AI/ML and Zero Trust — Driving Business Success

Session Preview
San Francisco CISO Executive Summit

Jay Chaudhry

CEO, Chairman & Founder

Zscaler, Inc.

MAY 2024

As cyber threats become more sophisticated and pervasive, enterprises need to adopt an agile approach to network and security that promotes innovation and mitigates risk. Artificial intelligence, machine learning and zero trust are the key enablers of this transformation, offering visibility, control, and automation across users, workloads, IoT/OT devices, and business partners.

At the San Francisco CISO Executive Summit coming up on June 25, CEO, Chairman and Founder Jay Chaudhry of Zscaler, Inc., will deliver a keynote address on “AI/ML and Zero Trust – Driving Business Success.” His session will focus on how to “use AI to fight AI,” how zero trust segmentation will happen in parallel with firewall-free enterprises, and how AI/ML add defensive and analytics capabilities that drive IT and business success.

Before the summit, Jay is sharing insights on the topic and why CISOs should consider these approaches to their security today.

Jay Chaudhry is an accomplished entrepreneur, having founded a series of successful technology companies, most recently, Zscaler. With his proven track record of developing trailblazing innovations that address the demands for securing the seamless exchange of information, Jay’s latest pioneering technology is the Zscaler Zero Trust Exchange, a fundamentally new approach to securing highly mobile employees and helping accelerate digital transformation. 

Tell us a little bit more about your session, “AI/ML and Zero Trust — Driving Business Success.”

The thesis of my session is essentially that AI and zero trust are two essential approaches to facilitating secure digital transformation today. I will start with AI since it is a topic receiving so much attention at the moment. Attackers will undoubtedly use advances in fields like generative AI to automate and intensify their attacks, by using LLMs to search for a firewall vendor's most recently discovered exploits, for instance. 

Organizations must deploy AI in their defense if they hope to keep up. There are numerous promising use cases for doing so, such as AI-assisted data classification, proactive breach prediction, risk quantification, and others I will discuss over the course of my session. 

But, ultimately, we need a shift in the architecture we rely on to enable the business. I'm often asked why, despite billions of dollars being spent globally on cybersecurity, breaches still occur daily. The reason is our stubborn insistence on the same IT and security architecture that served us well for decades but, today, no longer reflect the realities of how we connect and work. 

Firewalls and VPNs continue to enable breaches and exacerbate their consequences by allowing for lateral movement across networks. The solution to this issue, I'm certain, is transitioning to zero trust architecture, where users are connected to resources on a per-request basis, where they would otherwise be able to search for crown jewel applications and exfiltrate data at will.

What are some of the challenges CISOs face in this area?

AI, as we tend to think of it today, is a newer issue and therefore the challenges are numerous. Organizations must carefully balance enabling their employees to be more productive by using tools like ChatGPT versus the risk of data loss. So, data governance has been complicated by the arrival of these popular LLMs. 

Operationalizing the insights gained from AI is another challenge for IT executives. This requires correlating huge amounts of data from an array of sources and turning it into something meaningful. Not every company has the volume of data required or the necessary talent to do so without working with the right partners. 

In terms of zero trust adoption, much of the challenge comes down to inertia and a bias for the way we've always done things. I often say that zero trust is analogous to electric vehicle adoption. Too often organizations think a single vendor or solution can make them "zero trust," when in reality, it requires a completely new way of conceiving of IT connectivity. 

Why is it critical for Evanta’s CISO community members to have this conversation now?

I am confident in saying that AI, on its present trajectory, is one of those once-in-a-generation advancements that will change the way we work and collaborate moving forward. The role it will play in enabling cyber attacks makes the zero trust approach even more critical. 

We have to stop equating information security with a hardened perimeter because, before too long, the attacks are going to become too constant to repel with 100 percent success. Therefore, it is essential we limit the potential blast radius of any initial compromise that may occur. 

What are you most looking forward to about this session?

Sharing my thoughts on these two critical areas, AI and zero trust, with intelligent and successful executives working in my own backyard is a privilege. I look forward to their reactions, hearing their thoughts, and understanding their core areas of concern regarding AI and zero trust. 

You can join the session with Jay Chaudhry of Zscaler at the upcoming Evanta San Francisco CISO Executive Summit on June 25 by signing in to MyEvanta and registering for the event. If you are not yet an Evanta community member, apply to join your local CISO community to connect with peers on mission critical topics for security leaders.

Special thanks to Zscaler, Inc.

by CISOs, for CISOs

Join the conversation with peers in your local CISO community.