Zero trust is about more than security – it's the foundation for digital transformation

Several green locked padlocks surrounding one orange unlocked padlock
(Image credit: Getty Images)

Zero trust has transcended from being a mere industry buzzword to becoming a key facet in organizational approaches to digital transformation, according to Nathan Howe, VP of emerging technologies at Zscaler. 

READ MORE

Somebody typing at their computer with a digital padlock and other illustrations

(Image credit: Shutterstock)

Zero trust is the gold standard. but there are many common  pitfalls to avoid

Why zero trust strategies fail

Research from Zscaler shows that “most IT leaders already have a zero trust security strategy in place, or in planning”, yet fewer than one-quarter (22%) are confident of using it to its full potential. 

This, the organization warns, shows that businesses need to “widen their lens” to unlock the full benefits of zero trust

This security model now has far reaching applications, enabling firms to empower distributed workforces, tighten security, and provide vital insights into organizational efficiency

Unlocking the full potential of zero trust

Fundamentally, zero trust represents a paradigm shift away from virtual private network (VPN) and firewall-laden security practices, Howe says, which traditionally sees devices within an organization's network as being trustworthy. We’ve seen glaring issues in the long established ‘castle and moat’ approach in recent years, especially during the shift to remote and hybrid work practices with distributed workforces using devices in a range of locations. 

In conversation with
Nathan Howe, VP of emerging technologies at Zscaler
In conversation with
Nathan Howe

Howe has been part of Zscaler for more than six years, first as director for transformation strateg, then as field CTO, director and head of transformation strategy, and, in 2021, he was apppinted vice president for emerging technologies and 5G.

Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere

Meanwhile, the concept of zero trust centers firmly around the idea that no user can be trusted. Under this model, every user and device requires verification to access networks. 

Visibility, in this context, is key for an organization implementing zero trust, enabling them to have full control over who accesses networks, and on which device they do so. 

This model has been growing in popularity in recent years, with Gartner research showing it’s “top of mind for most organizations” and viewed as a key strategy to reduce cyber risk. By 2026, 10% of large enterprises will have what the consultancy describes as a “mature and measurable” zero trust program in place, up from less than 1% today. But enterprises, all too often, don’t fully understand the wide-reaching benefits, Howe says. 

RELATED RESOURCE

Digital image of a padlock within a circle

(Image credit: Dell)

PowerEdge - Cyber resilient infrastructure for a Zero Trust world

Learn how to build your own zero trust architecture and discover the recommended tools that will help you get there.

DOWNLOAD FOR FREE

“I think if a company can get to the point of understanding what zero trust is, then there are huge advantages,” he tells ITPro. “The advantage becomes extremely apparent in terms of no longer needing to think about what we can do in a networked world. I can do it anywhere.

“Zero trust is to not be anchored in any one place, it’s about enabling [IT] functions anywhere.” 

Visibility across the enterprise is key 

If implemented correctly, Howe says zero trust offers marked benefits to organizational visibility, and not just in a security context. 

With many companies operating hybrid work practices, there’s scope for IT teams to maintain a solid grasp of network activity while delivering broader operational flexibility.

READ MORE

A woman working on the edge of a cliff overlooking a beautiful lake

(Image credit: Getty)

From pub-working to lockdown drills, these businesses are pushing hybrid work arrangements to the limit

The organisations pushing hybrid work to new extremes

The model also offers a “competitive advantage in the hiring cycle” for firms embracing zero trust due to the ability to maintain flexible, distributed workforces.

“There is the flexibility to be anywhere, and knowing that the work you do will be protected, secure, and ensure that you’re doing the right thing,” he says. “Because the information and insights zero trust provides is so granular, we’re able to apply controls and ensure that staff aren’t downloading bad things or files because you’ve got controls in place.” 

Howe notes the network visibility afforded to organizations through zero trust allows them to “start making decisions about how to engage with employees based on where they are”. 

In a hybrid work environment, for home-based staff, IT teams can monitor traffic and gain vital insights on risk tolerance. They know remote workers are secure, and can carry out their duties without added risks. For those in the office, the insights gained through working trends can deliver broader benefits in terms of basic office utilities, working practices, and even insights that deliver energy efficiency improvements

WORKFORCE FLEXIBILITY

An array of colourful piggy banks laid out in a grid

(Image credit: Getty Images)

Howe points to a banking customer that used network activity insights to reach out to customers more directly. The firm realized it doesn’t need branches and, instead, could bring employees to cusotomers directly to meet and interact with them. “I can go to them and it changes the dynamics of the business." 

“So zero trust is not just a standard technological shift. But when a company properly looks at the benefits of those things, and what it actually enables, there are opportunities to rethink their own delivery of business as well.”

“You can start taking this information and granularity and apply it to the locations where you have offices. You can see how many people are on that site at any time accessing Salesforce, for example,” he explains.

“That insight gives you the ability to start making other business-related decisions, such as when you turn the power on or off, and other auxiliary aspects of the business because you see when people are there, you know they’re working. That granularity in zero trust has huge knock on effects, that we're only just scratching the surface on as an industry.”

At present, Howe says scores of businesses are “starting to think” about how zero trust can be applied more broadly and enable them to “be smarter” about how they distribute their workforces, glean insights into working patterns and productivity, and design office spaces. 

Exploiting emerging opportunities

Generative AI has, for the best part of a year now, been the talk of the town across the global technology landscape. Looking ahead, Howe says the emergence of generative AI tools should be a cause for excitement in the zero trust space. This topic was a hotly-discussed topic at the firm’s Zenith Live conference in Berlin in late June, with the technology’s applications being touted as a potential game changer for zero trust. 

READ MORE

An abstract illustration of a profile of a human face on a red and black starry cosmic background

(Image credit: Getty)

Want to put AI to practical use today? We’ve rounded up some top business tools from image generation to summarizing documents

11 amazing AI tools your business should try today

The sheer volume of data that passes through Zscaler’s security cloud every day – roughly 300 billion requests – means generative AI tools could play a key role in gleaning value from large quantities of data. In the long term, while this applied to security practices, there could be scope for closer integration of automated tools to further support digital transformation.

“I think we're at the tipping point where it's about to get really exciting with what we can do beyond just a normal enrichment platform,” Howe says. “Like, how can we help find more additional threats, have more refined authorizations, those sorts of things."

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.