How Security Leaders from Okta, Proofpoint, Netskope, and Crowdstrike are Embracing the Work-From-Home Opportunity
This spring and summer, companies across many verticals have had no choice but to buckle up and shift into full support for remote work, and retooling as quickly as possible to secure anytime, anywhere, any-device access for their teams
Companies are calling on their Chief Security Officers to lead this incredibly rapid shift into the cloud future. But to get there, CSOs and CISOs have to quickly assess the new threat landscape and reimagine their cloud infrastructure to safely meet the new demands of remote work while securing people, devices, infrastructure, and network. The stakes are high. But for security chiefs who get this transition right, this moment can be a career gamechanger.
“Those of us who can light the path forward and show how we can accelerate into digital transformation securely will secure a seat at the highest table, permanently, moving forward.”
—David Bradbury, CSO, Okta
So, we went straight to the security leaders charting this new future.
Meet the CSO Dream Team.
To help our customers meet this serious challenge, Okta joined forces with our best-of-breed colleagues at Proofpoint, CrowdStrike, and Netskope for a one-of-a-kind event on Wednesday, August 12th — “Work from Anywhere: How Leading CSOs Are Staying On Top in Today’s Threat Landscape” brought together four enterprise security leaders laser-focused on helping their customers navigate this transition:
- David Bradbury, CSO of Okta,
- Lucia Milica, CSO of Proofpoint,
- Lamont Orange, CISO of Netskope,
- Amol Kulkarni, CPO of CrowdStrike
With Rafal M. Los, VP of Security Strategy for Lightstream, and the host of Down the Security Rabbithole podcast moderating, the panel explored the complex challenge of quickly securing a work-from-anywhere environment.
In this post, I summarize the top four themes from the event. For the entire talk, watch: Work from Anywhere: How leading CSOs are staying on top in today’s threat landscape
1. The top threats the CSOs see are coming from people.
Working from home has dramatically increased the attack surface for organizations: Picture a child using their parent’s enterprise laptop to download a paper during a school Zoom call. “The perimeter is gone; a lot of the roadblocks that we put in place for security are gone,” said Crowdstrike’s Amol. “That makes it far easier for attackers to penetrate the network and get access to the enterprise crown jewels.”
With no walls and no borders, securing the new environment starts with securing its people, who are reliably the #1 attack vector. Your teams have to authenticate securely, be trained to resist phishing, understand why they need to stay compliant, and more—all within the context of having their guard down, potentially, inside a lax home environment.
“Attacks are increasingly targeting people, not infrastructure. People are the new enterprise edge, and we have to start thinking about security from that perspective.”
—Lucia Milica, CISO, Proofpoint
Your workforce has to be protected against outside threats and inside threats, but they also have to be protected against themselves—you need controls in place for that employee who routinely hands off sensitive information. If you’re allowing access from anywhere, you have to introduce robust user monitoring.
2. Your ability to secure the enterprise is only as good as your visibility.
To reliably secure a work-from-anywhere environment, you need to be able to secure four things: people, devices, infrastructure, and network. And none of that is possible without clear, real-time visibility into all enterprise activity. Not just theoretical visibility, with proliferating dashboards and impractical sight lines—you need deeply integrated solutions that bubble up user activity and data into views security teams can easily parse in real-time “Any platform that does not provide end-to-end visibility is going to hamper your ability to detect anything malicious,” said Crowdstrike’s Amol.
“I’m sure the workforce, since they’re no longer in the buildings, have gone direct to the cloud whether you know it or not. So you have to build around that.”
—Lamont Orange, CISO, Netskope
Without true end-to-end visibility, you cannot reliably provide the set of interconnected services the enterprise needs, like external and internal threat detection, cloud network and data protection, and application risk assessment and governance. CSOs need data-driven insights, like who their riskiest users and most targeted users really are, so they can apply the right adaptive controls and protections.
3. Security leaders need to future-proof their enterprise with integrated solutions that learn and evolve faster than threats.
Establishing a Zero Trust security posture and enabling anytime, anywhere, any device access for a dispersed workforce calls for new solutions. But which ones? Suite solutions offer tempting one-stop shopping, but often fall short at the integration level. Assembling individual best-of-breed solutions, on the other hand, can involve an intimidatingly complex process of decisions, approvals, integrations, and deployments. What’s the right path for a CSO with a mandate to move quickly?
“We’re at an inflection point in the industry. Until now, the choices customers had were either to do a complex integration of best-of-breed solutions themselves, or adopt bloated suites that never integrated well. With this coalition, we are blazing a new trail, where the best-of-breed solutions build an integrated solution for you.”
—Amol Kulkami, CPO, CrowdStrike
This is precisely the challenge the Okta, Crowdstrike, Netskope, and Proofpoint coalition was created to solve. With these four cloud-native, deeply integrated solutions working together, you can simplify your security stack, adopt a zero trust network access strategy, shift workflows to the cloud, and let your remote workforce safely access their apps and assets through any device with a seamless end-user experience.
An explainer video that kicked off the webinar explains how the four solutions work together:
- Okta and Netskope use industry-leading identity management to provide secure access and enforce granular cloud usage policies.
- CrowdStrike and Netskope exchange threat forensics between apps and endpoints to enhance security.
- Okta and Proofpoint enhance visibility around highly targeted and at-risk users within an organization, applying automated responses that mitigate the extra risk.
- Proofpoint and CrowdStrike secure users and devices from sophisticated attacks by bringing real-time visibility into threat activity, investigation, and remediation.
- Okta and CrowdStrike provide endpoint protection that allows access to sensitive materials only via secure, compliant devices.
4. Challenge is opportunity: Get the green light to enact transformational change within organizations. Seize the moment.
For many enterprises not born in the cloud, digital transformation was a long-term goal targeted by a continuing process of incremental improvement. Not anymore. “We’ve had people who had a two-year roadmap for digital transformation complete that within a matter of weeks,” said Amol.
The sudden call to accelerate digital transformation provides security leaders with a once-in-a-lifetime opportunity to bring about dramatic change in their organizations. In the details of managing a quick transition, security leaders can’t lose sight of long-term strategic goals—it’s their job to be a sort of general manager of their company’s security business, according to Netskope’s Lamont, and they need to lead the way, chart the path and measure the ROI of their solutions.
There’s a lot of pressure to get it right, and the stakes couldn’t be higher. But CSOs who can quickly solve this generational challenge and bring their companies safely to the other side will reap the rewards for a long time to come.
As the panelists explained, the Okta-Netskope-Proofpoint-Crowdstrike coalition was purpose-built to simplify the process of bringing best-of-breed solutions together, so CSOs can more easily strengthen their security postures to meet today’s challenges.
If you missed the webinar or want a refresher, take a look at the Work from Anywhere: How leading CSOs are staying on top in today’s threat landscape recording.