Understanding What Zero Trust Means for Business

Hosted by

Stan Lowe - Global CISO, Zscaler

Tom Field - Senior Vice President - Editorial, ISMG

Agenda

6:00pm - Registration, Networking

6:30pm - Introductions and Opening Remarks

6:45pm - Roundtable Discussion

8:30pm - Program Concludes

Executive Roundtable Series

Sponsored by Zscaler

Introduction

The term “zero trust” has been all the buzz, but did you know that the

concept was first introduced almost a decade ago by Forrester Research?

Today, 78% of teams want to adopt a zero trust model. 59% will adopt

zero trust network access (ZTNA) services within the next 12 months.

What does Zero Trust mean to you?

Join in this discussion of Understanding What Zero Trust Means for Business. Guided by insight

from Stan Lowe, Global CISO at Zscaler, this invitation-only dinner will draw from the experiences

of the attendees, offering thoughts on how they have deployed zero trust security within their

enterprises. Among the discussion topics:

• An overview of zero trust security and its role helping to secure organizational assets

• An understanding of the key security tenets that make zero trust possible

• Guidance on how to eliminate blindspots in the organization and minimize attack surface

• A path to reduce operational expenses by removing need for legacy appliances

You’ll have the opportunity to discuss the topic with a handful of senior executives and market

leaders in an informal, closed-door setting, from which you will emerge with new strategies and

solutions you can immediately put to work..

Understanding What Zero Trust Means for Business2

Discussion Points

Among the questions to be presented for open discourse:

• Does your enterprise currently trust on-premise users more, less or the same as off-premise

users?

• How do you currently control access to applications & track lateral movement within the

corporate network?

• What does “zero trust” mean to you?

• Have you deployed any zero trust ecosystem technolgies - ZTNA, Identity Providers,

Endpoint Security - to date?

• To what degree do you wish to deploy it going forward?

• What are your biggest obstacles - technical and non-technical - to embracing modern

technology like ZTNA services?

• What investments will you make in the coming year around the zero trust model?

Understanding What Zero Trust Means for Business 3

About the Expert

Joining our discussion today to share the latest insights and case studies:

Stan Lowe

Global CISO, Zscaler

Stan Lowe, a global CISO, has successfully led transformational change in large,

complex environments, as well as small and mid-size cybersecurity and IT

organizations. As Zscaler Global Chief Information Security Officer, Stan oversees the

security of the Zscaler enterprise and works with the product and operations groups

to ensure that Zscaler products and services are secure. Part of his focus is to work

with customers to help them fully utilize Zscaler services and realize the maximum

return on their investment. Prior to joining Zscaler, Stan served as the VP & Global

Chief Information Security Officer for PerkinElmer, where he was responsible for

global enterprise security and privacy. He has also been a Cyber Security Principal

at Booz Allen Hamilton. Stan has extensive federal experience, serving as the U.S.

Department of Veterans Affairs (VA) Deputy Assistant Secretary for Information Security,

Chief Information Security Officer, and Deputy Chief Privacy Officer, as well as Deputy

Director of the Department of Defense/VA Interagency Program Office. Before joining

the VA, Stan served as Chief Information Officer of the Federal Trade Commission.

Stan’s public service record extends to the U.S. Department of Interior in the Bureau,

the U.S. Postal Service Inspector General, and the U.S. Navy. Stan has also served as

an executive in several technology startups, and currently serves on several boards

advising on cybersecurity. He is a frequent speaker and writer on security topics.

About Zscaler

Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their

networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler

Internet Access™ and Zscaler Private Access™, create fast, secure connections between users

and applications, regardless of device, location, or network. Zscaler services are 100 percent

cloud-delivered and offer the simplicity, enhanced security, and improved user experience that

traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates

a multi-tenant distributed cloud security platform, protecting thousands of customers from

cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.

Learn more at zscaler.com

Understanding What Zero Trust Means for Business4

About the Moderator

Leading our discussion today is:

Tom Field

Senior Vice President, - Editorial, ISMG

Field is an award-winning journalist with over 30 years of experience

in newspapers, magazines, books, events and electronic media. A

veteran community journalist with extensive business/technology and

international reporting experience, Field joined ISMG in 2007 and

currently oversees the editorial operations for all of ISMG’s global media

properties. An accomplished public speaker, Field has developed and

moderated scores of podcasts, webcasts, roundtables and conferences

and has appeared at RSA Conference and on various C-SPAN, The

History Channel and Travel Channel television programs.

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organization devoted solely

to information security and risk management. Each of our 28 media properties provides education,

research and news that is specifically tailored to key vertical sectors including banking, healthcare

and the public sector; geographies from the North America to Southeast Asia; and topics such

as data breach prevention, cyber risk assessment and fraud. Our annual global summit series

connects senior security professionals with industry thought leaders to find actionable solutions

for pressing cybersecurity challenges.

Understanding What Zero Trust Means for Business 5

Stan Lowe

Global CISO, Zscaler

Zero Trust Defined

TOM FIELD: Zero Trust is a term that gets used a lot. What’s it mean to

you?

STAN LOWE: When Forrester introduced the term “Zero Trust”, they

defined it to mean “don’t automatically trust an on-premise user more

than an off-premise user.” The idea was to extend the same level of

visibility and control across users accessing internal applications,

regardless of whether those users were inside or outside the traditional

enterprise perimeter. That concept was difficult to translate into reality

when introduced because the technologies available at the time (802.1X

/ NAC) were - and still are - complex and hard to deploy at scale.

Today, we’re seeing that users’ access to external applications can be

just as much of a threat to an organization as users accessing internal

applications. Malware, botnet compromise, data leakage and other

externally originating threats require new security models. True zero trust

should extend across the full spectrum of user to application access: on-

premise user to internal apps, on-premise user to external apps, remote

user to internal apps, and remote user to external apps.

Securing Data and Minimizing Risk

FIELD: How can zero trust network access help secure organizational

data?

In advance of this event, ISMG’s Tom Field spoke about zero trust with

Zscaler’s Stan Lowe. Here is an excerpt of that conversation.

Understanding What Zero Trust Means for Business

Q&A WITH THE EXPERT

Chipp Witt

Understanding What Zero Trust Means for Business6

LOWE: A zero trust approach provides visibility and granular control

over user access to applications. Organizations can provide targeted

application access based on both the attributes of the end user - such

as group membership, role, department, possibly even location - and the

device they’re using to connect, i.e. managed or unmanaged, corporate

asset or BYOD, compliance status.

This reduces the attack surface by eliminating lateral movement,

removing the capability for network reconnaissance and scanning, and

making applications invisible, or “dark,” unless the user is authorized to

access them.

Know the Zero Trust Principles

FIELD: What are the key security tenets of zero trust network access?

LOWE: Users should not be on the corporate network. Which means:

Application access shouldn’t require network access; and policies should

be app-centric, not network IPs and ACLs

Apps should be invisible to unauthorized users: Not exposed to the

Internet; not exposed to unauthorized internal users; app access only

after authentication & policy checks.

App segmentation without network segmentation. This means user-to-

app connection, not endpoint-to-network; and traffic is carried in app-

specific microtunnels - no lateral movement

Protect the business

FIELD: What are some of the blindspots within organizations that can be

eliminated via zero trust?

LOWE: In a traditional enterprise network, endpoints are connected

directly to the network - either on-premise, or via a L3 IPsec VPN tunnel.

For on-premise users, it can be difficult to identify who is on your

network; for both cases, it can be difficult to identify what they are doing.

“The idea is essentially granting access after you done some form of validation, whether it be validation of the device, the individual’s identity, the access methodology, the sensitivity or the criticality of the data.” Stan Lowe, Zscaler

Understanding What Zero Trust Means for Business 7

Discover Shadow IT - Many organizations have unknowns apps running

in public cloud instances. If unprotected, this serves as an attack vector.

ZPA identifies Shadow IT, and allows teams to set granular controls for

them.

Visibility in user activity - ZPA provides granular visibility into which

users are accessing what applications, the path they are taking

through the Zscaler and enterprise environment to do so, and the user

experience involved. ZIA provides similar visibility into user access to

external applications, which traditionally required stacks of point-product

appliances inline to outbound traffic for on-premise user visibility, and

was difficult if not impossible to achieve for remote users accessing

Internet and SaaS apps.

Avoid Costs to the Business

FIELD: What are some of the cost savings that organizations can realize

by moving to a zero-trust model?

LOWE: They can reduce capital expense by eliminating the VPN

gateways - and reducing the corresponding infrastructure dependencies

like DMZ firewall, load balancer, global server load balancing

Also, they can reduce operational expense by centralizing configuration /

provisioning / visibility and eliminating multiple log streams, configuration

interfaces, backhaul across internal network, bandwidth consumption

between branch and datacenter / datacenter and IaaS/PaaS cloud

provider.

Finally, they can improve end user productivity via seamless, transparent,

direct access to applications.

How Zscaler is empowering businesses

FIELD: How is Zscaler helping customers make this transition?

LOWE: The move to is best suited with services born in the cloud.

Zscaler offers the following:

“Users should not be on the corporate network. Which means: Application access shouldn’t require network access; and policies should be app-centric.” Stan Lowe, Zscaler

Understanding What Zero Trust Means for Business8

A fully cloud-delivered service built for scale, availability and simplicity

A more seamless end user experience when access apps

Service initiated ZTNA architecture where apps and users are brokered

together, without network access

The ability to minimize the attack surface by discovering unknown apps

and masking known ones from the Internet

Enable key use cases including: VPN alternative, Third-party access,

Multi-Cloud access and Accelerate M&A and Divestitures

Also, ZPA solves pressing business problems today - remote access,

third-party access, app migration (datacenter consolidation, cloud

deployment), M&A or D&S acceleration - while building a foundation

for a strategic zero trust initiative that may play out over the upcoming

several years. n

Understanding What Zero Trust Means for Business 9

Notes

Understanding What Zero Trust Means for Business10

Notes

Understanding What Zero Trust Means for Business 11

902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information security

and risk management. Each of our 28 media properties provides education, research and news that is specifically

tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to

Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit

series connects senior security professionals with industry thought leaders to find actionable solutions for pressing

cybersecurity challenges.

Contact

(800) 944-0401 • sales@ismg.io

CyberEd