Intelligent CISO Issue 52 | Page 53

Once we had that improved visibility , the second element was protection .
When you overcommunicate and explain the ‘ why ’, then people can get on board . This is what ’ s worked for us thus far and will hopefully continue to work into the future .
COVER STORY

Once we had that improved visibility , the second element was protection .

Instead , we only give access to what one needs , when one needs it for as long as it ’ s needed . I ’ m not saying we ’ re there yet by any means , but that ’ s the journey we ’ re on – to really give very explicit access only to the user , only to where they need and only for how long they need it . And then when they ’ re done with that access , we can easily remove it .
What are your plans for implementing Zscaler for your
SSE framework and how will this allow you to provide 17,000 employees secure access to IT and OT systems ?
We started our Zero Trust , SSE journey with Zscaler Internet Access by pushing out the lightweight agent , ZCC ( Zscaler Client Connector ) to all of our workstations . By deploying the agent on every system , we protect our users no matter where they are – whether they ’ re in our factory , whether they ’ re in one of our corporate offices , or whether they ’ re working from home . When we pushed the agent out , we also implemented strong policies around authentication , which means if you don ’ t authenticate , you cannot get access to the Internet . That ’ s because we want to know who ’ s going to where , who ’ s logging onto the Internet , what website they ’ re going to , so we can enforce those policies as well . We don ’ t want a person going to ‘ X ’ type of site based on the policies we establish , not because we ’ re trying to stop people from being productive , we just need to know where they ’ re going and what they ’ re going there for .
ZCC was the first step , which we strictly enforce – you can ’ t get to the Internet if you don ’ t authenticate . Now , this may sound like it could create a problem if your helpdesk ticketing system is an SaaS solution . However , Zscaler also allows us to provide exceptions to our polices , such as allowing users to still send emails to the helpdesk , or log on to the ticketing system , to say ‘ my Internet ’ s not working . Can you help me troubleshoot my Internet ?’. Users can still chat , they can still email the helpdesk and they can still reach out . Meaning , it ’ s not black and white – there are still ways for us to add exceptions even with strict policy enforcement .
The next logical step for us , once we pushed out the ZCC with the Internet access , was access to our private applications . So how do I put that secure framework in place ? Granular controls and replacing the traditional VPN client . Zscaler Private Access is now going to be able to give us that seamless access , which we ’ re pushing out based on region . We ’ ve already pushed it out

When you overcommunicate and explain the ‘ why ’, then people can get on board . This is what ’ s worked for us thus far and will hopefully continue to work into the future .

to one of our regions and eliminated the traditional VPN client . Users who are authenticated by the ZCC agent on their system can now log on to internal applications without the need for the traditional VPN client . Whether that ’ s going to our ERP or whether that ’ s going to our company Intranet , all of it is seamless . We also have profiles and policies assigned to those profiles , for finance , HR and for our IT team too .
Next on our list will be deploying Zscaler Digital Experience to assist us with identifying issues more rapidly and resolving them quickly so our users can focus on their jobs .
What advice would you give to those starting out on their journey to achieving more robust and resilient cybersecurity ?
First and foremost ; go slow . Don ’ t try to do everything at once . Don ’ t try to force it upon the business . Talk to the business , to your stakeholders , to your executives and find out what the tolerance is for change . Then overcommunicate – ‘ this is what we ’ re doing , this is why we ’ re doing it , these are the business benefits we ’ re going to get ’.
When you over-communicate and explain the ‘ why ’, then people can get on board . This is what ’ s worked for us thus far and will hopefully continue to work into the future . u www . intelligentciso . com
53