KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR, SIEM, SOAR to a seamless and holistic cybersecurity infrastructure.
Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR, SIEM, SOAR to a seamless and holistic cybersecurity infrastructure.
We will see zero trust, moving ahead. And, and for cybersecurity identity management, zero trust from my perspective is an important thinking, but we also need to learn better to understand what are the things that are the clue and how do all these things work together and at least welcome Zapp who is C at Palo Alto networks, if I'm correct with the title. Welcome. Saraga. Thanks Martin. Thanks Paul. Thanks for having me on the show.
So, so what is your, your perspective? I'm sure you come from a, from a historically seen a network security vendor more from the traditional blade. What is your perception of the role of identity in zero trust?
Yeah, well, look, I think that's a really good question. And, you know, coming from a network background as a Palo Alto networks, I think, you know, we we've, we've sort of tried to disrupt the, the security component of network in a way that we wanted to make security as easily consumable as possible for the user, because I think we've talked a lot about, you know, complexity efficiency, you know, on, on this predictions as well. And I truly feel complexity is not an enemy of security, right?
That design is, and in most organizations, I'm coming from a financial services industry where I've spent around 10 years, you know, working this area, an industry, which was always an early adopter for new security solutions, you know, for new security controls. And, you know, in the end, you're ending up in a, in a very huge product zoo where you've got potentially the best control, specifically tailored to a specific strap, but you lost very often in, in the management aspect of that.
And there's a very nice law from a, you know, programming point of view, I can refer to it's called the Tesla slope, right. Which sort of assumes that there's always a portion of complexity in every application. You can't really, you know, eradicate away right. Or take away. So either solve this by putting, putting this complexity solutions into the product or by really, you know, pushing this complexity to the user. So I think to answer your question, we have to understand how we making the, the way easier for the users out there.
And obviously in a very fragmented world where the parameters are not existing anymore, we're trying to connect every device was, was, you know, every user and every device out there. We have the challenge that it's really hard to keep security up to date and to keep security consistent. And the only way to do this properly is, and this was mentioned as well in a couple of predictions here on the, on the webinar. It's really, really to have an identity focus security, which is evolving everywhere, where we see more and more complexity.
I mean, DFI is a great example of that the entire blockchain industry, if you, if you don't have an identity based concept there you're going to lose, right. So identity is going to play a very foundational role. It's placed, ready formation role in the networking space. It is becoming more and more important. The cloud space, if you take that think potentially the worst vulnerability is we've seen in the public cloud space, identity based vulnerability is because the rest is completely, you know, an abstraction there, right?
You don't need the, like a fully fledged firewall in the public cloud environment anymore where microservice, you know, is defined the way to communicate with specific server as APIs or other microservices. Right?
So yes, We, we, I think also important to, to see that, that we're not only talking about the identity of humans, we are talking about service, having an identity. We are talking about things about devices, about everything having identity.
And, and, and I think then, then it's at the end of the day, always that something, someone with an identity is doing something which we need to control. And so I think this is, this is important to, to, to, from my perspective, to understand when we are talking about identities, identity does not equal human AB absolutely.
I mean, you know, apparently, you know, we are living in a, in a technology world and, and, you know, for us as humans trust to everybody's very important, but like within the technology world, trust is a, is a vulnerability, right? And most of this trust is being implemented as trust between machines talking to machines, right? Applications, talking to applications, processes, talking to processes. I think the challenge where we're getting by the zero trust strategy or vision, right, which was sort of a very strong vision management was developed based.
And, you know, as project Jerry and John writing down this white paper, which is by the way, 10 years old now, you know, being seen then as a marketing G and I think slowly being recognized as well by the leaders as the strategic aspect to position security, simply because it's very easy to digest, right. And what's telling us is simply to ensure that you have always security in place between all the different technological components, technological entities, but also users you have, you know, in your technology world, interacting between each other.
So it's, can I, some people listen to, you might get slightly confused cuz you mentioned how zero trust was, you know, the theory from last 10 years or so. And, and we're often told that zero trust is a theory. It's a way of design. It's a way of thinking. It's not about actual hardware or products. And yet you do talk about a zero trust network access. You do talk about a platform. So maybe you could just enlarge on that a little bit.
Yeah, absolutely. I mean zero trust or zero trust is not a product you can buy, deploy. And then you got secured, right? Zero trust is a, is a methodology. It's a strategy how you basically security. And I think through the like last 10 years, we've seen zero trust being implemented in various applications, starting more or less in, you know, in networking space because that's where we had the most systematic risks living in. Right.
Think about like large corporations, really building like the most powerful defenses, but then having the entire network being completely flat where, you know, even like $1 devices are connected with, with 100 million, you know, servers who run the most important applications. So I think zero trust started more or less in the networking space and the slow as were evolving into the different areas. Like you see Google strategizing zero trust and you know, building products like Chromebook and so on Microsoft now, zero trust based concepts.
So I think a couple of foundation talking about zero trust now, like always, you know, when talking to our customers as well, you know, about zero trust, trying to show them like a pyramid of zero trust where the two foundational building blocks for most traditional companies always identity and connectivity because that's where you've got the biggest, you know, the biggest systematic external you've got like ware and points applications, you knows C I C D pipeline.
So on where you need to ingest more zero trust, but traditional companies, that's the building blocks where you have to start now to answer, answer your question, guess zero trust or the, the biggest challenge in cybersecurity is really the, the, the problem that, you know, we have not really built security, you know, as a design principle in our products, right. Everybody's talking about that. Everybody's aware about that.
And you know, what I've learned from my Kay is that you have to plan for future security conservation because the, the amount of complexity you have to manage, if you not build this in is going to be very instilled. So insane. Right?
So take, take, for instance, us as a, as a, as a largest security vendor on the planet by revenue, we have even not 5% of the market share out there, right? So if you, if you take any company out there, you know, they're running potentially one HR system, you know, one, I don't know Salesforce system for controlling their sales, but they're running like 15, 20 security products. And I think this is going to change as we're becoming more complex. And as companies understand, they can't really manage those complexity without simplifying and consolidating the security stack.
And, and that's, that's what we, excuse me, Paul that's, that's what we, we expect to, because I, I expect this conversion really to, to, to go forward, to, to increase in, in 2022, because we, we, we need to do it. We need to have certain types of control plans, certain types of integrating layers, like the XDR stuff we are, we are talking a lot about like clearly also soar for automating stuff and so on.
And this is, as I've said at the end, this is really what we expect to see that different initiatives are the different sort of approaches on, on angles on zero trust will convert to a better integrated perspective growth from conceptual and from a technical level. Secondly, we, we are already approaching the end of the time we have for today. Maybe one last final recommendation you want to give to our audience.
Well, yeah, I think, you know, I would encourage you to think just about, about your business architecture, about the system you're trying to secure. I think if you have always that view or not just a point product point process in our point thread, you'll always have a much more effective security in them instead of, you know, just trying really to, to hit this one specific problem.
