Transitioning to zero trust may be less taxing on the knees than completing the Tour du Mont Blanc in under 20 hours, and require less balance than shooting Hawaii's Bonzai Pipeline on the way to a podium at Vans Pipe Masters surf competition. But all require weighing risks, rising to the occasion, and having the vision to break conventions.
As one of the leading collections of lifestyle brands in the business, VF Corporation enables boundary-pushers of all stripes. Whether their pursuits lead them to summits or the surf, our products enable innovators and dreamers to achieve peak performance.
Being the CISO of VF Corporation and an adventure and super sport touring motorcyclist, I can’t help but see the parallels between adventure athletes and pioneering CISOs leading their organizations into the zero-trust future. The adoption of any new technology paradigm requires a clear-eyed and calculated evaluation of risks versus rewards – of the dangers of standing pat versus the reward of avoiding growing pains.
Deciding whether you can (or should) outpace the pack and lead, be a fast follower while waiting for the right time to edge out the competition, or hang with the pack and learn from others before making your move depends on understanding a lot of different factors. To be an effective leader, you must ensure you are assessing, managing, and accepting a risk level appropriate to your unique situation.
Innovation and the fear of “breaking things”
It’s common when doing something new to encounter doubters and hang-ups, especially when rethinking archetypes as entrenched as hub-and-spoke networks and castle-and-moat security. Innovation requires action, and action can be risky even if everything proceeds according to plan.
Significant changes can disrupt operations, irritate users, or impact normal functions. This aversion to “breaking things” is a major barrier to digital transformation within many organizations. It’s why, for many IT teams, there’s something inherently appealing about the status quo.
Whereas pro skiers, surfers, and skaters earn their living by pushing boundaries and taking risks, some IT departments won’t tolerate anything else than five 9s. Transformational leaders, on the other hand, recognize the danger in inaction. Adversaries have developed reliable strategies for breaching legacy network architectures and, despite millions of dollars invested in cybersecurity solutions, many enterprises still feel vulnerable to cybercrime.
Now, just as any extreme sports athlete will tell you that their job involves managing risk, top CISOs say much the same. Before leading my first zero trust transition, I spoke with numerous technical experts, vendors’ customers, and colleagues. When I was finally ready to implement, I ran a smaller pilot program to monitor for disruptions before going organization-wide. As with any technology overhaul, I made sure my teams had rollback plans in place, made changes when the least amount of users would be affected, and never started with critical assets.
Just like motorcyclists wear protective gear on a ride and climbers plan summit pushes for when conditions are favorable, CISOs must manage risks without being paralyzed by the fear that change will inevitably result in catastrophe.
No unsupported journeys: Teamwork and communication are key
It’s no accident that adventure athletes often stress the value of close teamwork and strong partnerships. In many endurance sports, “unsupported” feats – like the marathon stage of one of the world’s most challenging motorcycle races, the Dakar Rally – are often considered the most difficult because they must be completed alone, without assistance from a team.
Luckily, in the business world, we rarely need to undergo such serious challenges unsupported. Transformation doesn’t happen in a vacuum. Both inside and outside of the organization, your goals – what you might call your checkered flag – must be as clearly defined as your plan for getting there. It’s important IT leaders are aware of how their efforts will benefit the entity at large.
Because true zero trust combines a number of disciplines including identity access management, EDR/XDR, SecOps, and more, it also requires an ecosystem of partners. But, as with any expedition, these partners must be chosen carefully to ensure the core principles of all parties involved are aligned.
At VF Corporation, our purpose statement maintains that “We power movements of sustainable and active lifestyles for the betterment of people and the planet.” So when we see a zero trust solution vendor like Zscaler has pledged to become a net zero carbon emitter by 2025, I see it as an indication we’re on the same page.
The point is, all parties must agree on both the destination and how to get there before setting out.
Manage risk, reap rewards
In the case of zero trust, taking the calculated risk of overhauling your IT environment from decades-old ways of thinking can lead to an improved user experience, better protection from threats, and enhanced network performance.
The appetite for transformation has to be organization-wide. It takes a team of leaders with innovative mindsets and a healthy tolerance for calculated risk. Whether you’re setting out for a long ride on a sport touring bike, climbing a peak, or overhauling a legacy network in favor of zero trust architecture, it pays to keep this in mind.
What to read next
Embracing a New Security Architecture for Access to Internet and SaaS Applications
Stop trying to make firewalls happen: What IT can learn from Tesla about disrupting the status quo