From Command and Control to Shared Responsibility: How Zero Trust is Changing Access Control
Alex Bovee
•
May 31, 2023
This is a guest post by Alex Bovee, CEO and Co-Founder at ConductorOne, an identity security company.
The pandemic changed the way we work, pushing organizations to adopt remote work models virtually overnight. Suddenly, access to company resources and sensitive data were no longer limited to the corporate network, and traditional perimeter-based security models proved insufficient. As a result, the concept of Zero Trust has gained significant attention, as companies look to secure their workforce and sensitive data in a more decentralized environment.
I recently had the privilege of hosting Twingate’s CEO and Co-Founder, Tony Huie, on the All Aboard podcast. During our conversation, we discussed Zero Trust, the growing mandate for usability in security products, and the power of embracing security as a shared responsibility.
Below are a few highlights from our conversation. To hear it in full, check out the episode here (also available on Apple Podcasts and Spotify).
Decentralization of access control is a natural progression of the Zero Trust movement
For better or worse, “Zero Trust” has become the buzzword of the day. Despite the market hype, the tenets of Zero Trust remain transformative for how an organization thinks about security. Tony describes one of those core tenets as “moving away from broad-based access to granular access.” After all, the internal network is vastly different for a distributed workforce. And while the movement away from the corporate network has been underway for many years, the pandemic accelerated it overnight as employees started working from home, from Starbucks, and so on. This has impacted how teams deploy and manage access to technology.
What’s more, the explosion of SaaS and IaaS – combined with sprawling access to these technologies – has made securing an organization’s identity attack surface more challenging. IT and Security teams are forced to change how they think about securing applications and infrastructure away from command and control, to more of a shared responsibility model with application owners. In the identity and access management sphere, this takes the form of granting those users with the right context and knowledge the power to make access decisions.
“Products have to actually go and enable other parts of the business to participate in access controls. And I think it's really healthy because it makes security a shared responsibility.” – Tony Huie, CEO, Twingate
Modern security products must be usable
There’s a shift in the way developers and SaaS companies build products. Technology has become such a critical part of how work gets done that technology decisions and business productivity concerns are now intertwined. At Dropbox, Tony witnessed first-hand the trend around the “consumerization of IT… or software that doesn’t suck that you actually use.” A little more than a decade later, the movement has reached security. As technology becomes more entrenched in the employee experience, buyers are increasingly prioritizing end-user experience, buy-in, adoption, and time-to-value when evaluating new solutions.
Tony also talked about the parallel demand for a superior admin experience. This means making it easier for admins to configure and deploy solutions so they can spend more time enabling the broader organization to make security-informed decisions.
“Considering how big of a role employees’ own behaviors play in keeping a company secure, that consideration around, Hey, if I force my employee base to do this when they don't want to do it – I think there's a much bigger recognition that human nature is going to be such that they're just going to figure out a way to get around that.” – Tony Huie, CEO, Twingate
Companies are embracing security as a shared responsibility
Although phrases like “Zero Trust” may be peak hype cycle, they have broad recognition, which makes them useful for gaining internal buy-in on behavioral changes and tool adoption. Tony anticipates that there will be an increased general awareness of the importance of security and of preventing data breaches. Terms like Zero Trust will be used to talk to folks outside of the industry, which is crucial given user behavior plays a significant role in strengthening or weakening a company's overall security.
Tony says that the most effective leaders in IT and Security will be ones that excel at communicating with other departments – including those who control the budget (finance) and those who control end-user behavior (functional leads). This would involve providing more education around security best practices, fostering the idea that security is everyone’s responsibility, and reinforcing the need to operate securely.
“If you really break down what is cybersecurity for most companies, it's actually about managing access. It's making sure that the right folks have access to the right things and the wrong people don't.” – Tony Huie, CEO, Twingate
Interested in scaling identity and access controls for your organization? Visit conductorone.com to learn more.
About the Author
Alex Bovee is co-founder and CEO of ConductorOne, a technology company focused on modern identity governance and access control. With a background in security and identity, he most recently led Okta's zero trust product portfolio and before that, enterprise device security products at Lookout Mobile Security. He co-founded ConductorOne to help companies become more secure and productive through identity-centric automation and access control. In his spare time, he enjoys playing guitar and shuttling his kids around to activities.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
From Command and Control to Shared Responsibility: How Zero Trust is Changing Access Control
Alex Bovee
•
May 31, 2023
This is a guest post by Alex Bovee, CEO and Co-Founder at ConductorOne, an identity security company.
The pandemic changed the way we work, pushing organizations to adopt remote work models virtually overnight. Suddenly, access to company resources and sensitive data were no longer limited to the corporate network, and traditional perimeter-based security models proved insufficient. As a result, the concept of Zero Trust has gained significant attention, as companies look to secure their workforce and sensitive data in a more decentralized environment.
I recently had the privilege of hosting Twingate’s CEO and Co-Founder, Tony Huie, on the All Aboard podcast. During our conversation, we discussed Zero Trust, the growing mandate for usability in security products, and the power of embracing security as a shared responsibility.
Below are a few highlights from our conversation. To hear it in full, check out the episode here (also available on Apple Podcasts and Spotify).
Decentralization of access control is a natural progression of the Zero Trust movement
For better or worse, “Zero Trust” has become the buzzword of the day. Despite the market hype, the tenets of Zero Trust remain transformative for how an organization thinks about security. Tony describes one of those core tenets as “moving away from broad-based access to granular access.” After all, the internal network is vastly different for a distributed workforce. And while the movement away from the corporate network has been underway for many years, the pandemic accelerated it overnight as employees started working from home, from Starbucks, and so on. This has impacted how teams deploy and manage access to technology.
What’s more, the explosion of SaaS and IaaS – combined with sprawling access to these technologies – has made securing an organization’s identity attack surface more challenging. IT and Security teams are forced to change how they think about securing applications and infrastructure away from command and control, to more of a shared responsibility model with application owners. In the identity and access management sphere, this takes the form of granting those users with the right context and knowledge the power to make access decisions.
“Products have to actually go and enable other parts of the business to participate in access controls. And I think it's really healthy because it makes security a shared responsibility.” – Tony Huie, CEO, Twingate
Modern security products must be usable
There’s a shift in the way developers and SaaS companies build products. Technology has become such a critical part of how work gets done that technology decisions and business productivity concerns are now intertwined. At Dropbox, Tony witnessed first-hand the trend around the “consumerization of IT… or software that doesn’t suck that you actually use.” A little more than a decade later, the movement has reached security. As technology becomes more entrenched in the employee experience, buyers are increasingly prioritizing end-user experience, buy-in, adoption, and time-to-value when evaluating new solutions.
Tony also talked about the parallel demand for a superior admin experience. This means making it easier for admins to configure and deploy solutions so they can spend more time enabling the broader organization to make security-informed decisions.
“Considering how big of a role employees’ own behaviors play in keeping a company secure, that consideration around, Hey, if I force my employee base to do this when they don't want to do it – I think there's a much bigger recognition that human nature is going to be such that they're just going to figure out a way to get around that.” – Tony Huie, CEO, Twingate
Companies are embracing security as a shared responsibility
Although phrases like “Zero Trust” may be peak hype cycle, they have broad recognition, which makes them useful for gaining internal buy-in on behavioral changes and tool adoption. Tony anticipates that there will be an increased general awareness of the importance of security and of preventing data breaches. Terms like Zero Trust will be used to talk to folks outside of the industry, which is crucial given user behavior plays a significant role in strengthening or weakening a company's overall security.
Tony says that the most effective leaders in IT and Security will be ones that excel at communicating with other departments – including those who control the budget (finance) and those who control end-user behavior (functional leads). This would involve providing more education around security best practices, fostering the idea that security is everyone’s responsibility, and reinforcing the need to operate securely.
“If you really break down what is cybersecurity for most companies, it's actually about managing access. It's making sure that the right folks have access to the right things and the wrong people don't.” – Tony Huie, CEO, Twingate
Interested in scaling identity and access controls for your organization? Visit conductorone.com to learn more.
About the Author
Alex Bovee is co-founder and CEO of ConductorOne, a technology company focused on modern identity governance and access control. With a background in security and identity, he most recently led Okta's zero trust product portfolio and before that, enterprise device security products at Lookout Mobile Security. He co-founded ConductorOne to help companies become more secure and productive through identity-centric automation and access control. In his spare time, he enjoys playing guitar and shuttling his kids around to activities.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
From Command and Control to Shared Responsibility: How Zero Trust is Changing Access Control
Alex Bovee
•
May 31, 2023
This is a guest post by Alex Bovee, CEO and Co-Founder at ConductorOne, an identity security company.
The pandemic changed the way we work, pushing organizations to adopt remote work models virtually overnight. Suddenly, access to company resources and sensitive data were no longer limited to the corporate network, and traditional perimeter-based security models proved insufficient. As a result, the concept of Zero Trust has gained significant attention, as companies look to secure their workforce and sensitive data in a more decentralized environment.
I recently had the privilege of hosting Twingate’s CEO and Co-Founder, Tony Huie, on the All Aboard podcast. During our conversation, we discussed Zero Trust, the growing mandate for usability in security products, and the power of embracing security as a shared responsibility.
Below are a few highlights from our conversation. To hear it in full, check out the episode here (also available on Apple Podcasts and Spotify).
Decentralization of access control is a natural progression of the Zero Trust movement
For better or worse, “Zero Trust” has become the buzzword of the day. Despite the market hype, the tenets of Zero Trust remain transformative for how an organization thinks about security. Tony describes one of those core tenets as “moving away from broad-based access to granular access.” After all, the internal network is vastly different for a distributed workforce. And while the movement away from the corporate network has been underway for many years, the pandemic accelerated it overnight as employees started working from home, from Starbucks, and so on. This has impacted how teams deploy and manage access to technology.
What’s more, the explosion of SaaS and IaaS – combined with sprawling access to these technologies – has made securing an organization’s identity attack surface more challenging. IT and Security teams are forced to change how they think about securing applications and infrastructure away from command and control, to more of a shared responsibility model with application owners. In the identity and access management sphere, this takes the form of granting those users with the right context and knowledge the power to make access decisions.
“Products have to actually go and enable other parts of the business to participate in access controls. And I think it's really healthy because it makes security a shared responsibility.” – Tony Huie, CEO, Twingate
Modern security products must be usable
There’s a shift in the way developers and SaaS companies build products. Technology has become such a critical part of how work gets done that technology decisions and business productivity concerns are now intertwined. At Dropbox, Tony witnessed first-hand the trend around the “consumerization of IT… or software that doesn’t suck that you actually use.” A little more than a decade later, the movement has reached security. As technology becomes more entrenched in the employee experience, buyers are increasingly prioritizing end-user experience, buy-in, adoption, and time-to-value when evaluating new solutions.
Tony also talked about the parallel demand for a superior admin experience. This means making it easier for admins to configure and deploy solutions so they can spend more time enabling the broader organization to make security-informed decisions.
“Considering how big of a role employees’ own behaviors play in keeping a company secure, that consideration around, Hey, if I force my employee base to do this when they don't want to do it – I think there's a much bigger recognition that human nature is going to be such that they're just going to figure out a way to get around that.” – Tony Huie, CEO, Twingate
Companies are embracing security as a shared responsibility
Although phrases like “Zero Trust” may be peak hype cycle, they have broad recognition, which makes them useful for gaining internal buy-in on behavioral changes and tool adoption. Tony anticipates that there will be an increased general awareness of the importance of security and of preventing data breaches. Terms like Zero Trust will be used to talk to folks outside of the industry, which is crucial given user behavior plays a significant role in strengthening or weakening a company's overall security.
Tony says that the most effective leaders in IT and Security will be ones that excel at communicating with other departments – including those who control the budget (finance) and those who control end-user behavior (functional leads). This would involve providing more education around security best practices, fostering the idea that security is everyone’s responsibility, and reinforcing the need to operate securely.
“If you really break down what is cybersecurity for most companies, it's actually about managing access. It's making sure that the right folks have access to the right things and the wrong people don't.” – Tony Huie, CEO, Twingate
Interested in scaling identity and access controls for your organization? Visit conductorone.com to learn more.
About the Author
Alex Bovee is co-founder and CEO of ConductorOne, a technology company focused on modern identity governance and access control. With a background in security and identity, he most recently led Okta's zero trust product portfolio and before that, enterprise device security products at Lookout Mobile Security. He co-founded ConductorOne to help companies become more secure and productive through identity-centric automation and access control. In his spare time, he enjoys playing guitar and shuttling his kids around to activities.