Netskope é nomeada líder no Quadrante Mágico do Gartner® de 2024 para Security Service Edge. Obtenha o Relatório

fechar
fechar
  • Por que Netskope chevron

    Mudando a forma como a rede e a segurança trabalham juntas.

  • Nossos clientes chevron

    A Netskope atende a mais de 3.000 clientes em todo o mundo, incluindo mais de 25 das empresas da Fortune 100

  • Nossos parceiros chevron

    Fazemos parceria com líderes de segurança para ajudá-lo a proteger sua jornada para a nuvem.

Ainda mais alto em execução.
Ainda mais longe na visão.

Saiba por que o 2024 Gartner® Magic Quadrant™ nomeou a Netskope como líder em Security Service Edge pelo terceiro ano consecutivo.

Obtenha o Relatório
A Netskope foi nomeada líder no Quadrante Mágico do Gartner de 2024®™ para o gráfico Security Service Edge para menu
Ajudamos nossos clientes a estarem prontos para tudo

Veja nossos clientes
Woman smiling with glasses looking out window
A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.

Saiba mais sobre os parceiros da Netskope
Group of diverse young professionals smiling
Sua Rede do Amanhã

Planeje seu caminho rumo a uma rede mais rápida, segura e resiliente projetada para os aplicativos e usuários aos quais você oferece suporte.

Receba o whitepaper
Sua Rede do Amanhã
Apresentando a plataforma Netskope One

O Netskope One é uma plataforma nativa da nuvem que oferece serviços convergentes de segurança e rede para permitir sua transformação SASE e zero trust.

Saiba mais sobre o Netskope One
Abstrato com iluminação azul
Adote uma arquitetura Secure Access Service Edge (SASE)

O Netskope NewEdge é a maior nuvem privada de segurança de alto desempenho do mundo e oferece aos clientes cobertura de serviço, desempenho e resiliência inigualáveis.

Conheça a NewEdge
NewEdge
Netskope Cloud Exchange

O Cloud Exchange (CE) da Netskope oferece aos clientes ferramentas de integração poderosas para tirar proveito dos investimentos em estratégias de segurança.

Saiba mais sobre o Cloud Exchange
Vídeo da Netskope
A plataforma do futuro é a Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) e Private Access for ZTNA integrados nativamente em uma única solução para ajudar todas as empresas em sua jornada para o Secure Access Service Arquitetura de borda (SASE).

Vá para a plataforma
Vídeo da Netskope
Next Gen SASE Branch é híbrida — conectada, segura e automatizada

Netskope Next Gen SASE Branch converge o Context-Aware SASE Fabric, Zero-Trust Hybrid Security e SkopeAI-Powered Cloud Orchestrator em uma oferta de nuvem unificada, inaugurando uma experiência de filial totalmente modernizada para empresas sem fronteiras.

Saiba mais sobre Next Gen SASE Branch
Pessoas no escritório de espaço aberto
Desenvolvendo uma Arquitetura SASE para Leigos

Obtenha sua cópia gratuita do único guia de planejamento SASE que você realmente precisará.

Baixe o eBook
Mude para serviços de segurança na nuvem líderes de mercado com latência mínima e alta confiabilidade.

Conheça a NewEdge
Lighted highway through mountainside switchbacks
Permita com segurança o uso de aplicativos generativos de IA com controle de acesso a aplicativos, treinamento de usuários em tempo real e a melhor proteção de dados da categoria.

Saiba como protegemos o uso de IA generativa
Ative com segurança o ChatGPT e a IA generativa
Soluções de zero trust para a implementação de SSE e SASE

Conheça o Zero Trust
Boat driving through open sea
Netskope obtém alta autorização do FedRAMP

Escolha o Netskope GovCloud para acelerar a transformação de sua agência.

Saiba mais sobre o Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Saiba mais sobre como a Netskope pode ajudá-lo a proteger sua jornada para a nuvem.

  • Blog chevron

    Saiba como a Netskope permite a transformação da segurança e da rede por meio do SSE (Security Service Edge)

  • Eventos e workshops chevron

    Esteja atualizado sobre as últimas tendências de segurança e conecte-se com seus pares.

  • Security Defined chevron

    Tudo o que você precisa saber em nossa enciclopédia de segurança cibernética.

Podcast Security Visionaries

A interseção entre confiança zero e segurança nacional
On the latest episode of Security Visionaries, co-hosts Max Havey and Emily Wearmouth sit down for a conversation with guest Chase Cunningham (AKA Dr. Zero Trust) about zero trust and national security.

Reproduzir o podcast
A interseção entre confiança zero e segurança nacional
Últimos blogs

Leia como a Netskope pode viabilizar a jornada Zero Trust e SASE por meio de recursos de borda de serviço de segurança (SSE).

Leia o Blog
Sunrise and cloudy sky
SASE Week 2023: Sua jornada SASE começa agora!

Replay das sessões da quarta SASE Week anual.

Explorar sessões
SASE Week 2023
O que é SASE?

Saiba mais sobre a futura convergência de ferramentas de redes e segurança no modelo predominante e atual de negócios na nuvem.

Saiba mais sobre a SASE
  • Empresa chevron

    Ajudamos você a antecipar os desafios da nuvem, dos dados e da segurança da rede.

  • Liderança chevron

    Nossa equipe de liderança está fortemente comprometida em fazer tudo o que for preciso para tornar nossos clientes bem-sucedidos.

  • Customer Solutions chevron

    Estamos aqui junto com você a cada passo da sua trajetória, assegurando seu sucesso com a Netskope.

  • Treinamento e certificação chevron

    Os treinamentos da Netskope vão ajudar você a ser um especialista em segurança na nuvem.

Apoiando a sustentabilidade por meio da segurança de dados

A Netskope tem o orgulho de participar da Visão 2045: uma iniciativa destinada a aumentar a conscientização sobre o papel da indústria privada na sustentabilidade.

Saiba mais
Apoiando a sustentabilidade por meio da segurança de dados
Pensadores, construtores, sonhadores, inovadores. Juntos, fornecemos soluções de segurança na nuvem de última geração para ajudar nossos clientes a proteger seus dados e seu pessoal.

Conheça nossa equipe
Group of hikers scaling a snowy mountain
A talentosa e experiente equipe de Serviços Profissionais da Netskope fornece uma abordagem prescritiva para sua implementação bem sucedida.

Conheça os Serviços Profissionais
Netskope Professional Services
Proteja sua jornada de transformação digital e aproveite ao máximo seus aplicativos de nuvem, web e privados com o treinamento da Netskope.

Saiba mais sobre Treinamentos e Certificações
Group of young professionals working
Miniatura da postagem

Esta é a segunda metade de uma discussão em duas partes sobre os princípios da transformação da segurança. Nesta metade, Jason e Erick se juntaram aos colegas James Christiansen, vice-presidente de transformação de segurança em nuvem da Netskope, James Robinson, vice-diretor de segurança da informação da Netskope e Lamont Orange, diretor de segurança da informação da Netskope. A discussão a seguir e o podcast Security Visionaries fazem parte do Security Transformation Playbook, um conjunto de novos recursos da Netskope e de alguns dos líderes mais avançados do setor que examinam as questões mais importantes da segurança atualmente.

Para ser um inovador, para ser um líder, você precisa continuar desafiando o status quo. Você tem que continuar desafiando os pensamentos de ontem

—James Christiansen, vice-presidente de transformação de segurança em nuvem da Netskope
James Christiansen

 

Carimbos de data/hora

*(2:05) - Definindo o tema para o 2º
metade da discussão e apresentações
*(5:00) - Princípio Um
*(7:29) - Princípio Dois
*(10:54) - Princípio Três
*(15:05) - Princípio Quatro
*(18:50) - Princípio Cinco
*(21:55) - Princípio Seis
*(27:50) - Princípio Sete
*(29:34) - Princípio Oito
*(37:16) - Princípio Nove
*(41:09) - Princípio Dez

 

Outras formas de ouvir:

mais verde

Neste episódio

Erick Rudiak
vice-presidente sênior e diretor de tecnologia da Northwestern Mutual

chevron

Erick Rudiak

Erick Rudiak é o atual vice-presidente sênior e diretor de tecnologia da Northwestern Mutual. Anteriormente, ele foi CISO da Express Scripts e da Hewitt Associates. Além disso, Erick é um consultor confiável para CEOs, conselhos de administração, comitês executivos, CIOs, CTOs, CPOs e GCs. Com mais de vinte anos de experiência liderando equipes técnicas e não técnicas de alto desempenho, ele tem um histórico incrivelmente forte de atrair e desenvolver os melhores talentos para ter sucesso em funções executivas.

James Christiansen
Vice-presidente de transformação de segurança em nuvem da Netskope

chevron

James Christiansen

Vice-presidente de transformação de segurança em nuvem da Netskope e líder do Global Chief Strategy Office. Ele está focado em melhorar a compreensão dos clientes globais da Netskope sobre os desafios e soluções de implantações de nuvem, ajudando a impulsionar a liderança de pensamento na transformação da segurança em nuvem.

Lamont Laranja
Diretor de Segurança da Informação

chevron

Lamont Laranja

Lamont possui mais de 20 anos de experiência no setor de segurança da informação, tendo anteriormente atuado como Vice-Presidente de Segurança Corporativa na Charter Communications (agora Spectrum) e como Gerente Sênior de Serviços de Segurança e Tecnologia na Ernst & Young. Antes de ingressar na Netskope, Lamont foi CISO no Vista Equity Partners/Vista Consulting Group. Ele foi responsável pela gestão dos programas de segurança cibernética e desenvolvimento de talentos de segurança cibernética no portfólio da Vista, que incluía mais de 50 empresas. Antes da Vista, Lamont foi Diretor de Segurança da Informação na Websense. Nesse cargo, ele foi responsável por desenvolvimento, manutenção e socialização do programa de segurança interna da empresa. Ele também foi responsável por trabalhar com clientes atuais e potenciais, demonstrando a segurança das soluções e a conexão com o ecossistema de segurança geral.

James Robinson
Vice-CISO na Netskope

chevron

James Robinson

James é um profissional experiente com quase 20 anos de experiência em engenharia de segurança, arquitetura e estratégia. Ele desenvolve e oferece um conjunto abrangente de serviços e soluções estratégicas que ajudam os executivos a mudarem suas estratégias de segurança por meio da inovação.

Jason Clark
Diretor de Estratégia e Marketing da Netskope

chevron

Jason Clark

Jason traz para a Netskope décadas de experiência na construção e execução de programas estratégicos de segurança bem-sucedidos.

Anteriormente, ele foi diretor de segurança e estratégia da Optiv, desenvolvendo um conjunto abrangente de soluções para ajudar os executivos de CXO a aprimorar suas estratégias de segurança e acelerar o alinhamento dessas estratégias com os negócios. Antes da Optiv, Clark ocupou um cargo de liderança na Websense, onde foi a força motriz por trás da transformação da empresa em fornecedora de tecnologia crítica para diretores de segurança da informação (CISOs). Em uma função anterior como CISO e vice-presidente de infraestrutura da Emerson Electric, Clark reduziu significativamente o risco da empresa ao desenvolver e executar um programa de segurança bem-sucedido para 140.000 funcionários em 1.500 locais. Anteriormente, ele foi CISO do The New York Times e ocupou cargos técnicos e de liderança em segurança no EverBank, BB&T e no Exército dos EUA.

Erick Rudiak

Erick Rudiak é o atual vice-presidente sênior e diretor de tecnologia da Northwestern Mutual. Anteriormente, ele foi CISO da Express Scripts e da Hewitt Associates. Além disso, Erick é um consultor confiável para CEOs, conselhos de administração, comitês executivos, CIOs, CTOs, CPOs e GCs. Com mais de vinte anos de experiência liderando equipes técnicas e não técnicas de alto desempenho, ele tem um histórico incrivelmente forte de atrair e desenvolver os melhores talentos para ter sucesso em funções executivas.

James Christiansen

Vice-presidente de transformação de segurança em nuvem da Netskope e líder do Global Chief Strategy Office. Ele está focado em melhorar a compreensão dos clientes globais da Netskope sobre os desafios e soluções de implantações de nuvem, ajudando a impulsionar a liderança de pensamento na transformação da segurança em nuvem.

Lamont Laranja

Lamont possui mais de 20 anos de experiência no setor de segurança da informação, tendo anteriormente atuado como Vice-Presidente de Segurança Corporativa na Charter Communications (agora Spectrum) e como Gerente Sênior de Serviços de Segurança e Tecnologia na Ernst & Young. Antes de ingressar na Netskope, Lamont foi CISO no Vista Equity Partners/Vista Consulting Group. Ele foi responsável pela gestão dos programas de segurança cibernética e desenvolvimento de talentos de segurança cibernética no portfólio da Vista, que incluía mais de 50 empresas. Antes da Vista, Lamont foi Diretor de Segurança da Informação na Websense. Nesse cargo, ele foi responsável por desenvolvimento, manutenção e socialização do programa de segurança interna da empresa. Ele também foi responsável por trabalhar com clientes atuais e potenciais, demonstrando a segurança das soluções e a conexão com o ecossistema de segurança geral.

James Robinson

James é um profissional experiente com quase 20 anos de experiência em engenharia de segurança, arquitetura e estratégia. Ele desenvolve e oferece um conjunto abrangente de serviços e soluções estratégicas que ajudam os executivos a mudarem suas estratégias de segurança por meio da inovação.

Jason Clark

Jason traz para a Netskope décadas de experiência na construção e execução de programas estratégicos de segurança bem-sucedidos.

Anteriormente, ele foi diretor de segurança e estratégia da Optiv, desenvolvendo um conjunto abrangente de soluções para ajudar os executivos de CXO a aprimorar suas estratégias de segurança e acelerar o alinhamento dessas estratégias com os negócios. Antes da Optiv, Clark ocupou um cargo de liderança na Websense, onde foi a força motriz por trás da transformação da empresa em fornecedora de tecnologia crítica para diretores de segurança da informação (CISOs). Em uma função anterior como CISO e vice-presidente de infraestrutura da Emerson Electric, Clark reduziu significativamente o risco da empresa ao desenvolver e executar um programa de segurança bem-sucedido para 140.000 funcionários em 1.500 locais. Anteriormente, ele foi CISO do The New York Times e ocupou cargos técnicos e de liderança em segurança no EverBank, BB&T e no Exército dos EUA.

Transcrição do episódio

Aberto para transcrição

[00:00:00] James Christiansen: I mean, I think you have to be an innovator to be a leader. You have to keep challenging the status quo. You have to keep challenging yesterday's thoughts. That's what we really did when we sat down as a team started listening to our colleagues and taking that input along with their own cost to really develop out these principles, challenging the way we've been doing things and really thinking about, how does this digitalization is changing us and our organization.

[00:00:34] Producer:Hello, and welcome to security visionaries hosted by Jason Clark, chief security officer and chief strategy officer at Netskope. You just heard from James Christianson, the vice president, chief information security officer at Netskope on this show. You'll hear from world-class practitioners and thought leaders like James on how they stay on top of the game in networking and cloud security. You're about to listen to the second half of a two-part discussion on the principles of security transformation. In this half, Jason and Erick are joined by colleagues, James Christianson, the Vice President, Chief Information Security Officer at Netskope. James Robinson, deputy chief information security officer at Netskope and Lamont Orange, Chief Information Security Officer at Netskope. The following discussion and the security visionaries podcast are part of the security transformation playbook, a set of new resources from Netskope and some of the industry's most forward thinking leaders examining the most important issues in security today, before we dive in, here's a brief word from our sponsors.

[00:01:38] Sponsor: The Security Visionaries podcast is powered by the team at Netskope. Netskope is the SASE leader. Offering everything you need to provide a fast data centric and cloud smart user experience at the speed of business today. Learn more at netskope.com

[00:01:57] Producer: without further ado, please enjoy episode two of security visionaries with your host, Jason Clark.

[00:02:05] Jason Clark: In the last episode, Erick and I talked about the genesis for the security transformation project and explained that there are several principles for the future that we should work on, right. 10 principles that we're going to do a deep dive on specifically today. And so I'm joined first by Erick, Rudiak, Erick, how are you?

[00:02:24] Erickk Rudiak: Hi Jason. Glad to be back. Thank you so much for having me on.

[00:02:29] Jason Clark: Happy to have you. And Lamont Orange.

[00:02:31] Lamont Orange: Hey Jason, thanks for having me on the show. I look forward to the conversation.

[00:02:36] Jason Clark: And James Robinson.

James Robinson: Hey, happy to be here. Thanks.

Jason Clark: And James Christiansen.

James Christiansen: Let’s rock and roll!

Jason Clark: So guys, welcome. Welcome to the conversation. How you guys doing? Are you ready?

James Robinson: I'm ready. Let's do it.

Jason Clark: Awesome. Lamont, I know that you, uh, this morning had to, uh, you already were on stage on a panel conversation. You had to race to this conversation. So thank you for that, but it's gonna, it's probably easy and nice to do back to back.

[00:03:06] Lamont Orange: Definitely. So my pleasure.

[00:03:09] Jason Clark: So we altogether, you know, over the last couple of years had worked on. Really with the industry, right. Spending time on, you know, hundreds of, of round table dinners and, and workshops and, you know, surveys and one-on-one conversations, right. Trying to collect. What is the future of security look like? And in this new world, Kind of digital transformation is just happening period. Right. For every organization. And security is kind of in this upside down world where we're trying to, you know, security teams are being stretched beyond belief. Right. And, and trying to keep up. So how are they going to be able to perform and gain leverage. In this new model, right? Cause they're obviously stressed and, um, they're looking at the legacy technology architectures and, and in the end, kind of these, these past ways that we've done stuff for the last 25 years, that we've all been working in this industry or more, we spent time together on 10 principles for the future. Right. And then obviously the rest of the security transformation playbook as part of, what does, if I need to get to by 20, 25 and beyond. So, you know, all of you have helped tremendous amount in this, right? And so just look for each of you to, to give, you know, your context to each principle, as we talk to them and experiences that you've had in these conversations, when these, you know, I'd say over, gosh, probably well over a thousand CISOs and CIO conversations that we. On this. Right. But also in your experiences as CISOs in any, you know, past lives as, as operating other organizations, as CISOs write about the past, moving to the future. So with that, you know, I'm going to start off with the principle one, right? Principle one is challenge all your existing principals, right? So what, what principles do you believe needs to be challenged from the past?

[00:05:04] James Christiansen: Yeah, you know, I really am. I always challenge everything. I think every day. I mean, I think you have to be an innovator to be a leader. You have to keep challenging status quo. You have to keep challenging yesterday's thoughts. And I think that's what we really did when we sat down. And as a team started listening to our colleagues and taking that input along with our own thoughts to really develop out these principles, it was really about challenging status quo. It's about challenging the way we've been doing things and really thinking about how business digitalization is changing us and our organizations, and certainly the, the quick movement to work from anywhere and what that's doing to the things we have to do as we look for.

[00:05:51] Jason Clark: What about the principle of, if it's not broke, don't fix it.

[00:05:54] James Christiansen: Yeah. I don't know. I've always been really good at breaking things, so I'm not the right guy to ask.

[00:06:00] Lamont Orange: And when you look at digital transformation, honestly, you're probably sanded. It's already broken. From how you want to move the organization forward so that, that you have to say that it is broken already, and it does need fixing because we're still having an escalated amount of attacks from attackers. They’re still being successful and are being successful at a high velocity rate. So we must come back to, it's already broken. Now it's how do we plant a seed and move forward?

[00:06:32] Jason Clark: So James, you’re a product security and application, you know, expert. And in my view, right, you've been doing it for a very long time for very large organizations. Well, how are the principals changed? From an app sec or product security or software pipeline standpoint.

[00:06:50] James Robinson: Yeah, one, the one that came to mind that, uh, I think it also got looped into a different principle was that trust, but verify that was one that for a long, long, long time we relied on the all through out the product security AppSec domain. And I think that now that really gets challenged a lot. That's one that was actually a very comfortable principle. Um, and one that, that I've relied on for many, many years that now it just totally gets broken, totally gets challenged and know that there's a lot of conversations about zero trust principles and it having its own. But it's really the zero trust architectures

[00:07:24] Jason Clark: That’s a good point. Trust, but verify has changed into zero trust. Right? That's that's a very good point. So principle two. Stop buying black box solutions and buy open and integrated. So I'd like to kind of say that in general vendors have bought a lot or technology companies, right, they’ve bought a lot of companies and integrated them, or they claim to integrate them. But generally the integration is a price list and the sales person selling to you. So overall, what's your guys' view on how the, how the industry needs to change in the way that we procure technologies?

[00:07:59] James Robinson: I'm jumping on this one first, because this, this was actually one that I saw that I've been talking internally a lot with Lamont about. Um, and it's that idea. I love the idea of open, you know, open NDR, open XDR, open cloud. Yeah, those, those types of things, we have to be able to, you know, make that almost requirement number one. In many ways, you know, we know the sum of many things is better than the sum of One, if you buy the black box, that's what you're getting is that sum of one, or maybe a sum of a few, um, and you have to, you know, build that intelligence by being open. That's really where it comes into. I'm a huge believer you'll out of, uh, out of some of them, you know, I know we've only talked about two, but right now this one is a probably ranked higher for me then principle one that we, that we talked about with challenge, everything, right? This one is, you know, this one is, is core. I think for us to be able to succeed with the future,

[00:08:54] James Christiansen: You know, I'm Jason I've bought best of breed products a lot through my career. You know, we, we very much went after with, uh, very aggressive companies like these, uh, that I was working for, you know, but today's world, you know, I have to look at best of breed platforms. I just can't afford the manpower it takes to manage all these different solutions. And the complexity it's brought to the organization, you know, just leads to human errors, leads to patches, not getting applied versions, not getting updated. So I've really had to move away and my thought process away from best of breed and started looking at best of breed platforms. Now, what can give me the best tightest integration, like you said, in your opening conversation, it can't be somebody with a lot of skew numbers, it has to be a truly integrated platform to solve the real problems.

[00:09:50] Jason Clark: So Erick, any thoughts from you on open and integrated? Why every solution we buy from this point forward, it should be more part of the ecosystem versus being the black boxes of kind of that we procured in the past.

[00:10:03] Erick Rudiak: Yeah. Great question, Jason. So like when I think about open and integrated and why it's so important, our systems are so interconnected. If there's no API to create visibility, like the complexity and interconnectedness of our systems kind of demands that signal from one defensive system, uh, be available to others so that they can orchestrate a response nearest to where the attacker is, and also so that a coherent user experience results. Um, and it becomes very, you know, both, uh, difficult for defenders to manage that. And candidly creates a drain and demands a level of complexity to weave those systems together that open an integrated, uh, is just a superior pattern for them.

[00:10:51] Jason Clark: Brilliant answer. Love it. So principle three is focused on foundational technologies that integrate with your entire security ecosystem. So I'll start with Lamont, you know, you've had the opportunity to build a Greenfield security program. What does that, you know, when, when you look at that right. What was the first stack that you built? What were the five core kind of foundational technologies that were part of this Greenfield infrastructure?

[00:11:16] Lamont Orange: So I think that's a very important question because when you talk about the transformation that security must go through you, you have to look at it. Not only from what tools are in my stack, but it's what capabilities we want and make that more aligned to the outcome. So I'd say the first capability That I wanted. It is around visibility. I had to see what was happening and order to affect the risk level of the organization and be able to put controls around that and tools that help you to understand what is happening would, would be a tool that looks at your usage of even legacy applications, as well as SaaS, IaaS, and PaaS technologies, you also have to take into consideration your identities. Many companies are struggling with identity as they have several IDPs. They have several managers of those identities, whether they are production systems or, uh, corporate systems. And what you want to do is have some sort of governance around it. So identity was one of the other areas that I focused on. And then you look at data protection. Well, we're all in it to protect our data. That is the crown jewel for the bad actor. We have to understand what valuable data we have and what data we like to protect. And then you look at where is that going? So you want to understand the data protection from the user to app to end point. So you have to have back to a comment that James Robinson made about being open with XDR NDR and whatever we put in front of. That DR capability, you have to have that understanding around the configuration of that device and even the organizations that may be using that data. And then there's one other capability that I think is very important to help organizations scale. Uh, when they're looking at a Greenfield, you need something that's going to manage your configuration automation and orchestration. And I think those are solutions that can be kept in one, one area, but they need to have the following those three capabilities in order to be effective.

[00:13:29] Jason Clark: Erick, on, on this, uh, principle around kind of foundational technologies. You know, landed in the other organizations. And now as a CTO, what would any thoughts on this one from an ecosystem standpoint around security,

[00:13:43] Erick Rudiak: There's a couple of things. So identity is one. Um, and you know, I think about that in terms of kind of the various levels of assertions that people in systems can make about who the human is at the other end of the line or who the system is that another system is working with. So that it kind of encompasses everything from multi-factor to kind of directory services, like that's absolutely vital to get right. I agree with Lamont, uh, that having data protection, having visibility into kind of data at rest and data in motion. Is another, and then, uh, it nowadays it's not particularly exciting, but the, kind of the very basics of encryption and configuration management and, you know, in thinking about configuration management, kind of incorporating both, uh, kind of config drift golden builds, you know, system hardening as well as, uh, vulnerability management, which I consider an instance of that class. Kind of pulling that all together. Those are among the first places that I have looked myself for, the kind of assurance that the basic blocking and tackling that the outrage factor of, uh, getting those wrong is managed and minimized for any organization that I’m part of.

[00:15:04] Jason Clark: Okay. So principle four only buy cloud powered new technologies. Right? So essentially everything you buy should be cloud power to cloud enabled or cloud born. You know, there's a Gartner paper. That's. The future of security is in the cloud, as we were doing this tour, there was a, a sentence said that, you know, cloud is the perfect reset for security programs, right? Because you get to kind of start fresh and do things, right. What do you, when you, so overall for all of you, what curious what you all think about this, this principle and, and why we wrote it.

[00:15:34] James Robinson: I think the principle is good. I think for us to take advantage of and, and to meet, you know, one of the things that we say internally is meet your customer, where they're at, you know, if the customer is, is in the cloud or they're moving to the cloud, right, which is even better to be where they're going to be, you have to adopt this principle. It has to be a foundational component for anything that you're looking at. ou know? And, and if it's, you know, cloud assisted, you may look at it. For instance, cloud assisted EDR. Okay, get it right. It's got to have something on the end point. It can't just all be cloud, but you know, for, for anything that's on the network stack for anything that's in the application stack server stack, um, you know, anywhere in between, you know, it definitely has to, has to carry with this principle.

[00:16:17] James Christiansen: You know, uh, Jason, this is the third major transformation I've been through it in my career and, and, um, technology and security versus movement from mainframes to client server. Then from client server to cloud enabled system. And now with business Digitas, digitalization, you know, we see these transformations and I think, you know, the further you resist them and don't recognize them the further you drop behind. So as you start thinking about cloud and cloud enablement, I talked to many CISOs every year, I mean, three or four hundred. And when we talk about what their plans are, where they see as SASE came out or are now secure service edge, And you start looking at definitions. When I start working with an organization and start looking where they're at, they're already somewhere down the path. They may be further in the maybe far, uh, ladder down, but they're, they're already on that path, which just, it just says we're the most common security folks recognize this is the pattern to go to. This is the direction. The only new investments I see are really just renewables. Cause they, they can't get moved off quick enough to the new cloud enabled, uh, technologies. But I think, you know, from a people process and technology perspective, all three it's about training our people on how to work in these cloud technologies. It's building out the processes that support those and the things, and finally implementing the technology, to enable those people and enable those process to provide the level of controls we need nowadays. But certainly the business is going there. We've seen the acceleration of that movement in the business and us as security professionals.

[00:17:59] Jason Clark: I mean in the end, isn't it, every bit as businesses going there and therefore your security needs to be where the data is and where the businesses. And also whenever you have a mobile workforce, you need to leverage the cloud to be able to secure that workforce because you can't just do it from your data center, right? Like in its simplest form, you just changing a leverage point in your scale.

[00:18:18] James Robinson: I love what James said, because when you talked about, you know, moving from, you know, from mainframe to client server, you know, we saw that major shift. If anyone's part of it, I definitely saw it and was part of it as well. And watching that happen, I could not imagine if you didn't make that shift, or if you did make that shift and you still tried to maintain, remember how hard it was to maintain in client server, those controls that you had and, and deliver those via the mainframe. It was almost impossible to do. In fact, it was impossible, which is why everyone's shifted and you saw the market change.

[00:18:49] Jason Clark: So the next one is principle five and. It potentially has more weight than many of the others. It is protect business data with security controls that follow the data everywhere. Right. So, which essentially to me is, you