Lendlease and Probe CX shared insights into how their cybersecurity postures have evolved and the benefits of zero trust at ZScaler's Zenith Live in Sydney yesterday.
Lendlease's chief software architect Ciaran Hennessy spoke about the changes to the company's cybersecurity posture necessitated by transitioning its workforce to a hybrid model.
"We didn't really have a very robust methodology into anything outside our physical places. So when COVID hit, and we had to switch out 10,000 employees from these places that were highly secure, all of our IT services were designed just for those placements," Hennessy said.
"It was pretty frightening for our IT guys, because I had to literally do four or five years worth of planning in weeks."
"At that time, we had a traditional VPN infrastructure. We discovered straightaway that just wasn't going to cut it."
"So we were already using Zscaler to manage our security around web traffic."
"Because we had that initial foundation, it was actually quite easy for us to go; 'let's just get rid of our existing VPN infrastructure, and now let's start to spread the end points outside of the office.'"
Leaders shifting to proactive approach
Customer experience firm Probe CX's chief technology officer Rohan Khanna spoke about the cybersecurity mindset shift of the company's leaders since transitioning to a hybrid model.
"I think everything in our security landscape is significantly different since COVID hit, we're doing so many different things. And I think three things that I'll call out that are significantly different in my opinion; executives see it as a reasonable foreseeable risk to have a cyber incident now than we did," Khanna said.
"So we're moving to preparedness, we're talking about building simulations, instead of planning responses."
"Medibank and Optus have taught us about data being the crown jewel within the organisations, and ensuring we're actually doing more to protect our data than we've done in the past."
Khanna outlined the proactive measures Probe CX is taking to help reduce its cybersecurity risk.
"I think for us, when we think about it, we're not doing things too differently, because managing security is all about a risk based framework."
"So our framework has actually remained the same. The one thing that we're significantly talking about is being cyber aware for our staff," Khanna said.
"So just an example, with all of our big meetings...the first two minutes are spent with a volunteer talking about an incident that they have experienced, like an email phishing scam, and that just keeps it top of mind."
"Our security practices, the way we report security; we've actually got one metric that rolls up all of the different appliances, and we have a score."
Zero trust seen as key
Khanna also underlined the importance of a zero trust approach for organisations embarking on digital transformation.
"The final thing for us has been about investment in architecture, I think zero trust is a big part of that. What we're also talking about is zero touch, which means provisioning, de provisioning, basic stuff that you're probably going to forget about," Khanna said.
"Automate that. Make sure that you don't have to think about it before starting [a digital transformation] and leading your organisation, so you get that inherent level of protection immediately."
Benefits of zero trust
Finally, Khanna spoke of the technical and business benefits of Probe CX's zero touch approach.
"I think there were the expected benefits from us doing zero trust; the removal of VPNs within the organisation, a simplification of rules and policies."
"We're not running at a site level anymore, it's actually right down to a client level with PCI etc, it's just become an absolute breeze," Khanna said.
"Some of the other things I'll talk about is competitive advantage."
"I actually had a customer call me up and say: 'we want to be talking to your guys around filing a first partner program, because you understand zero touch and you're moving towards it. So that's been great for us."
"I think the last one, we've talked about cost."
"I think what we're finding is even after we've got the first couple of 1,000 users on, we're actually costs down because of labor arbitrage, not doing the reactive work and actually being available to pick up those opportunities where they count for us."
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
