As zero-trust security vendor Zscaler Inc. held its user event, Zenith Live, this week in Las Vegas, Chief Executive Jay Chaudhry sought to shift the company’s traditional narrative.
In his Tuesday keynote, rather than focus on Zscaler as a replacement for virtual private networks and firewalls — though that was clearly articulated as well — Chaudhry (pictured) emphasized how zero trust everywhere could unlock the potential of artificial intelligence.
Although the product specifics came later, Chaudhry appealed to the audience to embrace a fundamental shift in their security posture, evolve with modern trends and thrive in a hyperconnected, AI enabled world. These were the top of themes from Chaudhry’s keynote:
AI requires zero trust everywhere
The concept of “zero trust everywhere” is to apply least privilege access across the business. Network protocols were designed to allow “trusted” devices to talk to any other device, regardless of whether it needed to or not.
The problem with this is that if the trusted endpoint is breached, the threat actor now has unfettered access to any system and all data. Zero trust dictates that any device is unable to communicate with any other unless explicitly allowed. If there is a breach, the blast radius is contained to a very small area.
The central theme of the keynote was the expansion of zero trust from initially protecting users that were connecting to private applications and the internet. Now Zscaler’s scope has now expanded to cover workloads, internet of things devices and AI agents.
The inclusion of AI agents as zero-trust entities is a pivotal step forward. As AI agents are increasingly become autonomous, accessing most applications and data sources, their identity and activity need to be rigidly determined and regulated. Zscaler is presently working with companies such as Microsoft Corp. to set the identity of AI agents and extend their “exchange” to safeguard the new participants. This proactive approach ensures that when organizations roll out AI-enabled co-pilots and apps, they will do so with confidence, with the agents functioning within policy boundaries.
During the keynote, T-Mobile USA Inc. came on stage to talk about its use of zero trust, describing how securing 100,000 employees across 2,000 care sites, including iPads used in-store across 5G networks, was achieved by moving perimeter defense to an efficient, scalable zero-trust solution.
As AI expands, the need for zero trust continues to expand. In every keynote Nvidia Corp. CEO Jensen Huang has done this year, he has talked about the next wave of AI being physical AI, which brings in a world of autonomous machines. These also need to be secured, and that can’t be done with firewalls. As AI becomes ubiquitous, the world needs to move away from perimeter-based security and the answer is AI everywhere.
The café-like connectivity model is the right one for many companies
Chaudhry brought up the topic of network evolution and explained the internet is a vast network that already connects everything and questioned why we need to build overlay networks that require firewalls to protect them. When Zscaler customers are working from home or a café, they’re secured by the proxy-based zero-trust service. Their connection is secured back to the Zscaler cloud and then connected to the software-as-a-service applications they work with.
This raises the question: When one is in the office, is there a need for a firewall? If the user can be secured at a café, simply extend that to the corporate office.
At the event, I had a chance to talk with Zuora Chief Information Officer Karthik Chakkarapani. Zuora had moved to an all-SaaS model and along with that, moved away from the traditional castle and moat to using Zscaler. Chakkarapani explained the deployment went incredibly smooth, users were much happier as they no longer had to fiddle with VPNs, the security posture improved, and the company saved enough money that the Zscaler deployment paid for itself in only four months.
I’m not saying the café-like connectivity model is right for all companies, but it should be considered by organizations that rely heavily on cloud applications. With SaaS, there isn’t any data that goes between locations, so why build a wide-area network? Instead, treat users as if they were working remotely and they’ll have the same experience regardless of where they are working.
Comprehensive data protection and LLM proxies are the keys to AI security and data governance
The keynote highlighted that with the onset of the AI era, data security takes center stage, going beyond traditional data loss prevention to a more comprehensive approach to data security. Chaudhry emphasized that “it’s all about data security” these days, with data dispersed across SaaS applications, endpoints, cloud infrastructure as a service, and even the AI applications themselves.
Having multiple vendors and having to manage data protection policies across them is a formidable challenge, so that is why Zscaler has invested in a unified data protection framework. This allows one set of policies to be universally applied, regardless of where the data resides or how it’s being accessed, including through AI services.
A critical piece of innovation mentioned was adding the LLM proxy. Chief Innovation Officer Patrick Foxhoven explained how AI, and LLMs in particular, can’t be secured based on traditional threat signatures or sandboxing. Instead, it must ascertain the intent of what is happening, both in the prompts customers are sending and the output that AI generates. The LLM proxy employs 15 small language models to identify numerous injects of prompts, toxicity, and off-topic questions to enable the AI chatbots and apps to operate within established parameters.
Zscaler ran a demo that illustrated how this prevents unwanted or malicious applications, such as a car chatbot offering a car at $1 or leaking sensitive competitive information. This capability is crucial to preventing risk from public-facing AI apps and maintaining data privacy, even with internal AI tools such as human resources chatbots. This takeaway highlights Zscaler’s focus on building intelligent security products that understand the nuances of AI interactions and data flow, making secure and compliant AI adoption possible.
AI-driven security operations and exposure management streamline risk mitigation
Zscaler is best known as the firewall and VPN replacement company, and it’s not turned its sights on modernizing security operations. Chaudhry explained that IT pros struggle with massive data lakes, slow queries and trying to keep pace with
Zscaler’s security operations center journey extends beyond data gathering and remediation and into preemptive avoidance of danger. Zscaler’s platform holds billions of telemetry driven data points and the company is using AI to deliver exposure management, which is an end-to-end view of an organizations attack surface.
Attack management is another part of the Zscaler operations suite, which uses its massive data fabric combined with AI to speed up threat response. The SOC segmet is filled with legacy vendors today, many of which are embedded into security workflows. Though the market is ripe for disruption, Zscaler’s success will be based on its ability to work with legacy vendors and chip away at their share, much the way it did with its access products.
Security professionals need to jump on the AI train or get left behind
There’s an expression that states, “Some people make things happen, others watch things happen and the rest wonder what happened.” In the AI era, the last two are the same as IT evolving at a pace never seen before.
I understand the hesitancy of using AI. Can I trust it? What does this mean for my job? What happens if a mistake is made? These and others are viable questions, but the reality is that AI is coming, and it will redefine the way security is done.
Today, threat actors use AI and can pivot quickly. The only way to fight AI-driven threats is by embracing AI. At the end of his keynote, Chaudhry showed a slide of Charles Darwin with his famous quote citing that it’s those most adaptable to change that survive and that has always been the case is IT.
Think back to other IT evolutions – mainframes to PCs, time division multiplexing voice to voice over IP, physical servers to virtualizations, on-premises computing to cloud. Each of these enabled IT to do more. Those that embraced the change moved into the new world, and those that did not were left behind.
The best quote for this came from a customer at Zenith Live. A chief information security officer for a well-known insurance company told me, “The established security model does not work, has not worked and is never going to work, which is why we shifted away from firewalls and VPNs to zero trust.” I asked him, when he removed the firewalls from the branch offices, did that scare him, and he responded, “At first it scared the crap out of me,” but he quickly realized that it was a superior security model that was simpler to run.
This need to change isn’t just for security operations. Network engineers need to heed this warning as well, particularly those that run the WAN. The café-like model I alluded to will change the job function, moving it away from being connectivity-based to one that requires deeper security skills. From a resume perspective, network pros should embrace this, as it gives them more options as the world continues to evolve because of AI.
Final thoughts
Overall, this was a different kind of Zenith Live than ones I had been to in the past. Chaudhry’s narrative was a bit more “in your face” and had the necessary level of urgency to it: AI is coming and it’s coming fast. It’s disrupting computing, networking, storage ad the way we build apps, and it will do the same to security. The time for change is now and Zscaler wants to be the company that helps customers adopt AI securely.