Zero Trust

To impact Zscaler strategy, attend a CXO Exchange

Apr 25, 2024
Zscaler CXO Exchange | Nashville Zscaler CXO Exchange | Nashville

“I enjoy the opportunity to interface with Zscaler executives and play my own part in influencing the direction of the company roadmap.” - Brad Skibitzki, CISO, Zebra Technologies

As I reflect on the CXO Exchange that my team delivered last week in Nashville, I’m reminded of the real value in-person events can deliver. Exchanges are designed to be a forum for sharing ideas and that works best when we connect face-to-face. Building relationships with our customers allows us to learn more about the challenges they have and their transformation requirements, which in turn drives our product development and innovation.

By taking time out of their schedules to attend one of our exchanges, our customers ensure their voices are heard in shaping Zscaler’s strategic emphasis. They seize the opportunity to learn how other innovative CXOs are advancing IT and security within their companies and get the most out of the tools already at their disposal. In return, Zscaler puts its core value of customer obsession into action by mapping strategy onto customer needs. 

The story behind two strategic acquisitions

Perhaps nowhere is this better on display than in the opening keynote delivered by company Founder, CEO, and Chairman Jay Chaudhry. Always a reflection of the CXO community’s priorities, the Nashville edition of this talk covered the rationale behind the recent acquisitions of microsegmentation firm AirGap Networks and data fabric provider Avalor Security

Both companies reinforce core Zscaler competencies and help customers advance their transformation journeys toward true, holistic zero trust adoption in the face of threats like VPN-enabled breaches, state-sponsored APTs, and zero-day threats

In the case of AirGap, customers can rid their security stacks of the types of east/west firewalls and NAC appliances that can enable lateral movement. Disrupting this tactic favored by cybercriminals will further limit the blast radius of any successful intrusion and contain disastrous consequences, like the exfiltration of crown-jewel-class intellectual property or customer data. 

Jay emphasized that AirGap capabilities also enhance Zscaler’s ability to protect IoT and OT devices, furthering its commitment to bringing zero trust connectivity to users, workloads, devices, and branches. 

Zscaler CEO Jay Chaudhry onstage with Kellanova CISO Joe Mendel

CTO Syam Nair then explained how Avalor supplies additional data for ingestion by Zscaler AI models to bolster the company’s already formidable access to big data sets. Avalor correlates data from a range of popular applications to facilitate incident reporting, remediation, asset discovery, data classification, policy creation, and more. These capabilities are critical to ensuring Zscaler is not simply “hopping on the AI bandwagon” but rather using it to improve customer outcomes. 

As Syam likes to say, the real challenge is connecting, not collecting, big data sets. The Avalor acquisition reflects Zscaler’s commitment to capitalizing on AI as a security tool, not a hype cycle.

The road to digital transformation success

While at the Exchange, I had the pleasure of speaking with a trio of experienced transformational leaders who shared lessons learned through (in some cases multiple) zero trust transformations: Janet Heins, CISO at ChenMed; Stephen Rayda, EVP, Enterprise Shared Services Technology at Syneos Health; and Sharon Mandell, CIO at Juniper Networks.

From left to right: Sharon Mandell, Stephen Rayda, Janet Heins, and Kavitha Mariappan

I want to outline some of the most salient lessons I learned from the panelists because they resonate with much of what I’ve heard over the course of hundreds of discussions with CXOs.

In summary, they advised the following:

  • Pave the way. Before embarking on a digital transformation journey, ensure alignment between business leaders, IT, and security teams on core objectives. Secure digital transformations are meant to address financial, reputational, operational, and regulatory risks, so that stakeholders responsible for each bucket understand the rationale behind the initiative. Agreement on success metrics and KPIs helps keep key stakeholders moving in the right direction.
  • Simplify and streamline. Complexity is the enemy of security. “I’ll take one of everything,” though common, is not a viable approach to implementing cyber controls today. Digital transformation is an opportunity to eliminate technical debt and streamline IT operations. Start by framing digital transformation as a way to free up OpEx by eliminating point products and reducing the organization’s dependence on an ever-expanding lineup of boxes. Once you’ve demonstrated cost-consciousness, you’re more likely to be given the freedom to re-invest savings into security. 
  • Insist on secure by design. Given the prominence and potential damage of cyber incidents today, security as bolt-on functionality is dangerously outdated. Whether you are a CTO, CIO, or CISO, security should be a starting point, not an afterthought. All initiatives should be designed with the organization’s risk tolerance in mind. While this is true today, it will only grow in importance in the near future as more organizations put a magnifying glass up to their supply chains and governments demand this mindset from their contractors.  
  • Treat users as allies, not adversaries. Nothing undermines security faster than a frustrated user base impeded by poor user experience. While security is meant to frustrate threat actors, too often today, it ends up frustrating the employees behind the keyboard. User experience monitoring is essential for ensuring that users are beneficiaries of secure digital transformation, not victims. When IT teams have the tools to intelligently approach disruptions, provide actionable advice on resolution, and even proactively diagnose problems, users see support teams as indispensable allies. 

Be a part of the solution

So many topics are covered throughout a CXO Exchange, more than I could hope to cover in a single post. Additional insights from product leaders and customer executives will continue to hit CXO REvolutionaries regularly, but if you are interested in a truly insider look into the company’s direction, topics of interest for current customers, and industry trends worth investigating, I encourage you to join Zscaler’s dedicated CXO track tailored for executives at our upcoming flagship user event, Zenith Live