The control points that CISOs were responsible for have largely disappeared so innovative CISOs have to deploy a risk-based security approach. And CIOs must move from thinking of their data center as the corporate epicenter, and admit that the Internet is their new corporate network.
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
The evolving CIO|CISO relationship
1. The evolving roles of CISOs and CIOs
Larry Biagini
Chief Technical Evangelist
Jason Georgi
Director, Transformation Office
2. Engage in the Discussion
• Type your questions into the chat box in the Webex
panel or email us at webcast@zscaler.com
• We’ll try to get to all questions during the Q&A
session. If we do not get to your question, we’ll make
sure to follow up afterwards
• At the end of the webcast – please let us know how
we did! By answering three questions, you will be
entered into a drawing for an Amazon Echo!
3. Jason Georgi
Jason Georgi
Head of the Value Management Office
• Jason has over 23 years of experience driving innovation
initiatives across global organizations
• He joined Zscaler two years ago after spending nine years
at GE, where he led GE’s Global Network Shared Services
• Jason is currently the Director of Zscaler's Transformation
Office. His office works with customers and partners to
understand the benefits of IT transformation in terms of
business outcomes.
Jason Georgi
Director,
Transformation Office
Zscaler
4. Larry Biagini
Jason Georgi
Head of the Value Management Office
• Larry Biagini recently retired as Vice President and Chief
Technology Officer of GE
• While at GE, Larry’s focus was on contemporizing
infrastructure, employee services and deploying cloud
technology enabling secure usage of those services by GE’s
employees, customers and partners
• At Zscaler, Larry helps customers and partners better plan and
execute their inevitable move towards expanding their use of
cloud services
Larry Biagini
Chief Technical Evangelist
5. Cloud: what’s all the fuss about?
enterprise decision-makers
who are building private clouds
enterprise decision-makers
procuring public cloud services
global public cloud market by
2020, up from $146B in 2017
Source: Forrester Research survey
38%
32%
$236B
6. Cloud adoption will accelerate…
Creating new opportunities and threats
The point is…
13. Transformation does not start in the data center
12
It starts with the organizational mindset of
doing business differently
14. What has to change?
CISO
• Shift from “security
and controls” to “risk
and enablement”
1
3
CIO
• Shift from technology-
first to business-first
CTO
• Shift from
architecting corporate
networks to
embracing the cloud
16. • It is a business discussion
around why unsanctioned apps are
being used
• Understanding the usage helps frame
the risk associated
• Is usage malicious or careless?
• Either way, do we have a data leakage
or exfiltration problem?
15
To keep from breaking new business processes and models, and be
compliant…change the conversation from ’CONTROL' to ’RISK'
CISO’s evolving mindset
21. Unmatched security – all
users, branches, and
devices
Consistent policy and
protection by design vs.
exception
Always up-to-date
No need to be patient zero
Consolidate point products
and simplify IT
Cloud-enabled network
Rapid deployment
Policy based Access for
Internal, Cloud and SaaS
No Capex, elastic
subscription fee
Reduced Opex, no box
management
Manage Security &
Compliance policy vs.
Technology
No yearly maintenance fee
Reduced MPLS costs
Higher productivity –
local breakouts
Prioritize business apps
Consistent User experience
Empowers users to leverage
cloud apps
Intelligent Peering for
SaaS/O365
Anywhere Access with ZPA
Fast Response Time
(End-Users)
Reduced Risk
(CISO)
IT Simplification
(CTO / IT Head)
Impressive Value
(CIO / CFO)
The foundation of a modern access and security architecture
26. Zscaler: A foundation for modern access and security
Access to the Internet & Apps1
SAML
Integratio
n
IDENTITY & ACCESS4
REPORTING & ANALYTICS6
Inbound & Outbound Gateway
BRANCH (SD-WAN)3
FW/IPS:
DDoS:
DATA CENTER PROTECTION2
MDM:
AV:
Encryption:
ENDPOINT PROTECTION5
27. (BROADBAND)
A three-step journey to cloud and mobility transformation
SECURE
Up-level your security
Enable secure SD-WAN / local Internet
breakouts – optimize backhaul.
Deliver a better and more secure
user experience.
TRANSFORM
Cloud-enable your network
SIMPLIFY
Remove point products
Phase out gateway appliances at
your own pace.
Reduce cost and
management overhead.
Make Zscaler your next hop
to the Internet.
Fast to deploy. No infrastructure
changes required.
28. Key Takeaways
27
• Move from IT and Security shops to digital enablers
• Speed is the new currency in the connected world, friction is unacceptable
• Legacy technology can and will hold you back, address it
• Realize work is an activity, not a place
• Get visibility into cloud services consumed by your users
• Legacy controls cannot keep you safe in the digital world
• Stop talking Security with your board, start talking about addressable risk
29. 28
Jason Georgi
Director, Transformation Office,
Zscaler
Learn more about transformation
Other Webcasts
Lessons for thriving - not just surviving - in the cloud
Jay Chaudhry - Zscaler & Frederik Janssen – Siemens
On Demand: zscaler.com/company/webcasts
Questions and next steps
Larry Biagini
Chief Technical Evangelist,
Zscaler
Cloud vs. On-Premises Security: Can you afford not to switch?
A review of the cost dimensions to consider when IT is making a strategic move to the cloud
On Demand: zscaler.com/company/webcasts
30. Create a frictionless experience
Protect your users from the Internet – Zscaler Internet Access
Protect your network from your users – Zscaler Private Access
Notas del editor
I appreciate you taking the time to meet with us today. We’re very excited to share some significant changes that are happening in the industry and provide some color around how and why a lot of our customers are transforming their enterprise IT through cloud enablement.
With Zscaler fully deployed, it provides a lot of value to all key users and stakeholders.
For users we deliver a fast user experience by eliminating the latency associated with stacks of appliances and backhaul.
From a risk perspective, there is no question on the value of protection our cloud delivers.
The shift to the cloud eliminates patch management, outage windows, and vendor end-of-life issues — allowing you to focus on more important things than updating boxes.
From a financial perspective, it’s all Opex and we can optimize MPLS spend.
So if you’re looking to either improve your overall security posture or secure your mobile worker, evaluating SD-WAN transformation to simply the branch and reduce costs, deploying Office 365 and/or migrating your apps from the data center to AWS or Azure, we can help.
We are often asked where exactly Zscaler fits and what do we replace appliance-based infrastructures.
First we very carefully select 1 of the 6 security areas where we want to play in the security ecosystem. Let me walk you through these 6 areas, because with 3,000 security vendors all trying to talk the same lingo it gets very confusing in terms of who does what. We categorized them into six buckets:
Access to the Internet and cloud applications through the outbound and inbound gateway we have been talking about. We deliver all this functionality.
Data center protection. We don't really fit into trying to protect your legacy data center. You still need traditional firewall boxes and DDoS protection. We believe a majority of apps will move to the cloud and this market will eventually go away. We do however, interoperate with these vendors to create a tunnel from your edge router or firewall to our cloud.
Intelligent routing of traffic around your branch. Internet traffic is routed locally, and data center traffic is routed over MPLS. SD-WAN is getting a lot of attention as companies like to minimize the hardware footprint in the branch and simplify management. Some are driving to the Internet-only branch. We are working with these vendors to make it a checkbox to route traffic to Zscaler.
Identity and access management. It becomes extremely important in today's mobile world. We work with Microsoft ADFS, Ping, and OKTA via a SAML integration.
Endpoints. Here you may use MDM for device management, doing endpoint encryption and running AV. The challenge with AV is that malware morphs so rapidly it can’t keep up with it. That’s why a lot of companies are moving away from signature-based AV.
Rich reporting through inline traffic inspection. This last area is an important one. All the logs files are correlated in real time, providing visibility into users, apps, and threats blocked within a minute or 2 for all users around the world. Many large companies want to correlate logs across firewalls, switches and Zscaler in their SIEM. We have the ability to stream logs to a SIEM via our Nanolog streaming service (NSS).
With Zscaler it’s simple to get started. In fact, we’ve cut over 40,000 in 1 weekend night and 160,000 users over 60 days.
All you need to do to make Zscaler your next hop to the Internet is to make Zscaler your default route. A number of customers did this to block threats that were going undetected by their current security appliances without making any policy changes. Some also start by securing their mobile workers, then migrating their office locations. This allows them to take their security from a 6 or 7 to a 9 or 9.5 out of 10. No one is perfect. One ZPA customer got started with one of the uses cases before replacing their entire VPN infrastructure.
The second phase of the journey involves phasing out security appliances to reduce cost and complexity. This can be done at your pace, but more often than not, this is typically shortly after or in tandem with starting to send traffic to Zscaler.
With Zscaler in place, the third phase of the journey is about routing traffic locally via Internet breakouts to Zscaler. By routing traffic locally companies can optimize their MPLS spend and deliver a more secure and better user experience. Office 365 has been a key accelerator for local breakouts as Microsoft now recommends routing traffic locally and doing local DNS. So users are connecting to the closest Office 365 pop and on their CDN Network as fast as possible. ExpressRoute is now only recommending for very specific use cases. Microsoft also cautions against hub-and spoke-architectures with centralized proxies for a variety of reasons.