jason Truong shared the transformation journey at Humana, which is shifting to a comprehensive service and value-based healthcare provider, noting a lot of M&A. New offerings are ultimately driving technology modernization, transition to the cloud, decomposition of monolithic applications, the adoption of microservices, and data consolidation. “All of that deals with security, all that deals with network and Zscaler has been a huge factor.”
With the three customer stories to set the stage, the panel turned to the topic of peers and cross-team collaboration. Truong is witnessing increasingly blurred dividing lines regarding technology management and responsibility. “It's important for us to have stronger partnerships and to be less focused on our individual silos and focused on outcomes,” he said.
Embalabala added, “What's important is every person in technology really needs to have security embedded in their mindset and really focus on what's most important, which is delivering business functionality.”
Nair’s take focused on change management. “Between the different roles that are specialized in vertical areas like infrastructure security, software development, don't forget data is the ability to explain the change, define what is the change, and also make them recognize they have to change as well. If, if they don't understand that there is a change coming, it's going to be difficult for them to be part of the change and be the change agent itself.”
To wrap up the session, Chaudhry asked each of the executives to share their top advice with the audience.
Truong: Focus on how we create as leaders a very effective working environment, from security to connectivity, to overall user experience.
Embalabala: Security practitioners typically take an academic view but should instead put the business and its objectives first. We are here to enable the business to grow and be successful.
Nair: Create a feedback loop to ensure users can operate successfully after a change - and be ready with your support org to respond.
In close, it is worth sharing some of Chaudhry’s advice shared throughout the Q&A that anyone in the process of a zero trust-based solution implementation should consider:
- Use a product management plan that is jointly developed between you and your technology partner to keep deadlines and milestones in check
- Microsegmentation can be overly complex so consider user-to-app segmentation
- To understand what is happening in your infrastructure, consider tools like Zscaler Digital Experience for insight and transparency into app performance issues
What to read next
Understanding the roadblocks to zero trust is your first step to success
Don’t hire a “network complication engineer”: Enterprise IT requires simplicity
CIOs and CISOs: from strange bedfellows to power couple