Quantify the value of Netskope One SSE – Get the 2024 Forrester Total Economic Impact™ study

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,400 customers worldwide including more than 30 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

A Leader in SSE. Now a Leader in Single-Vendor SASE.

Learn why Netskope debuted as a leader in the 2024 Gartner® Magic Quadrant™️ for Single-Vendor Secure Access Service Edge

Get the report
Customer Visionary Spotlights

Read how innovative customers are successfully navigating today’s changing networking & security landscape through the Netskope One platform.

Get the eBook
Customer Visionary Spotlights
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Aerial view of a city
  • Security Service Edge chevron

    Protect against advanced and cloud-enabled threats and safeguard data across all vectors.

  • SD-WAN chevron

    Confidently provide secure, high-performance access to every remote user, device, site, and cloud.

  • Secure Access Service Edge chevron

    Netskope One SASE provides a cloud-native, fully-converged and single-vendor SASE solution.

The platform of the future is Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
SASE Architecture For Dummies eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through secure access service edge (SASE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

2025 Predictions
In this episode of Security Visionaries, we're joined by Kiersten Todt, President at Wondros and former Chief of Staff for the Cybersecurity and Infrastructure Security Agency (CISA) to discuss predictions for 2025 and beyond.

Play the podcast Browse all podcasts
2025 Predictions
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through secure access service edge (SASE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2024 On-Demand

Learn how to navigate the latest advancements in SASE and zero trust and explore how these frameworks are adapting to address cybersecurity and infrastructure challenges

Explore sessions
SASE Week 2024
What is SASE?

Learn about the future convergence of networking and security tools in today’s cloud dominant business model.

Learn about SASE
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Careers chevron

    Join Netskope's 3,000+ amazing team members building the industry’s leading cloud-native security platform.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Accreditations chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Help shape the future of cloud security

At Netskope, founders and leaders work shoulder-to-shoulder with their colleagues, even the most renowned experts check their egos at the door, and the best ideas win.

Join the team
Careers at Netskope
Netskope dedicated service and support professionals will ensure you successful deploy and experience the full value of our platform.

Go to Customer Solutions
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working
Post Thumbnail

This episode features Mike Anderson leading a roundtable discussion with Ilona Simpson, Chief Information Officer EMEA at Netskope and David Fairman, Chief Information & Chief Security Officer APAC at Netskope.

In this episode, Ilona and David share their predictions and resolutions for cybersecurity in 2023. You’ll hear predictions about the industrial metaverse, confidential computing, quantified risk reduction plans, and convergence of priorities for security teams.

CISOs need to be able to stand toe-to-toe and be able to have a discussion at parity in regards to risk buydown for this subset of operational risk. And that’s really where we are. I think as an industry, as a practice, as a profession, we need to get much smarter at figuring out how do we make this a much more quantitative conversation.

—David Fairman, Chief Information & Chief Security Officer APAC

 

Timestamps

*(02:47) - Prediction & Resolution: The Industrial Metaverse*(25:27) - Prediction & Resolution: Convergence of Priorities as a Result of Transformation
*(12:23) - Prediction & Resolution: Confidential Computing*(30:38) - Mike’s Prediction: Vendor Consolidation
*(17:54) - Prediction & Resolution: Quantified Risk Reduction Plans

 

Other ways to listen:

green plus

On this episode

Ilona Simpson
Chief Information Officer EMEA

chevron

Ilona Simpson

Ilona Simpson serves as Chief Information Officer EMEA for Netskope. A seasoned CIO, she brings to the table over 20 years’ experience of initiating and leading the implementation of new business / technology strategies and operating models. During her career, she has delivered value through all phases of a business: high growth, downturns, new business integration and divestments. In 2021, Constellation Research named Simpson a member of the Business Transformation 150, an elite list that recognises the top global executives leading business transformation efforts in their organisations.

Prior to Netskope, Simpson served as VP and CIO at adidas, and Head of Cross-Functional Services (CIO) for INNOGY (E.ON), where she initiated and led data-driven, service-led transformation of the technology function. Simpson has also held regional, divisional and global CIO roles at Porsche, DHL Supply Chain and Aston Martin where she also was a member of Executive Committees. Simpson is active in a number of technology and industry advisory boards. She holds an MBA from IESE Business School, and is a guest lecturer on technology and business topics. She is also an angel investor and volunteers her time to mentoring early stage technology-focused start ups.

David Fairman
Chief Information & Chief Security Officer APAC

chevron

David Fairman

David is a highly experienced professional in the Security & Financial Crime disciplines covering Cyber Security, Fraud and Financial Crime, Intelligence, Business Continuity, Physical Security and Operational Risk. David has worked for, and consulted to, several large financial institutions and Fortune 500 companies, across the UK & EU, North America and APAC. David is a passionate leader in Cyber Security and Financial Crime and has been actively involved in founding several industry alliances and expert groups, holding Board positions, across multiple regions with the aim of making it safer to do business and transact in the digital world.

David has been recognised as one of the Top CISOs to know, is a published author and adjunct professor. A core capability of David’s is his ability to understand the operational risks arising from digital commerce and translate these into strategic actions encompassing technological solutions and organisational capability maturity, in order to transform organisations abilities to manage all aspects of cyber and digital risk. David’s current focus is driving collaboration and innovation across the industry to address current and emerging threats prevalent with digital risk and improve the cyber resiliency and literacy in the community.

Mike Anderson
Chief Digital & Information Officer at Netskope

chevron

Mike Anderson

Mike Anderson serves as Chief Digital and Information Officer for Netskope. Over the past 25 years, he has built and led high-performing teams across various disciplines, including sales, operations, business development, and information technology. He joined Netskope from Schneider Electric, a global fortune 500 company, serving as SVP, CIO and Digital Leader for North America. In 2020, Constellation Research named him a member of the Business Transformation 150, an elite list that recognizes the top global executives leading business transformation efforts in their organizations. The National Diversity Council also recognized him as a Top 50 CIO for diversity and inclusion in 2020 and 2021. Before Schneider Electric, Mike served as CIO for CROSSMARK, where he digitally transformed the business capabilities for the 40,000 employee service provider to the retail and consumer goods industry. Also, he has held executive leadership roles at Enterprise Mobile, a Microsoft joint venture that is now part of Honeywell, Insight, Software Spectrum, and InVerge, a web services pioneer he co-founded in 1999. Mike serves on numerous technology and industry advisory boards and volunteers his time working with nonprofits focused on mental health and suicide prevention and those that benefit the development of our future workforce in science, technology, engineering, and mathematics.

Ilona Simpson

Ilona Simpson serves as Chief Information Officer EMEA for Netskope. A seasoned CIO, she brings to the table over 20 years’ experience of initiating and leading the implementation of new business / technology strategies and operating models. During her career, she has delivered value through all phases of a business: high growth, downturns, new business integration and divestments. In 2021, Constellation Research named Simpson a member of the Business Transformation 150, an elite list that recognises the top global executives leading business transformation efforts in their organisations.

Prior to Netskope, Simpson served as VP and CIO at adidas, and Head of Cross-Functional Services (CIO) for INNOGY (E.ON), where she initiated and led data-driven, service-led transformation of the technology function. Simpson has also held regional, divisional and global CIO roles at Porsche, DHL Supply Chain and Aston Martin where she also was a member of Executive Committees. Simpson is active in a number of technology and industry advisory boards. She holds an MBA from IESE Business School, and is a guest lecturer on technology and business topics. She is also an angel investor and volunteers her time to mentoring early stage technology-focused start ups.

David Fairman

David is a highly experienced professional in the Security & Financial Crime disciplines covering Cyber Security, Fraud and Financial Crime, Intelligence, Business Continuity, Physical Security and Operational Risk. David has worked for, and consulted to, several large financial institutions and Fortune 500 companies, across the UK & EU, North America and APAC. David is a passionate leader in Cyber Security and Financial Crime and has been actively involved in founding several industry alliances and expert groups, holding Board positions, across multiple regions with the aim of making it safer to do business and transact in the digital world.

David has been recognised as one of the Top CISOs to know, is a published author and adjunct professor. A core capability of David’s is his ability to understand the operational risks arising from digital commerce and translate these into strategic actions encompassing technological solutions and organisational capability maturity, in order to transform organisations abilities to manage all aspects of cyber and digital risk. David’s current focus is driving collaboration and innovation across the industry to address current and emerging threats prevalent with digital risk and improve the cyber resiliency and literacy in the community.

Mike Anderson

Mike Anderson serves as Chief Digital and Information Officer for Netskope. Over the past 25 years, he has built and led high-performing teams across various disciplines, including sales, operations, business development, and information technology. He joined Netskope from Schneider Electric, a global fortune 500 company, serving as SVP, CIO and Digital Leader for North America. In 2020, Constellation Research named him a member of the Business Transformation 150, an elite list that recognizes the top global executives leading business transformation efforts in their organizations. The National Diversity Council also recognized him as a Top 50 CIO for diversity and inclusion in 2020 and 2021. Before Schneider Electric, Mike served as CIO for CROSSMARK, where he digitally transformed the business capabilities for the 40,000 employee service provider to the retail and consumer goods industry. Also, he has held executive leadership roles at Enterprise Mobile, a Microsoft joint venture that is now part of Honeywell, Insight, Software Spectrum, and InVerge, a web services pioneer he co-founded in 1999. Mike serves on numerous technology and industry advisory boards and volunteers his time working with nonprofits focused on mental health and suicide prevention and those that benefit the development of our future workforce in science, technology, engineering, and mathematics.

Episode transcript

Open for transcript

David Fairman: If you think about cybersecurity, we are just a subset of a broader operational risk. Operational risk actually has a much better approach, or a little bit more maturity in being able to quantify operational risk in the organization. CISOs need to be able to stand toe to toe and be able to have a discussion at parity in regards to risk buy-down for this subset of operational risk. And that's really where we are. I think as an industry, as a practice, as a profession, we need to get much smarter at figuring out how do we make this a much more quantitative conversation.

Speaker 2: Hello and welcome to Security Visionaries. You just heard from one of today's guests, David Fairman, Chief Information and Chief Security Officer, Asia-Pacific at Netskope. As we set our sites on the new year, technology leaders are anticipating a growing list of security vulnerabilities, risks and trends. To kick off 2023, we brought together some of the sharpest leaders in the industry to share their predictions and resolutions. Before we dive into the interview, here's a brief word from our sponsor.

Speaker 3: The Security Visionaries podcast is powered by the team at Netskope. At Netskope, we are redefining cloud, data and network security with a platform that provides optimized access and zero trust security for people, devices, and data anywhere they go. To learn more about how Netskope helps customers be ready for anything on their sassy journey, visit N-E-T-S-K-O-P-E.com.

Speaker 2: Without further ado, please enjoy episode 17 of Security Visionaries with David Fairman, Ilona Simpson, and your host Mike Anderson. Mike Anderson: Welcome to our next episode of Security Visionaries podcast. I am your host, Mike Anderson. I'm our Chief Digital and Information Officer here at Netskope. I've got some very special guests here today. So last year we did a predictions episode in our first season of security visionaries where we talked about predictions for 2022. Today we're going to talk about predictions for 2023. What's interesting here because our theme has been a lot of CIOs on our tarp track this year, today we've got Dave Fairman. Dave has a unique perspective 'cause he is both our CIO and our Chief Security Officer for Asia-Pacific, and has been an industry veteran in the security side and a thought leader there. And then we've got Ilona coming in who's our CIO for Europe and Latin America. And Ilona has a vast background in manufacturing, both on the industrial side as well as on the consumer product side.
Excited for this conversation to hear the predictions. So with 2023 right here around the corner, I'm excited to have both you on to share some of your predictions. So I want to start first with Ilona. You had a long shot prediction around industrial metaverse and to quote in the article you said, "We will see wider recognition of the industrial metaverse and its key components. The digital twin shop-floor, in combination with supply chain automation and optimization through AIML models are real and relevant. Bring the opportunity to drive a deep technological shift as a business chains initiative." So Ilona, help me unpack that prediction and give me your thoughts.

Ilona Simpson: Well, thanks Mike. Good to be here. If there was a contest for the most over hyped, obscure and polarizing technology term in 2022, I'm sure some would cast their vote for metaverse. But if we start with definitions, I am a technologist, so my point of view will be different from one of marketeers or perspectives of someone running e-commerce. So first and foremost, metaverse to me is a hypothetical construct. It represents the fusion of physical and digital and it has three components. It's identities, properties, and spaces. And I would differentiate between three major areas based on the application of the metaverse, which are consumer metaverse, it's the enterprise version and industrial metaverse.
And zooming in on industrial metaverse, again, fusion of physical and digital and its identities, properties and spaces. The most straightforward, not simple foundational translation into technology, is a digital twin shop-floor. We've been using digital twin and automotive for over a decade. It's been enriched with AIML and can be widened to include supply chain. And the ultimate purpose of the exercise is optimization through simulation, and based on data driven decisions. And my Q&I from good old, school IT days the value chain of plan, build, run. And in industrial context we plan, build and run factories, manufacturing plants. So plan and build certainly important use cases. But looking at industrial metaverse, run is the one that has a true scale, but also the highest complexity because for an existing factory and industrial metaverse as a digital twin of that factory in the cloud, we have sensor data of the equipment that's collected and transported to the cloud where you can recognize anomalies, correlate data, apply algorithms and evaluate scenarios.
But walking through today's manufacturing plant, or assembly halls, or warehousing facilities, we'll find equipment including robots from various vendors with sensors built to different specifications, who are putting together what we call a smart or connected equipment. It does leave on the streets optimization potential of the shop-floor as a whole. So industrial metaverse in my view is taking that a step further to look at the ecosystem, to look at the plant, to look at the shop-floor in its entirety and taking a step further going to third party supply chain. The potential impact of optimization goes exponentially. And fairly recently there were also use cases around sustainability, around emissions and around topics that are very current and very relevant in these days for us all.

Mike Anderson: Yeah, so I want to ask a question around that before we turn to David. As I think about industrial metaverse and just processing what you just said, if I think about digital twin, it's often been looking at a computer screen to simulate what would changes to my manufacturing process do to the output I can create in my manufacturing line. So if I think about in today's hybrid world where I've got supply chain leaders around the world. So basically I'm making that an immersive experience to look at what that digital twin would look like. So I create a more immersive collaboration. Did I get you right on that?

Ilona Simpson: Absolutely. It's more immersive collaboration. It is also with the data, the granularity of data are the computing power we have at our fingertips. It's the quality of expression data driven decisions takes a very different dimension.

Mike Anderson: Maybe in this metaverse I can look more fit in the metaverse in that immersive experience when I'm engaging with my peers. So I'm looking forward to that. So David, I know you've got some passion around this topic. Share your thoughts for us around metaverse going into 2023 and beyond.

David Fairman: Yeah, look, I think particularly in this year specifically, we've seen a lot of impetus, a lot of growth in the metaverse. I think that's only going to carry on. So if we think about brands like Nike, Gucci, Samsung, Louis Vuitton, they've all created a presence in various metaverse platforms. You look at in the banking sector, J.P. Morgan and HSBC, they've established branches for the metaverse to be able to participate and market in that space. So I think we are just going to see more and more large brands build or design or create new business models that's going to allow them to create growth opportunities in this digital world, in this metaverse.
I think we've seen a lot of huge waves or a lot of huge growth in healthcare, gaming, fashion and education. And I think in 2023 we're only going to start to see that accelerate. And I think sort of tapping into something that Ilona said around the digital twins, what I just mentioned about education and training, I think the metaverse is going to play a really key role in how do we train the future workforce. And I think what we are going to start to see, we've already got this challenge after COVID, and this work from home, this hybrid world of organizations getting their employees back into the office. The reason they want employees back in the office is so that they get those informal interactions that we used to get when we were in the office. Those hallway conversations and that coaching, and that mentoring that you get when you're in an environment contained together.
I think what we're going to start to see is we'll start to see this digital workforce very similar to the digital shop-floor. It'll be a digital office where we can start to give our employees a very similar experience to what they had when they were physically in the office. So we'll get that coaching, we'll get that training, we'll get these informal interactions. And I think that'll be a way for us to compensate with maybe some of the benefits that we lost post COVID and working in a physical office. So that's where I think we'll start to see that definitely evolve.

Mike Anderson: No, that's good. I mean, I've definitely seen in the B2C companies, like you mentioned banks. If we think about our next generation of workers, the metaverse is very appealing. Having [inaudible 00:09:30], what I'd say young adults or teenagers, they definitely live in front of their phone. And so I think being able to connect digitally with people is just something that's more keen to that new workforce. So it's interesting, I too saw an interesting stat that Facebook now Meta is investing 20 billion dollars this next year into metaverse and has plans in the next five years to invest over a hundred billion dollars. There's a huge investment to go create a market for this. So it's definitely going to be interesting to play out. So with that, what resolution would you offer to technology leaders, security leaders that they should make for 2023 in regards to metaverse?

Ilona Simpson: My take on this is don't get distracted by the buzz and by the hype, look at the essence of what the next step that will bring value to the organization look like. What data is being generated, transported and processed, apply the learnings from IT, look at how to secure that new business model, how to integrate and achieve synergies with areas of enterprise technology that we have matured over many decades.

Mike Anderson: That's great. David, any advice you would have?

David Fairman: Yeah, I think obviously there's a lot of value here to be realized and organizations will be exploring this path. The piece I would, being the risk manager I am, is thinking about the new risks that are going to emerge as a result of this new digital world. Privacy and security work and requirements around that will evolve rapidly. So how do you think about getting your technology workforce ready to be thinking about these scenarios and having them prepared as the business starts to build new business models and create new capabilities. How are you going to be able to manage that digital risk for your organization? And as technologists and the leaders in driving the technology strategy and direction, we need to be ready and prepared to be able to deal with some of those risks and be able to articulate them. So start thinking about that now.

Ilona Simpson: And maybe to add to what Dave just said, security by design is something that we have learned. It's not only taking learnings technology wise, but culture, processes, frameworks, et cetera. So that shift left that we've been advocating for that is really well applied in this particular situation.

Mike Anderson: I definitely like the prediction. I always like to say anytime there's a new technology trend, you better learn about it because it's going to come. Your CEO or executives are going to say, what do you think about this? 'Cause of course every technology thing comes to the CIO or the CTO.

Ilona Simpson: Mike, I was faced with a situation where my board was telling me about WhatsApp because IBM executives found their way into the boardroom faster than the technology function.

Mike Anderson: I used to way back, anytime a new phone came out on TV, I'd go buy one just because I knew that one of our executives was going to have it tomorrow and our teams needed to be able to help support it. So just record those TV commercials. All right. I'm going to pivot to our next prediction. So David, you had a very interesting prediction around confidential computing and the quote you used is, "I think we will see confidential computing gain significant impetus as organizations reevaluate their technology and security stack. And will become a key investment focus in most security or in technology budgets in either 2023 or 2024." So why is this prediction you have on your mind for 2023, and what do users gain from confidential computing?

David Fairman: Yeah, look, I think... Well, let's talk about confidential computing first and what it is. Confidential computing is really protection of data using hardware based trusted execution environment. So effectively it's the secure enclave within the hardware in which our data is processed and executed on and manipulated. It's an environment that provides assurance around data integrity, data confidentiality and code integrity. And what it enables, it enables organizations to safely process data regardless of underlying code compromises. So that data is completely operating within this secure enclave and it's guarded.
If you think about one of the challenges that we've seen with cloud computing, people are worried about that data being out in the cloud. And I think we've done very, very well in terms of understanding data in transit and data in motion and data at rest. But data in use, data in memory is the conversation that always keeps coming back. So I think there's the rise of confidential computing and there's been some really great advances in this space over the past couple of years. It's really gotten to a place now where we're seeing some of the large hyperscalers and large cloud providers starting to go down this path and implement this within their hardware. So I think what we're going to start to see is confidential computing become the cornerstone of a security capability to help organizations accelerate their move to cloud.
And I think this is a great thing for organizations and I think it really helps us cover off that one risk that we've been talking about for many, many years. And if you think about this past year, you could arguably, you can say that there's been a significant rise in firmware vulnerabilities and exploits. So if you put those two things combined, this is a really good tool capability that we can use to help ensure that we've got that data integrity and that data confidentiality in place when data goes outside of our environment.

Ilona Simpson: And maybe to add to what Dave said, I consider confidential computing to have the potential of dramatically increasing productivity when it comes to multi partner computing. And just looking at the automotive sector where INCA software is being developed, not just one, two or a handful of partners, but where it's a layer of tier one and tier two suppliers with about 30% of that value being created by OEMs themselves. So that enables the end-to-end solution to be developed in a confidential manner and that could really be a game changer. It provides governance, enhanced protection as Dave said, and enhances increases productivity.

Mike Anderson: Yeah, it's interesting. It makes me think about, I was having a conversation with some large federal agencies and they were talking about the ability and the specific, this was focused on healthcare data and they were talking about private public partnership around looking at and processing data for the greater good. And this is specific to the United States, but it's an interesting one 'cause I think that kind of plays into how do you allow that, it sounds like that confidential sharing and collaboration on our information, Ilona, as you said, the manufacturing industry by parties that aren't working for the same company. How do I do that in a trusted way where that data remains confidential? So I think that definitely has lots of legs to it in the future. So with that, to get people started, what kind of resolution should technology leaders make when it comes to confidential computing in 2023? So David, I'll start with you. Then Ilona, why don't you give us yours as well.

David Fairman: I think the resolution that I would recommend is to start investigating how your organization can start to leverage confidential computing and accelerate their cloud migration, whilst subsequently reducing the risk. Be that driving voice in the technology organization and be seen as an innovator, and an enabler for your organization. Leverage these capabilities.

Ilona Simpson: This one, interestingly enough, I think will be driven where we'll see that it's driven by BDPs of engineering, software engineering and not CISOs. And there my resolution would be look at which one is a lower hanging fruit for a pilot and be mindful how to roll it out and implement. I think that's still, whilst the hyperscalers, Dave, as you say are on a way, we also have across a border consortium and there's lots of resources available that is still something in its nascency, I would consider for traditional enterprises to look where you can pilot proof of concept and look at the roadmap for a realistic execution.

Mike Anderson: That's great. I think when we think about the risk [inaudible 00:17:42] it, hopefully we have that VP of engineering 'cause security's a team sport. Hopefully we have that risk mindset in place with our engineering leaders so we don't get ourselves into trouble from the get-go. Security by design, as you said earlier, Ilona. I want to take us to our next prediction. So this is one we've been talking about a bit more, which is the need for quantified risk reduction plans.
So David is our resident risk reduction expert. The quote that I got here from you, "Companies, specifically boards, will want more data driven quantified plans for risk reduction. The challenge will be for CISOs to demonstrate that they're getting the biggest risk buy-down for every dollar they spend. As a result there will be more of a focus on empirical evidence driven by data." So David, can you elaborate on this prediction and why qualitative assessments aren't doing enough?

David Fairman: Yeah, sure. Let's think about the stages of where we've gone from a cyber investment perspective. I've been in this game for a long time. I think we started out where organizations just weren't investing in information security as it scored on the date or cybersecurity. And then we went to this mode where it became organization's boards were starting to get it and then they started asking the questions on, well are we spending enough? Then that evolved to a point, well are we spending it on the right things? And I think now in the financial markets that we are, the state of the markets and where we are, boards are now starting to ask the question on, are we getting maximum risk buy-down for every dollar that we spend on our cybersecurity program or our technology risk program?
The qualitative conversation saying well we are going to move from a high to a medium risk, just doesn't cut it. You can't relate that to a commercial discussion and a board. And if you think about cybersecurity, we are just a subset of a broader operational risk. Operational risk actually has a much better approach or a little bit more maturity in being able to quantify operational risk in the organization. CISOs need to be able to stand toe to toe and be able to have a discussion at parody in regards to risk buy-down for this subset of operational risk, and that's really where we are. I think as a industry, as a practice, as a profession, we need to get much smarter at figuring out how do we make this a much more quantitative conversation.
And the key challenges around that is you need to have the right data, and I think that's what's really held us I think as a security or a cyber profession in truly quantifying this is making sure that we've got the right source data to be able to get the right outcome, and have the right models wrapped around that. We've seen a lot of progress in this space over the past sort of five, six years we've started out with fair and factual analysis of information risk and now we've seen models such as cyber VaR start to evolve where we're now starting to be able to peg our risk or equate our risk on parody with other operational risks. So now we can start to have that commercial discussion and you know, think about what the board's role is, the board's role and the Exco's role is to make sure that they equally manage risk of the organization to achieve the growth objectives of the organization.
And part of that growth objectives is making sure that we're spending every dollar in the organization in the right way and balancing that risk for that growth. Obviously that's the natural catalyst for driving this risk conversation.

Mike Anderson: So Ilona, what is your take on quantified plans for risk reduction? Anything you want to add to what David was saying?

Ilona Simpson: I wholeheartedly agree with everything that Dave said. I personally like numbers and we as organizations, and boards, and functions learned our way to express our understanding of the business through numbers. And if we look at it, be it a PnL, be it a cashflow, be it net promoter score for customer satisfaction and the entire organization can talk, can express the state of the nation so to say, in numbers. So I can only second what Dave said, it is about time to have a seat at the table and be able to express it in that universal language as the other members are of the board or Exco do, that is invaluable.

Mike Anderson: I fully agree when I think about supply chain strategy and if I think about raw materials, I can make a risk decision to get a lower cost for raw material from a vendor that is not the desired security posture and that's a risk decision that I can make. Or I can make a decision to have a higher raw material price, but from suppliers that have a better security posture because I have less chance of disruption, or I could have a blend of that. And so having that conversation intertwined would be just an example that comes to mind myself around this whole, how do I quantify the risk in my decision-making process. So my question for both you on this one, and David again I'll start with you since you kicked us off on this prediction is, what resolutions should technology leaders make to better communicate the value of security in terms of this risk reduction to the board of directors?

David Fairman: So I think there's two things I want to say. One is the beautiful thing about risk quantification is the ability for us to be able to make trade off decisions. If we invest X amount over here, we can reduce our value at risk by Y. If we invest in different areas, we can reduce our value at risk by Z. So we can start to have those real tangible trade off conversations to demonstrate that. Now to do that, it comes back to a thread I started to pull in that previous session was around making sure we've got the right data.
So for me the resolution is around making sure that once you start thinking about this path, don't go straight into risk quantification, understand what true data source is you're going to need to be able to execute on that and get those data sources right, garbage in equals garbage out. Get the data sources, get those foundations right and then you'll be able to have a really good outcome and a really productive conversation 'cause people aren't going to be challenging the data, people are going to be leaving in the data and then you're going to be able to have really good data-driven conversation around this.

Ilona Simpson: Yeah, don't make a pseudoscience out of it, isn't it?

David Fairman: Exactly.

Ilona Simpson: But maybe to add to it, the quantified risk reduction plans is a team sport. And I see it on this occasion, it's a finance and risk, peers who are there to actually provide their expertise and bring in their CM guidance to make it a shared approach. As well as we can't get it, this is not something that a function does in isolation, so the buy in from across the business and working together with a wider stakeholder base is essential.

Mike Anderson: Yeah, and I think you're spot on, on both of you on that is if I think about risk reduction, the actual investment may not even be in the CIO or the CISOs budget, but rather in the operational team's budget to implement the proper controls to reduce that risk. And so I think that does require that team sport thinking, how do you make sure that you got the investments in the right areas to make sure you can actually implement the risk reduction plans you've aligned on from a board standpoint.

Ilona Simpson: As well as when you start quantifying, I think that, that quantifying is a big entry barrier and just start with risk assessment matrix. That's the foundation of it.

Mike Anderson: Yeah. Numbers speak louder than feelings when it comes to making business decisions, that's for sure. So I want to get to our next prediction here. So this is a prediction that we've been hearing a lot about is the convergence of priorities for the security network and technology teams as a result of transformation. So Ilona, how are you seeing this play out from your perspective as a CIO on the technology side?

Ilona Simpson: Well, I see that security and network convergence start with that, from the perspective of a CIO means that whilst the functions are there and they're there to stay, the priorities are increasingly shared as well as the end-to-end process. And we look at from strategic decisions, to architectural choices, to execution that does need strong alignment. And if this is not the case, your one plus one will quickly deteriorate to 0.5, whilst the potential for it to make a three. So it means that strategy and architecture topics are surfacing to the level of the IT leadership teams and the CIOs. And I also believe that it would benefit CIOs to maybe a different behavior, we're used to delegate functional decisions to the respective heads. Now, the convergence paradigm is an invitation or it's forcing us to actually look into the engine room of IT ourselves, because the perspectives are inherently different and the role of a CIO is the one of being a referee when it comes to cross-functional collaboration, looking at how to prioritize and again bringing the perspectives together.

Mike Anderson: Yeah, you definitely become the bridge builders when it comes across those organizations. Normally you would tell your functional leaders, go get in a room and figure it out and come back to me with a plan. And sometimes you may have to get more involved in that on this because there is a fair amount of change that goes into this. And obviously when you talk about security and network teams, the budget for security, a lot of it came out of the network and infrastructure budget. So there's always that pressure of maybe adding perceived complexity on the security side when the infrastructure network teams are looking for simplicity because their budget's not as big as it was the year before.
So that CIO is the only person that sits across both of those. That's definitely a good prediction. So David, given your background in security and now having both that CIO and Chief Security Officer responsibility here for APAC region, how are you seeing that convergence? How are you seeing these priorities manifest? I mean, I know we have a number of CISOs that have become CIOs in the Asia-Pacific region. I mean, you've seen them yourself or that carry both hats. So how are you seeing these come together?

David Fairman: Look, I think having a previous experience or specialization in security makes you think about things differently as a CIO, and I think in a cloud first world, and this is what I always go back, to in a cloud first world, the internal network almost no longer exists. The internet is now the network. And when we are talking about, if you think about in the old network world, we used to say, well the network guys just build the roads and security guys put up the traffic lights and the guard rails. Well, that doesn't work 'cause they're not necessarily building the roads anymore. But like I say, the road is now the internet. So really what we're talking about is creating this facilitation or this avenue, this mechanism to be able to get data from one processing environment to another processing environment.
Now you can't have a conversation about enabling that without thinking about the security of that data. So I think for me, the network teams and the security teams need to be joined at the hip. What the network teams and the infrastructure teams are doing now is they're building these mechanisms to be able to get this data to be able to transfer between different environments for that to be able to create value for the organization. As a result of that, they have to start thinking about the security of that data. So what we're starting to see is now these conversations are becoming... And actually the functions themselves are starting to think much more broadly and they're starting to think about these things so that collaboration is becoming tighter every day.
And I like to use the analogy, it takes two hands to clap. So you can't just build it and let it go. You need to build it and make sure it's safe and sound. And that's really what we're starting to see.

Mike Anderson: So as you think about resolutions for technology leaders when it comes to this convergence of priorities, what advice would you give to them to put on the resolutions for 2023?

Ilona Simpson: Bring it onto the agenda of strategic IT leadership meetings, whatever form they have.

David Fairman: Yeah, I think for me, it's very similar to that. It's around driving that data protection centric conversation across your technology organization, recognizing that the critical asset we care about now is the data. So however we want to manipulate, or transact, or transit that data in any way, shape or form, how we ensure that the right stakeholders and the security team is a big part of that, the risk teams are a big part of that. Those right stakeholders are involved in those discussions and we are working collaboratively and bringing those stakeholders into any of the conversations or initiatives that we have going.

Mike Anderson: Definitely great advice.

Ilona Simpson: Fantastic advice. Now Mike, Dave and I have been talking a lot. Would you have a prediction to share with us too?

Mike Anderson: This one may be self apparent, vendor consolidation obviously in a looming recessionary market and the perfect storm or workforce challenges, everyone is relooking at their tech stack to see where they can do consolidation, where they can reduce spend. I mean, I was just on two conversations this morning with technology leaders that are looking at that. We've already seen it in the news playing out. What I think is going to be different is there's a big difference between vendor consolidation to a suite of products underneath a single brand where each product requires a different set of skills to maintain and operate, versus a vendor consolidation strategy into a platform where I can train someone to use a technology that's going to handle those same objectives that suite did. But where I can have one person skilled so I get scale.
And so I think platforms are going to be the winners in this vendor consolidation aspect. And traditionally, a lot of times it gets in from just the economic headwinds, but the fact that we don't have the people, even if we have the budgets, that creates another challenge, which is, how do I simplify? My favorite quote is da Vinci, "Simplicity is the ultimate sophistication. Complexity is the enemy of security." And so how do we drive a platform strategy? And so I was talking to a CIO from an integration platform as a service company today, and he is looking at how they can consolidate tools in their own environments and he's talking to other CIOs on those same priorities.
And so I feel like the platforms are going to win out in this vendor consolidation because of the workforce challenges that we've got going on at the same time from the fact we can't find talent. That would be my resolution. And what I would tell people is make sure you look beyond the brand and look under the covers and see are you buying a suite of products or are you buying a platform? Because what you want to do is invest in platforms that can not only solve your financial challenges, but solve your talent problems as well.

Ilona Simpson: That's a brilliant one to end the predictions. Thank you, Mike.

Mike Anderson: No, absolutely. Well, I want to thank you both for your time. We had some great resolutions around these predictions so quickly on industrial metaverse, I think it's really inventorying to figure out how does this intersect with other things you're already doing like digital twin and how does this then play out from a security and risk standpoint, David, from your perspective around if I'm in a B2C business like financial or consumer, how do I make sure I think about risk and the data privacy elements of that. If I go to confidential computing, what I heard from both of you is just how do I think about collaboration across industries, across companies in a way where it's not just the data at rest, data and motion, Dave, as you were talking about, but it's data and use. So how do I protect data and use in a way where parties can collaborate together?
When I pivot to the quantified risk reduction plans, it's really first, as you said, David, I love garbage in, garbage out. You got to get the data in to figure out what data you need to be able to measure the risk so you can actually quantify it. And Ilona, your point it's people like numbers, we all speak around numbers like NPS and other things. And so it's important for us to use that same mindset when we talk to our boards and we talk to our companies around how do we quantify risk. And then last is around this convergence and priorities around security and network. And it really requires us to dig a layer deeper into our teams to really make sure we're bridging those gaps. And as you said, David, you can't clap without two hands. And so we need to be the ones helping facilitate the clapping in the right way.
And I think those are some great resolutions and some great things and advice for anyone listening to our podcast. And I really thank you both for sharing your expertise and wisdom with us on your predictions to 2023. We'll look back a year from now and see how well those play out, as we think about what are our predictions for 2024. So that's all the time we've got today. Thank you for listening today's episode of the Security Visionaries podcast. I'm your host, Mike Anderson. I'm the CIO and Chief Digital Officer at Netskope. I was joined today by Ilona, our CIO for Europe and Latin America, and David Fairman, our CIO and Chief Security Officer for Asia-Pacific. Thank you and happy listening.

Speaker 3: The Security Visionaries podcast is powered by the team at Netskope fast and easy to use. The Netskope platform provides optimized access and zero trust security for people, devices, and data anywhere they go. Helping customers reduce risk, accelerate performance, and get unrivaled visibility into any cloud, web, or private application activity. To learn more about how Netskope helps customers be ready for anything on their sassy journey, visit N-E-T-S-K-O-P-E.com.

Speaker 2: Thank you for listening to Security Visionaries. Please take a moment to rate and review the show and share it with someone you know who might enjoy it. Stay tuned for episodes releasing every other week and we'll see you in the next one.

Subscribe to the future of security transformation

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.