Intelligent CISO Issue 50 - Page 69

decrypting myths being in that ‘ grey ’ area . Not forcing the old school block or allow scenario , but instead enabling the business .
Through technology such as CASB we can identify applications via shadow IT discovery . We can track these and decide whether there are risks associated and , if so , whether it should be blocked or allowed but brought under IT ’ s preview .
Forcepoint ONE allows things like discovery of an application , movement into a control plane perspective and then also from a security posture benefit perspective .
Zero Trust Network Access ( ZTNA ), specifically , is a way to provide access to a corporate file store or application to specific individuals . This could be a contractor or a partner that you ’ re working with , allowing use of that application while providing security around it .
How does Forcepoint ONE offer a simple path to a Zero Trust architecture ?
The simplest path to Zero Trust is to not just permit certain things but continue to inspect them . Technologywise , you might block a malware site straight up and not allow connectivity , or you could allow movement of data to something that is managed or maybe unknown and unsanctioned at that point in time but inspect what ’ s going on .
It will sit in the path of traffic for an application with a proxy – that can be a reverse proxy or agentless , for example . Configurability wise , there are also connectors into apps with APIs .
Hybrid work exacerbates the need for Zero Trust . Not only are there standard devices being used outside of the office , there are also mobiles and iPads so it ’ s difficult to be able to trust any of these .
If I was on a business trip , connected to Wi-Fi in a coffee shop , there is a point for exfiltration and for vulnerabilities to be exploited . This really is about knowing who the person is , allowing access to the things they ’ re supposed to have access to , but then controlling what they do with the data they work with every day .
How does the platform simplify security while ensuring scalability and performance ?
The platform is built out on top of different hyperscalers , such as AWS . We provide this global network of connectivity and access to applications , while still providing security and control .
There ’ s actually more than 300 points of presence that exist today in that network from a connectivity perspective . Because it is not built on a strict , rigid model , we can scale up and down on the fly which means there ’ s no need to purchase finite resources – it just happens automatically .
Similarly , if a new customer comes on board on a shared multi-tenant service and they have 100,000 or more users , we don ’ t want that to affect another customer ’ s ability to protect their applications .
Regardless of the other tenants that are in the environment , we ’ re able to provide control and that sets Forcepoint ONE apart from many other technologies in the SASE and SSE Magic QuaDrant spaces .
How do you plan to work with customers to make sure their journey to a converged security strategy is a success ?
I think this is key and is what differentiates Forcepoint and the platform in general . We have professional services and deployment engineers who help and guide people but what really is needed is a ‘ holding your hand ’ type approach .
We have common guidelines and best practices for what security you might want to apply such as controlling access to sanctioned SaaS applications but disallowing the upload of sensitive data which might be a customer list to a personal account . Blocking those threats on the fly is key .
There are many different options , but the journey starts with realising what ’ s possible and , as I ’ ve outlined , there are many different options that can be enabled as it ’ s really flexible .
What does the future hold for Forcepoint ONE and how do you see it evolving as part of your commitment to your customers ?
Forcepoint ONE was launched in February of this year . It ’ s built upon some technologies that have been acquired over the years and is an extension of Bitglass , which was a CASB and SSE provider , providing ZTNA and secure gateway .
Prior to that , Forcepoint had a rich portfolio and there are some other acquisitions that occurred too , constantly growing the capabilities .
When this happens , you can sometimes end up with a portfolio approach rather than a platform but with Forcepoint ONE , it is all about providing these services in a platform .
We ’ ve integrated everything into one place so you ’ re not switching between management consoles – you ’ re natively using one for centralised configurations , reporting and blocking threats , regardless of where your users are .
Evolution-wise , we continue to see this extension of these broad capabilities and expansion inside the portfolio . u www . intelligentciso . com
69