Over the past few years, zero trust has shifted from a cybersecurity concept to an operational imperative. “You can’t talk about security without embracing zero trust,” said Nikesh Arora, CEO of Palo Alto Networks. And yet, despite its importance, IT leaders at many organizations have struggled to implement it in full. In fact, according to a global survey conducted by Palo Alto Networks, 98 percent of chief experience officers said they found implementing zero trust “challenging.”
Zero trust may be an ambitious goal, but experts at Palo Alto Ignite ’22 demonstrated why it’s critical to achieving a safe, secure business environment. “For zero trust to really work, it has to be comprehensive, which means implementing it at every layer of the organization. It's a full digital transformation,” said Palo Alto President BJ Jenkins.
On Dec. 13, Jenkins was joined in an afternoon keynote session by Palo Alto Chief Marketing Officer Zeynep Ozdemir and Scott Moser, senior vice president and CISO at Sabre. They described today’s threat landscape and outlined why zero trust can be difficult to deploy. After outlining the challenges, they presented new solutions.
Click the banner below to receive exclusive data analytics content when you register as an Insider.
The Difficulty of Deploying Zero Trust
One reason implementing zero trust is challenging is because “there’s no consistent playbook for organizations to follow,” said Ozdemir. As a result, each organization is left to its own devices to solve problems. “We know that executives are prioritizing zero trust because 68 percent of executives expect to increase cybersecurity budgets by 10 percent in the next year,” said Palo Alto Chief Product Officer Lee Klarich.
But for organizations to allocate those budgets appropriately, Ozdemir said, IT leaders must understand the top three challenges to implementing a zero-trust framework. These are:
1. Lack of internal expertise.
2. Not knowing where to start and how to prioritize.
3. Lack of qualified vendors with a complete, integrated solution.
For Palo Alto Founder and CTO Nir Zuk, it’s more about volume than expertise. “A human may have years of sophisticated experience, but if the threats are too big and the vulnerabilities are changing every second, it’s like trying to catch a moving target,” he said. Managing immense amounts of data also impacts prioritization. “The only way you can get to a place where cybersecurity is solid is to eliminate the noise and isolate the threat,” said Arora.
LEARN MORE: Discover how to build resilience into your company's business strategy.
Photo of Zeynep Ozdemir, Palo Alto Chief Marketing Officer. Courtesy of Palo Alto Networks.
What Does a Unified Zero Trust Solution Look Like?
Experts and executives both want a unified, integrated solution. But achieving comprehensive zero trust is complex and may involve a multiyear plan, said Klarich. Such a plan should include the following components:
1. Embrace integrated platform solutions that are emerging in the market.
Just this week, a zero-trust partnership was announced between Google Cloud and Palo Alto Networks. The partnership joins BeyondCorp Enterprise from Google Cloud with Prisma Access from Palo Alto to provide customers with the most comprehensive cloud-delivered zero-trust network access 2.0 solution, according to a Palo Alto press release. IT leaders can also improve their threat intelligence by embracing new tools like Prisma Cloud’s cloud infrastructure entitlement management CIEM integration with AWS Identity Center, also announced this week by Palo Alto Networks. This integration allows for the ingestion of data from IAM Identity Center and all AWS supported identity providers.
2. Track cybersecurity against ROI.
“For every investment in cybersecurity you make, trace that ROI,” Moser said. He said IT leaders should ask themselves whether they are deploying more tools, preventing more threats or training more staff. “If you’re not getting these outputs, then you have to redirect your funds,” he said. “Leaders need to be thinking this way to secure data and make money for their shareholders.”
3. Plan for AI-driven security operations centers to improve incident response.
In a separate keynote session Dec. 13, Arora asked Thomas Kurian, CEO of Google Cloud, how he’s thinking about AI-driven SOCs. Kurian said, “the future of cybersecurity must include tools to automate workflow and deeply integrate technology with threat intelligence.” A clip from this interview was played during the live session.
Comprehensive Zero Trust Requires an Integrated Platform Solution
Considering that 96 percent of the 1,300 global executives surveyed by Palo Alto Networks reported an incident in the past 12 months, it’s clear that “a well-integrated platform solution with automation is the best option,” said Moser. “It’s where the market is headed.”
Keep this page bookmarked for articles from the event, and follow us on Twitter at @BizTechMagazine and the official conference Twitter feed, @PALiveCommunity.