Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Understanding What Zero Trust Means for Business
Hosted by
Stan Lowe - Global CISO, Zscaler
Tom Field - Senior Vice President - Editorial, ISMG
Agenda
6:00pm - Registration, Networking
6:30pm - Introductions and Opening Remarks
6:45pm - Roundtable Discussion
8:30pm - Program Concludes
Executive Roundtable Series
Sponsored by Zscaler
Introduction
The term “zero trust” has been all the buzz, but did you know that the
concept was first introduced almost a decade ago by Forrester Research?
Today, 78% of teams want to adopt a zero trust model. 59% will adopt
zero trust network access (ZTNA) services within the next 12 months.
What does Zero Trust mean to you?
Join in this discussion of Understanding What Zero Trust Means for Business. Guided by insight
from Stan Lowe, Global CISO at Zscaler, this invitation-only dinner will draw from the experiences
of the attendees, offering thoughts on how they have deployed zero trust security within their
enterprises. Among the discussion topics:
• An overview of zero trust security and its role helping to secure organizational assets
• An understanding of the key security tenets that make zero trust possible
• Guidance on how to eliminate blindspots in the organization and minimize attack surface
• A path to reduce operational expenses by removing need for legacy appliances
You’ll have the opportunity to discuss the topic with a handful of senior executives and market
leaders in an informal, closed-door setting, from which you will emerge with new strategies and
solutions you can immediately put to work..
Understanding What Zero Trust Means for Business2
Discussion Points
Among the questions to be presented for open discourse:
• Does your enterprise currently trust on-premise users more, less or the same as off-premise
users?
• How do you currently control access to applications & track lateral movement within the
corporate network?
• What does “zero trust” mean to you?
• Have you deployed any zero trust ecosystem technolgies - ZTNA, Identity Providers,
Endpoint Security - to date?
• To what degree do you wish to deploy it going forward?
• What are your biggest obstacles - technical and non-technical - to embracing modern
technology like ZTNA services?
• What investments will you make in the coming year around the zero trust model?
Understanding What Zero Trust Means for Business 3
About the Expert
Joining our discussion today to share the latest insights and case studies:
Stan Lowe
Global CISO, Zscaler
Stan Lowe, a global CISO, has successfully led transformational change in large,
complex environments, as well as small and mid-size cybersecurity and IT
organizations. As Zscaler Global Chief Information Security Officer, Stan oversees the
security of the Zscaler enterprise and works with the product and operations groups
to ensure that Zscaler products and services are secure. Part of his focus is to work
with customers to help them fully utilize Zscaler services and realize the maximum
return on their investment. Prior to joining Zscaler, Stan served as the VP & Global
Chief Information Security Officer for PerkinElmer, where he was responsible for
global enterprise security and privacy. He has also been a Cyber Security Principal
at Booz Allen Hamilton. Stan has extensive federal experience, serving as the U.S.
Department of Veterans Affairs (VA) Deputy Assistant Secretary for Information Security,
Chief Information Security Officer, and Deputy Chief Privacy Officer, as well as Deputy
Director of the Department of Defense/VA Interagency Program Office. Before joining
the VA, Stan served as Chief Information Officer of the Federal Trade Commission.
Stan’s public service record extends to the U.S. Department of Interior in the Bureau,
the U.S. Postal Service Inspector General, and the U.S. Navy. Stan has also served as
an executive in several technology startups, and currently serves on several boards
advising on cybersecurity. He is a frequent speaker and writer on security topics.
About Zscaler
Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their
networks and applications for a mobile and cloud-first world. Its flagship services, Zscaler
Internet Access™ and Zscaler Private Access™, create fast, secure connections between users
and applications, regardless of device, location, or network. Zscaler services are 100 percent
cloud-delivered and offer the simplicity, enhanced security, and improved user experience that
traditional appliances are unable to match. Used in more than 185 countries, Zscaler operates
a multi-tenant distributed cloud security platform, protecting thousands of customers from
cyberattacks and data loss. Learn more at zscaler.com or follow us on Twitter @zscaler.
Learn more at zscaler.com
Understanding What Zero Trust Means for Business4
About the Moderator
Leading our discussion today is:
Tom Field
Senior Vice President, - Editorial, ISMG
Field is an award-winning journalist with over 30 years of experience
in newspapers, magazines, books, events and electronic media. A
veteran community journalist with extensive business/technology and
international reporting experience, Field joined ISMG in 2007 and
currently oversees the editorial operations for all of ISMG’s global media
properties. An accomplished public speaker, Field has developed and
moderated scores of podcasts, webcasts, roundtables and conferences
and has appeared at RSA Conference and on various C-SPAN, The
History Channel and Travel Channel television programs.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely
to information security and risk management. Each of our 28 media properties provides education,
research and news that is specifically tailored to key vertical sectors including banking, healthcare
and the public sector; geographies from the North America to Southeast Asia; and topics such
as data breach prevention, cyber risk assessment and fraud. Our annual global summit series
connects senior security professionals with industry thought leaders to find actionable solutions
for pressing cybersecurity challenges.
Understanding What Zero Trust Means for Business 5
Stan Lowe
Global CISO, Zscaler
Zero Trust Defined
TOM FIELD: Zero Trust is a term that gets used a lot. What’s it mean to
you?
STAN LOWE: When Forrester introduced the term “Zero Trust”, they
defined it to mean “don’t automatically trust an on-premise user more
than an off-premise user.” The idea was to extend the same level of
visibility and control across users accessing internal applications,
regardless of whether those users were inside or outside the traditional
enterprise perimeter. That concept was difficult to translate into reality
when introduced because the technologies available at the time (802.1X
/ NAC) were - and still are - complex and hard to deploy at scale.
Today, we’re seeing that users’ access to external applications can be
just as much of a threat to an organization as users accessing internal
applications. Malware, botnet compromise, data leakage and other
externally originating threats require new security models. True zero trust
should extend across the full spectrum of user to application access: on-
premise user to internal apps, on-premise user to external apps, remote
user to internal apps, and remote user to external apps.
Securing Data and Minimizing Risk
FIELD: How can zero trust network access help secure organizational
data?
In advance of this event, ISMG’s Tom Field spoke about zero trust with
Zscaler’s Stan Lowe. Here is an excerpt of that conversation.
Understanding What Zero Trust Means for Business
Q&A WITH THE EXPERT
Chipp Witt
Understanding What Zero Trust Means for Business6
LOWE: A zero trust approach provides visibility and granular control
over user access to applications. Organizations can provide targeted
application access based on both the attributes of the end user - such
as group membership, role, department, possibly even location - and the
device they’re using to connect, i.e. managed or unmanaged, corporate
asset or BYOD, compliance status.
This reduces the attack surface by eliminating lateral movement,
removing the capability for network reconnaissance and scanning, and
making applications invisible, or “dark,” unless the user is authorized to
access them.
Know the Zero Trust Principles
FIELD: What are the key security tenets of zero trust network access?
LOWE: Users should not be on the corporate network. Which means:
Application access shouldn’t require network access; and policies should
be app-centric, not network IPs and ACLs
Apps should be invisible to unauthorized users: Not exposed to the
Internet; not exposed to unauthorized internal users; app access only
after authentication & policy checks.
App segmentation without network segmentation. This means user-to-
app connection, not endpoint-to-network; and traffic is carried in app-
specific microtunnels - no lateral movement
Protect the business
FIELD: What are some of the blindspots within organizations that can be
eliminated via zero trust?
LOWE: In a traditional enterprise network, endpoints are connected
directly to the network - either on-premise, or via a L3 IPsec VPN tunnel.
For on-premise users, it can be difficult to identify who is on your
network; for both cases, it can be difficult to identify what they are doing.
“The idea is essentially granting access after you done some form of validation, whether it be validation of the device, the individual’s identity, the access methodology, the sensitivity or the criticality of the data.” Stan Lowe, Zscaler
Understanding What Zero Trust Means for Business 7
Discover Shadow IT - Many organizations have unknowns apps running
in public cloud instances. If unprotected, this serves as an attack vector.
ZPA identifies Shadow IT, and allows teams to set granular controls for
them.
Visibility in user activity - ZPA provides granular visibility into which
users are accessing what applications, the path they are taking
through the Zscaler and enterprise environment to do so, and the user
experience involved. ZIA provides similar visibility into user access to
external applications, which traditionally required stacks of point-product
appliances inline to outbound traffic for on-premise user visibility, and
was difficult if not impossible to achieve for remote users accessing
Internet and SaaS apps.
Avoid Costs to the Business
FIELD: What are some of the cost savings that organizations can realize
by moving to a zero-trust model?
LOWE: They can reduce capital expense by eliminating the VPN
gateways - and reducing the corresponding infrastructure dependencies
like DMZ firewall, load balancer, global server load balancing
Also, they can reduce operational expense by centralizing configuration /
provisioning / visibility and eliminating multiple log streams, configuration
interfaces, backhaul across internal network, bandwidth consumption
between branch and datacenter / datacenter and IaaS/PaaS cloud
provider.
Finally, they can improve end user productivity via seamless, transparent,
direct access to applications.
How Zscaler is empowering businesses
FIELD: How is Zscaler helping customers make this transition?
LOWE: The move to is best suited with services born in the cloud.
Zscaler offers the following:
“Users should not be on the corporate network. Which means: Application access shouldn’t require network access; and policies should be app-centric.” Stan Lowe, Zscaler
Understanding What Zero Trust Means for Business8
A fully cloud-delivered service built for scale, availability and simplicity
A more seamless end user experience when access apps
Service initiated ZTNA architecture where apps and users are brokered
together, without network access
The ability to minimize the attack surface by discovering unknown apps
and masking known ones from the Internet
Enable key use cases including: VPN alternative, Third-party access,
Multi-Cloud access and Accelerate M&A and Divestitures
Also, ZPA solves pressing business problems today - remote access,
third-party access, app migration (datacenter consolidation, cloud
deployment), M&A or D&S acceleration - while building a foundation
for a strategic zero trust initiative that may play out over the upcoming
several years. n
Understanding What Zero Trust Means for Business 9
Notes
Understanding What Zero Trust Means for Business10
Notes
Understanding What Zero Trust Means for Business 11
902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information security
and risk management. Each of our 28 media properties provides education, research and news that is specifically
tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to
Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Our annual global Summit
series connects senior security professionals with industry thought leaders to find actionable solutions for pressing
cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]
CyberEd