Neil Thacker , EMEA and LATAM CISO for Netskope
What is your best practice approach for organisations keen to undergo a security transformation ?
Define requirements and think three to five years ahead .
It ’ s about looking at SSE , consolidating where possible , understanding where you have gaps or legacy technology in place and building a replacement strategy .
How can teams ensure security does not compete with productivity during this process ?
Transition smart , work with the business , run open workshops , involve relevant teams and look to migrate without causing disruption .
improvement and day to day security management . That ’ s the first approach .
The second could be found in an organisation that has a zero trust initiative and is looking to move away from a reliance on a VPN . In these situations , it ’ s looking at a VPN replacement or a zero trust network access ( ZTNA ) capability that returns control and allows access to on-premise or legacy apps , without having to rely on a VPN .
How does this approach bridge the gap between security and business functions ?
We ’ ve seen new use cases being created from the additional visibility that organisations get when they start more effectively managing web and cloud services . Security teams can offer insights and share this information with a procurement team , for example , and can ensure that their purchase of cloud apps and infrastructure goes through the correct methods , using marketplaces . The benefit of this is when you purchase through a marketplace , you ’ re enrolled in a reward scheme .
One organisation we worked with estimated its savings would be more than 30 % of its annual spend on cloud services – considering that annual spend was an eightfigure number that ’ s a huge saving .
This helps from an organisation perspective marrying the need between good security ; reducing risks ; better user experience ; better control ; better capability ; but also sharing visibility with business functions ; streamlining processes and reducing the overall spend on cloud .
Also , really understand the requirements and that it ’ s not always necessary to replicate many of the policies and controls you have with legacy when moving to SSE . It can often be a fresh start .
There may be a compliance requirement you have to meet , but it gives the organisation opportunities to mature its security programme , the way that it conducts business and how it onboards new services as well .
What results can organisations expect based on real experience ?
We worked with a top 10 global bank whose goals were to move from VPN to zero trust network access and to eventually move more of its controls to SSE . Many employees were going direct to net without having to go through security control and that was highlighted as an immediate concern . The company looked at what it had and realised its VPN concentrators were not capable of managing that traffic , so it moved to ZTNA , based on the employees it had , not on the traffic profile . There were huge savings made .
A well-known retailer , with 30,000 stores across the globe , was using several Microsoft services but struggled with some of the inline controls . It still had security appliances in every store and by moving to Netskope and looking at SSE architecture , it was able to remove CAPEX spend on appliances in every store . The company also looked at savings around subscription costs – it no longer requires many of them because the move to SSE gave the organisation much better performing access to its public cloud infrastructure . So , there was a cost-saving as well as a performance increase . p
84 INTELLIGENTCIO MIDDLE EAST www . intelligentcio . com