Each year, by the end of the RSA Conference, it’s typical for teams to get together and discuss what they learned, who they met, significant keynotes, and which companies stood out (or were missing) in the massive exhibition halls. While I spent most of the week in meetings, I did get a chance to explore the exhibitors’ booths and, as I told my team, I was a little surprised by what I saw, and what I didn’t see.
I had hoped this year’s expo would be different from those in years past because cloud technology has evolved so much to change the way organizations conduct business and the way people and devices connect with data. As much as cloud technology has evolved, I thought we would be seeing a lot of innovation in cloud-delivered security and related services. I did see a lot of cloud-focused messaging and graphics, but I didn’t detect a lot of substance behind those messages.
I couldn’t help but empathize with the networking and security professionals walking the show floor. It can’t be easy to identify vendors with the right solutions to support your organization’s business goals while trying to make sense out of their nearly indistinguishable sales pitches. Is every single solution built on zero trust? Were they all built for the cloud? It would seem so if you took every message at face value.
Legacy vendors have to pivot to the new world of cloud and mobility, but it’s not a trivial undertaking. It means rearchitecting or re-engineering their products, and many of them are releasing stopgap products while developing (or acquiring) cloud-native technologies. This is what we are seeing with traditional hardware vendors offering their products via cloud services. Unfortunately, when vendors claim that these services are “cloud-native,” they are doing a disservice to their customers and potentially putting them at risk.
Gartner got it right with its new framework known as the secure access service edge (SASE). Today’s users are everywhere, applications are everywhere, and data is everywhere. That means security must be everywhere users need it to be, which requires a shift from network security at a data center’s edge to security-as-a-service.
SASE is a convergence of technologies that provide policy-based access that’s contextual and adaptive, meaning that it is constantly moving and changing along with dynamically changing user behavior. That kind of elasticity can only be achieved with a highly distributed, proxy-based cloud architecture. SASE combines cloud-delivered secure web gateway, CASB, zero trust network access (ZTNA), and firewall as a service. With all services delivered at the edge, users everywhere experience fast, secure connections. I believe that SASE represents the best example of security as a digital business enabler.
An example of an organization that has put the SASE model into practice is Fannie Mae. I had the pleasure of joining Fannie Mae’s CISO, Chris Porter, on stage at the CSA Summit on Monday. As we all know, the role of the CISO has evolved in the cloud era. It no longer ends with security—it starts there. Chris recognized this early on and has focused on making security a part of the business fabric so that IT decisions can instead focus on customer and user experience. I am proud that Zscaler has been a part of Fannie Mae’s digital transformation journey and I’m grateful that Chris shared his compelling story with the CSA Summit attendees.
The Zscaler architecture was built on the SASE concept. By separating user access and policy enforcement from the network, you eliminate the attack surface. This happens to have been our “theme” at RSAC, but it’s been our guiding principle since 2008. If you didn’t get to RSA but still want to learn what a true SASE platform looks like, read the Gartner report, “The Future of Network Security Is in the Cloud,” and attend an upcoming Gartner webinar with distinguished VP Gartner Analyst Neil MacDonald and Zscaler CSO Dr. Manoj Apte.
In closing, I’d like to thank our guests for the 1x1 meetings and the visitors who came to our booth. The many meetings and informal conversations we had throughout the week made this RSA Conference a memorable event and a rewarding experience for all of us.
Jay Chaudhry is the founder and CEO of Zscaler