Transforming IT with Zero Trust and AI

Zero trust transformation is not a straightforward, linear process. Modern CIOs and CISOs must navigate a complex balance between technological advancement and the need to simplify and secure IT environments. 

The explosion of AI and recent technological disruptions served as a wake-up call to many organizations to scrutinize their progress towards zero trust principles – for users, devices, and workloads. How can CIOs and CISOs take advantage of this momentum to accelerate their zero trust and AI-enabled transformation?

At the recent Seattle CIO and CISO Executive Summit, Jay Chaudhry, CEO, Chairman and Founder at Zscaler, Inc., led a session on how IT and security leaders can balance innovation and security with a zero trust approach. 

The session focused on how a zero trust approach to IT can help secure organizations’ resources reliably and cost-effectively, how to foster a cultural shift within the organization, ensuring employees and leadership understand and embrace zero trust principles, and how to manage the complexities of AI integration to create robust security frameworks.

Following the summit, Jay is sharing insights on the topic and why CIOs and CISOs can use this approach to their security today.
 

What was the central theme of your session?

Disruptive, transformative change is typically a once-in-a-decade occurrence. But zero trust and AI are two massively impactful developments with the power to change how we think about security and connectivity. It's therefore imperative that IT and security leaders understand and take advantage of them before cybercriminals do.
 

What are some of the challenges IT and security executives face in this area?

The attack techniques used by cybercriminals have remained the same for years. Broadly speaking, they follow a pattern of 1) discovering a target organization’s attack surface, 2) somehow compromising the organization, 3) moving laterally to identify the most sensitive information available, and 4) extracting that information for the purposes of extortion or for sale online.

As long as businesses continue to over-emphasize perimeter-based security, breaches will continue to happen. Instead, connecting users, workloads, and applications should be granted on a per-user, per-session basis based on carefully considered business policies. 

Inherent trust of the kind granted by VPNs and firewalls, which allow for unfettered lateral movement after an initial check, should be retired.”

Why is it critical for the Evanta CIO and CISO communities to have this conversation now?

Despite regular and substantial investment in cybersecurity, businesses continue to fall victim to damaging attacks. These are often a result of vulnerabilities ingrained in the security appliances designed to provide protection, such as VPNs and firewalls. A continued reliance on perimeter-based defenses will not only fail to secure organizations, but also continue to harm the user experience, hinder connectivity, and sap security budgets through the purchase of an unending line of point products.

Threat actors are already taking advantage of AI to discover exposed attack surfaces and craft more convincing pretexts for initial compromises. The same technology should be put to use by IT and security practitioners to more easily diagnose connectivity problems, address security gaps, and report on risk mitigation efforts.
 

What were some of the takeaways from the session?

1. Compromises occur once attackers have discovered the attack surface, find an avenue for compromise, move laterally through a network, and extract valuable data.
2. Zero trust is an established and effective paradigm for granting any-to-any access based on business policies, not networks.
3. AI is a powerful tool for enforcing policy and reducing security risks, such as misconfigurations that can otherwise lead to compromise. Organizations should quickly adopt AI-based defenses as threat actors are already using the technology to more easily compromise their targets.

Jay Chaudhry is an accomplished entrepreneur, having founded a series of successful technology companies, most recently, Zscaler. With his proven track record of developing trailblazing innovations that address the demands for securing the seamless exchange of information, Jay’s latest pioneering technology is the Zscaler Zero Trust Exchange, a fundamentally new approach to securing highly mobile employees and helping accelerate digital transformation. 

To learn more about zero trust and AI-enabled transformation and other key topics for CIOs and CISOs, join an Evanta community. If you are already a member, sign in to MyEvanta to explore opportunities to get together in person and exchange best practices with your IT and security peers.