Maybe it’s because CrowdStrike, Okta, and Zscaler all have cloud-based cyber security solutions and support zero trust principles, a common misconception is that the three companies are competitors. But the opposite is the case. Zero trust is not a single-vendor solution. Instead, it’s an approach to a problem. Our customers look to our ecosystem of partners to deliver a comprehensive zero trust strategy.
This week I had the pleasure of moderating a panel at Chicagoland’s beautiful Medinah Country Club, featuring a star-studded panel composed of Alvina Antar, CIO at Okta; Steve McMahon, CIO at CrowdStrike; and, Tony Jaroszewski, director of sales engineering at AHEAD. We were lucky to be joined by a group of engaged CXOs from across industry verticals in the Midwest.
Throughout this conversation, it became apparent that the ecosystem analogy is apt in more ways than one. Like in a biological ecosystem, AHEAD, Crowdstrike, Okta, and Zscaler have differentiated zero trust “niches” that allow them to make for a healthier whole.
Maximizing scarce resources
Part of the confusion surrounding the term “zero trust” is that it is applied to several (often complimentary) disciplines. After the mandatory acknowledgment that the term has been misused, abused, and exused, our panel got down to discussing what makes up a functioning ecosystem – a “pragmatic” framework, as AHEAD’s Jaroszewski called it.
During introductions, McMahon emphasized the importance of ensuring all three products “play nice in the sandbox.” We described how Okta as an identity provider, CrowdStrike as an endpoint security provider, and Zscaler as a network security provider not only don’t fish from the same waters but make for healthier seas by complementing each other’s core competencies.
One way vendors do this, the panel agreed, is by facilitating integrations between the different platforms. Interoperability prevents vendor lock-in, a key concern for McMahon at CrowdStrike. This interoperability is crucial for companies trying to build a best-of-breed ecosystem of zero trust-adherent solutions.
“You can’t handle identity when you’re locked into one system,” Okta’s Antar agreed.
Our macroeconomic moment is also driving the need for vendor solutions to be more complementary. As with natural ecosystems, we have limited resources in IT and cybersecurity departments. Efficiency and software rationalization drive decision-making at cash-strapped organizations – and to some degree at all organizations.
"I don't have an unlimited budget to go hire thousands of people to put hands and eyes on all security signals," said McMahon. "Those tools have to be intelligent."
High-growth companies are especially susceptible to software sprawl as a result of organically expanding toolsets, Antar pointed out. In turn, they suffer higher operating costs and talent shortages while facing tasks like monitoring an endless stream of dashboards. So tools by companies like Okta, which measure app usage by tracking accessing requests, can be instrumental in helping to manage costs incurred by software sprawl.
When paired with capabilities like those from Zscaler, admins can determine how often an app is accessed, how many unauthorized access requests are made, and what duplicative or competitive sanctioned services are being used by the business. Here is where the integration begins to provide invaluable, actionable insights for both CIOs and CISOs.
“For a security company, shadow IT is an existential threat,” McMahon said.
He went on to explain how shadow IT is a core concern for CXOs because if an improperly configured device enables a breach, no one will investigate which department was using which unsanctioned tool and blame the users. Boards will simply fire the CISO. I’ve long believed that shadow IT puts a CISO in an untenable position where risk is unseen, unmanaged, and unmitigated due to its potential pervasiveness.
Provisioning both Okta and Zscaler allows the CIO to decide which tools to provide by monitoring app access and the CISO to combat shadow IT by monitoring web traffic. Meanwhile, the CFO's life is made easier by the savings recouped from de-provisioning excess licenses on underused tools or discontinuing their use altogether. This example is a single use case for a single function, but it illustrates the potential of integrations based on shared zero trust principles.
As another example, McMahon said CrowdStrike had purchased a SIEM and logging tool with the intent of integrating it into the company’s Falcon platform. The goal was to natively write rules and automate responses to reduce the burden on security tools.
"To do that, you have to be open to many different technologies and many different platforms from many different vendors. That requires a very open approach."
Marrying myriad functions
For Jaroszewski at AHEAD, this is where the business of playing “marriage counselor” between teams begins. As a systems integrator, his teams ensure that cloud architecture, networking, and security are all involved and understand how a zero trust ecosystem relates to each job function.
"If you look at zero trust as a format, there are a lot of different pillars there. So, when I workshop with a customer, I want the security team there. I want the infrastructure team there. I want the cloud team there. I want the GRC team there."
That, he says, is how to drive buy-in for zero trust.
Zscaler, CrowdStrike, and Okta form a foundational zero trust ecosystem for organizations to build upon by focusing on applications, devices, and identities, respectively. Partners like AHEAD are instrumental in helping ecosystem adopters accelerate their digital transformations to achieve the benefits quickly and seamlessly.
It is, as the panelists said time and again, an ecosystem that best functions intact, and from my past experience served as my triarchy of transformational change to enable digital business.
What to read next
SSE solution series: the power of 3rd-party ecosystem integration