security as a catalyst for digital transformation...corporate network. security architectures must...
TRANSCRIPT
Agenda6:00 – 6:30 p.m.
Registration, Networking & Cocktails
6:30 – 6:45 p.m.
Introductions and Opening Remarks
• Nick Holland, Director, Banking and Payments, Information Security Media Group• Chandra Olson, CISO, Americas, Zscaler
6:45 – 8:30 p.m.
Roundtable Discussion
8:30 p.m.
Program Concludes
Security as a Catalyst for Digital Transformation
ISMG SECURITY EXECUTIVE ROUNDTABLEsponsored by Zscaler
Introduction
Digital transformation: It’s the present and future of business, as
enterprises adapt to work at the speed and convenience of new
demands.
But as applications move to the cloud and employees, partners and customers interact outside the
traditional perimeter, what proactive role should security play? How can security leaders avoid being
obstacles and actually become catalysts for change – partners and trusted counsel to the business?
If you’re looking for new answers to these questions, then welcome to this exclusive executive
roundtable on Security as a Catalyst for Digital Transformation.
Guided by insight from Chandra Olson, CISO Americas at Zscaler, this invitation-only luncheon will draw
from the experiences of the attendees, offering thoughts on how they have been able to ensure that
their security organizations play a productive role in their enterprises’ digital transformations.
Among the discussion topics:
• Where is your organization in its own digital transformation, and what role does security currently play?
• What role do you want security to play, and what’s the roadmap to get there?
• What are some best-practice security strategies to adopt as your enterprise moves to the cloud?
You’ll have the opportunity to discuss the topic with a handful of senior executives and market leaders in
an informal, closed-door setting, from which you will emerge with new strategies and solutions you can
immediately put to work.
Security as a Catalyst for Digital Transformation 2
Discussion Points
Among the questions to be presented for open discourse:
• Where is your organization in its own digital transformation: on the road; just getting started; still
parked in the garage?
• What role does security play in your organization’s digital transformation?
• What role do you want security to play?
• What are your biggest obstacles to getting a more prominent role for security?
• What investments will you make in the coming year to ensure a secure digital transformation?
Security as a Catalyst for Digital Transformation 3
About the ExpertJoining our discussion today, to share the latest insights and
case studies is:
Chandra Olson
Americas CISO Zscaler
Chandra Olson is an accomplished leader with 20+ years of experience in helping companies increase
business value and outcomes through innovative solutions and technology enablement. In senior
leadership roles she has led strategy, digital transformation, cybersecurity, emerging technology,
portfolio/program management, architecture, engineering, operations, and governance. As a Certified
Enterprise Architect, CCSK, CISSP, ITIL, MCTS, and PMP, Olson has transformed security and technology
services in highly regulated Fortune 500 organizations, increasing competitive advantage while
reducing risk and operational expenses. Her cross-industry experience includes financial services,
defense, and manufacturing.
About Zscaler
Zscaler (NASDAQ: ZS) enables the world’s leading organizations to securely transform their networks
and applications for a mobile and cloud-first world. Its flagship services, Zscaler Internet Access™ and
Zscaler Private Access™, create fast, secure connections between users and applications, regardless of
device, location, or network. Zscaler services are 100 percent cloud-delivered and offer the simplicity,
enhanced security, and improved user experience that traditional appliances are unable to match. Used
in more than 185 countries, Zscaler operates a multi-tenant distributed cloud security platform, protecting
thousands of customers from cyberattacks and data loss. Learn more at zscaler.com or follow us on
Twitter @zscaler.
Learn more at www.zscaler.com.
Security as a Catalyst for Digital Transformation 4
About the ModeratorLeading our discussion today is:
Nick Holland
Director, Banking and PaymentsInformation Security Media Group
Holland, an experienced security analyst, has spent the last decade focusing on the intersection of digital
banking, payments and security technologies. He has spoken at a variety of conferences and events,
including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by The
Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine, The
Economist and the Financial Times. He holds an MSc degree in information systems management from
the University of Stirling, Scotland.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to
information security and risk management. Each of our 28 media properties provides education, research
and news that is specifically tailored to key vertical sectors including banking, healthcare and the public
sector; geographies from North America to Southeast Asia; and topics such as data breach prevention,
cyber risk assessment and fraud. Our annual global summit series connects senior security professionals
with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.
For more information, visit www.ismg.io.
Security as a Catalyst for Digital Transformation 5
NOTE: In advance of this event, ISMG’s Nick Holland spoke about
security and digital transformation with Zscaler’s Chandra Olson.
Here is an excerpt of that conversation.
State of the Union
NICK HOLLAND: What do you see as the “state of the union” for
security organizations and their enterprises’ digital transformations?
CHANDRA OLSON: CISOs in the last decade have transitioned from
the back room to the board room. Many are now directly reporting
to the CEO, COO or other top C-level business leadership. CISOs
helping drive secure enterprise digital transformation are doing
so because they see that cybersecurity has a significant impact
on enabling organizations to achieve their business goals and are
viewed as a business enabler and partner. They have modified
their security organization strategy from a controls-based approach
to a risk-based approach and are proactively addressing the
opportunities and challenges that arise as data and employees
move outside the traditional enterprise perimeter.
Security’s Missed Opportunity
HOLLAND: Where does security often come up short?
OLSON: This varies by organization, but one consistent area where
many organizations come up short is in terms of secure access.
Many attacks today involve compromised user credentials, and
many enterprises still only require a single factor for website,
network, and even server access. Once an attacker is on a
corporate network in many organizations, escalation of privilege
and lateral movement is not difficult as there is still way too much
“trust” inherent with today’s corporate networks. Much of the
security spend today is still placed on fortifying a perimeter, while
the focus should be on protecting secure access directly to the data
regardless of where it resides.
To Be a Catalyst
HOLLAND: Where are security’s opportunities to truly be catalysts?
OLSON: First start with understanding the business priorities and
speaking the language of the business. Years ago, security was
primarily focused on consistency of standards and compliance
with control checklists regardless of the value of the data being
protected. Today with unsanctioned apps proliferating due to SaaS,
users expecting consumer technology capabilities in the work
place, and data breaches in the daily news, security strategy must
focus on risk based security. It is important that security become
more agile to address the pace of organizational change and focus
their resources on data protection proportionate to the value of the
data. Next, as applications move out of data centers to the cloud
and users are working from anywhere, the corporate networks
must evolve. And for the network to evolve, security must be in
place. Considering the internet is the "network" used for all of these
cloud and SaaS applications, it is becoming part of or entirely the
corporate network. Security architectures must evolve to confront
and enable this reality.
CONTEXT
Security as a Catalyst for Digital TransformationQ&A with Zscaler's CISO Americas
Chandra Olson
“Much of the security spend today is still placed on fortifying the perimeter, while the focus should be on protecting secure access directly to the data regardless of where it resides.”
Security as a Catalyst for Digital Transformation 6
Must-Have Tools, Skills
HOLLAND: What are the tools and skills necessary to help enable this transformation?
OLSON: Tools and skills go hand-in-hand, and the security team should be fluent in remote
user and cloud security. However, it's really about approach. Realizing that the primary
means of control for the last 20+ years was based on being on the network and that must
change is the first part. Next, just look at user working behavior. What services are they
accessing, when and from where? A draconian approach to turning things off and forcing
users inside may be good for security, but it will ultimately slow things down, which is bad for
business. User-centric control and an internet-based security strategy are fundamental.
The Right Questions
HOLLAND: What are the questions security leaders need to ask to assess where they are –
and what they need to move forward?
OLSON:
• If you try to protect everything, you protect nothing. With this in mind, where is our most
critical data and how are you protecting it?
• You can't address what you can't see. Do we have full visibility into the services your users
consume?
• What is the cloud strategy? How much of what we are doing can be done in the cloud?
• How will our current security stack enable the movement of applications and services to
the cloud?
• If we had no network to control for providing access to services, how would we implement
security?
Zscaler’s Role
HOLLAND: How is Zscaler helping security organizations lead their enterprises in digital
transformation?
OLSON: Zscaler was born 10 years ago out of a vision that is today's reality. The shift
of applications and workloads from data centers to cloud services was inevitable. With
this reality, Zscaler has been uniquely positioned as an enabler of digital transformation
by helping organizations transform their networks from hub-and-spoke to cloud-ready.
This means the user experience is vastly improved and the security doesn’t have to be
compromised. Enabling organizations to take a more direct-to-cloud approach means less
dependence on traditional network architectures.
Additionally, Zscaler helps lay the foundation for zero trust by allowing organizations to
remove employees, contractors, third parties and acquisition targets off of the corporate
network, by leveraging user-centric security (via software-defined perimeter). Zscaler's
approach to security has helped some of the largest companies in the world, like GE,
Siemens, and Abbott Labs, to realize their transformation journey. n
“User-centric control and internet-based security strategy are fundamental.”
Security as a Catalyst for Digital Transformation 7
Notes
Security as a Catalyst for Digital Transformation 8
Notes
Security as a Catalyst for Digital Transformation 9
902 Carnegie Center • Princeton, NJ • 08540 • www.ismgcorp.com
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information
security and risk management. Each of our 28 media properties provides education, research and news that is
specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from
North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud.
Our annual global Summit series connects senior security professionals with industry thought leaders to find
actionable solutions for pressing cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]
CyberEd