Case Study

Working From Anywhere: What It Means for Information Security and IT Pros

Panel discussion with Adrian Dunne (Global Senior Dir, IT, NextRoll), Vince Parras (Dir, Information Security, Carta), and Tarun Desikan (COO & Co-Founder, Banyan Security).

View Transcript

Speaker 1:

Okay. We are live.

Marci:

Well. Hello everybody, and welcome to our ISE fireside webinar. Today’s topic is working from anywhere in what it means for information security and IT pros. We’re absolutely thrilled to have Banyan Security as our sponsor today, and they’re a new customer of ours, so we are happy to welcome into the 10 ISE family. Before we get started, I’d like to go over the agenda with everybody and a few housekeeping items. So we’re going to begin of course our webinar at two o’clock, and then we’ll have our panelist introductions shortly there after.

Marci:

Let me tell you, we have a really great panel before we even got on the call today, we are talking about making this webinar very spicy. So I’m going to have you guys live up to that task. Then we’ll have some great discussions, we’ve got three subtopics for us to run through today and I think it’s going to be just absolutely wonderful and I’m looking forward to our discussions. Then of course we always want to hear from you. So 2:35 we will answer your questions on the air, but as you think of them, please enter them into the Q&A chat window and we’ll sign off at 2:45, so you can go ahead and be ready for your three o’clock meeting.

Marci:

Couple of other quick things to make mention of, you will earn a CPE credit for participating in today’s ISE fireside webinar. You will need to join us for the webinar in its entirety. To enter your CPE information you will do so by completing the survey, and we will send you your certificate via email by tomorrow, so that you can make your own deposits into your continuing education accounts. Again, we want to make sure that you are continuing your education and how that process works. So, let’s go to the fun part of our introductions of our panelists today. Adrian, I’m going to start with asking you to start and share a little bit about yourself.

Adrian Dunne:

Sure. Thanks Marci. Yep. My name is Adrian Dunne, I’m senior director of IT at NextRoll. We are a growth marketing firm based here in San Francisco. I was educated in Ireland, University of Limerick and I moved to America and New York and I worked for Accenture for about 12, 13 years maybe. Worked from the ground up, basically doing tech support and ended up running a senior leadership executive support, premium support program, managed all the offsite events and so on, so forth. So I got a very good flavor of networking and remote access just way back then in the early 2000s. Then I moved to the Bay Area and I worked for a bunch of startups here and I transitioned then into my current role. That’s it.

Marci:

Well, thanks Adrian. It’s good to have you or, did you want to add something else?

Adrian Dunne:

No, that’s all that’s enough.

Marci:

Vince, want to tell us a little bit about yourself? Thanks for joining us as well today.

Vince Parras:

Sure. Hi, I’m Vince Parras from Carta. I’m the manager for information security, so I handle a lot of the GRC stuff as well as Okta and a lot of corporate security items. I’m also a customer [inaudible 00:03:42]. Similar to Adrian, I started off in the IT trenches. I was a database administrator, CIS admin and so on. I’ve always gotten thrown into security because nobody else wanted to do it. So it’s always been something that I’ve always done inadvertently because I’ve been told that I just know what to do. I professionally turned security about five years ago.

Marci:

Well, we’re glad to have you here today and Tarun, we’d love to have you introduce yourself. Then also we’d love to hear a little more about what Banyan Security does.

Tarun Desikan:

Awesome. Thank you, Marci. This is a extraordinary time for all of us, so I’m really grateful that we can put the session together, have Adrian and Vince on, and also the audience that we have. So just by way of introduction, my name is Tarun Desikan and I’m one of the co-founders of Banyan. I started my career in networking. So, we were building these big, optical networking boxes in the early 2000s if you guys remember before the.com bubble burst, everyone thought that was going to be the next big thing. The crazy part is that’s how we get internet today is fiber to the home. So that’s where I started my career and over the years moved into different fields.

Tarun Desikan:

Most recently we’ve been at Banyan for the last few years, building a platform to enable work from anywhere. So the idea we started Banyan with, this was a few years ago, before COVID was a thing, was that more and more people want to be able to accomplish their job no matter where they are. So they don’t need to be in the office, they don’t need to be necessarily at a physical location. They might be in the beach and they need to get their work done. In the last year, COVID has changed so many things for us. I think we all know that we’re seeing this massive shift to remote work.

Tarun Desikan:

Now, I think there are a few things that are non obvious though. The first, we have noticed is that the status quo with respect to human capital has changed. At Banyan we’re San Francisco based just like Adrian and Vince, we used to hire primarily in the Bay Area, but that’s just not an option anymore. So today we just hire the best people wherever we find them. The latest hire I made was in Hungary. I think other companies are doing the same thing. There’s an increased reliance on a remote workforce and remote work, and I think this is a once in a lifetime change. I think we’re going to see more of gig workers, more of contractors and so on becoming part of the workforce.

Tarun Desikan:

Something we haven’t seen before, something that’s not going to change. I think when you look at the IT and the security side, that has real ramifications there. All these manual processes we used to do, all the traditional attack vectors, it’s all just gotten amplified. So, I think we almost have rethink, how do we deal with the world where there’s people coming in, going all the time, where you really need people to be productive on day one, or you’re not going to be able to enable them to succeed. Also security, you can get attacked because of still credentials.

Tarun Desikan:

So these are the challenges I think we are going to see a lot of and, I’m very excited to have Banyan because this is exactly the challenges, not really excited about why we landed up here, but this is why the product was built. So I’m excited to chat with Vince and Adrian on the challenges they’re seeing and how they’re attacking it.

Marci:

Well, thank you very much. What a perfect segue for our first topic Tarun. Our first topic today is actually going to be the strategic implications of working from anywhere. As you definitely mentioned the pandemic has really drawn a hard line between companies that have figured out how to operate remotely and companies that have just had figure out how to operate or didn’t make it at all, sadly. Those that are remaining really have had a societal shift out there, in that there’s strategic implications that we have to content to on a broad scale. On a positive note of all this, what we really have seen is the workforce is out there really being innovative and companies are able to even hire from larger global talent pool because they’re not limited by locations, commutes and geographies.

Marci:

It’s also really great for the environment as we are also starting to learn. But conversely, there’s some more complicated security challenges that have been confronted with us along with the loss of community and being able to connect with people in-person. So we have to work a lot harder out there to provide fine grain controls, so that we can build meaningful relationships, maintain our connections. We’ve been doing a lot of that through digital, but we also have to be operating in a secure and safe manner. I’ll throw one more element out there to the mix. Many of us have had face-to-face marketing and sales roles overall, and, we’re not selling in-person anymore, we’re selling a lot virtually.

Marci:

But we’re finding also that there’s some convenience to that, you’re not getting on airplanes, time saving and there’s more efficiency, obviously we’re still missing some of that human contact, but again, the deck of cards has really been shuffled for all of us and many of us have really done a great job of adapting, but there’s still lots of things to discover. Adrian, I’m going to start with you. What was the state of work from anywhere prior to the pandemic? Was your company always prior to the pandemic I should say office-based, or did you have a hybrid of where you could work from home?

Marci:

I know you are based on the West Coast and commuting is never the easiest thing out there. What did your office environment look like?

Adrian Dunne:

Yeah, we were very office-centric. We based a lot of our culture around being in the office and participation through the office, and we’re a global company and we have offices in Europe, in Asia scattered across North America. So very much from a cultural … if you were to go to our website pre-pandemic, we would really emphasize the office, all those sexy pictures of people walking around offices. I think there was an element that was starting to shift in terms of our hiring, especially within the engineering and InfoSec teams whereby we were looking more remotely, just because of the challenges with talent as Tarun had mentioned.

Adrian Dunne:

The technology was there to support getting that access. A little bit of a change had started pre-pandemic, but obviously to expand on that, since pandemic we’ve had a full 180 shift and we’ve come out and told our employees, we are now very much a hybrid model of what we used to be, focused on three areas, exclusively remote as an employee, a hybrid between you go in a few days a week, and then what we consider an office employee, which will be someone that wants to be in the office three or plus days. So it’s been quite a shift.

Marci:

Vince in contrast, has the pandemic changed your firm’s view from working from anywhere and has this been a good shift or a bad perception? I see you have a background of an office at one time, and I know you’re not working there now. Just fill us in?

Vince Parras:

Yeah. So for Carta, the stance that we’re generally taking is we’re going to go back into the office. So before pandemic, we had offices in Brazil and Canada and New York. So we hired again in those areas. In general I think we’re going to do that, but I feel that there’s going to be a little bit more flexibility when it comes to hiring more remote workers, or just saying like, “Hey, if you can come into the office more frequently or less frequently.” I think there there’s going to be more of that shift towards that paradigm.

Marci:

Wonderful. Tarun, you’ve touched about this in your introduction, has the work from anywhere model changed your organization’s view of human capital and I want you to dive in a little bit deeper about anticipating, leveraging those temporary consultants or those contractors, gig workers, and if you think companies like yours or your clients, might be leveraging that more in the post pandemic world?

Tarun Desikan:

Yeah. But before I jump into the answer, I think for someone who’s works or runs a work from anywhere company, I really want to be in the office. Personally I have two small kids at home. You probably hear them in this webinar. There’s going to be a one year old who comes in here and is going to yell, and it’s so hard for me to just have a good cadence during the work day. You just want to go cuddle that baby, just play with her. So I really look forward to getting to the office because that clearly articulates my start of the day and the end of the day. I really miss the camaraderie we used to have when you could just go run into someone.

Tarun Desikan:

I really miss that. Now having said that. We ourselves, we couldn’t go into the office. So I’ve learned to live with this, and now I’m liking no commute. I used to spend 40 minutes getting to the office. There’s no commute and, I can just take a break in the middle of the day and go do something. I really like all that. I think as a company we have changed. We were a young company, so we really wanted everyone to come into the office and get to know each other and build that culture. But we’ve adjusted. I think more and more companies, even the large ones are doing the same thing. And more specifically, we’ve now started saying, “We want to find the best person, it doesn’t matter where they are.”

Tarun Desikan:

I think that just freed up how we look for people, especially when talent is tight, especially in engineering teams, that’s been quite a remarkable change for us.

Marci:

Well, to that point, just real quick, before we transition to the next topic, what about from a sales perspective? You guys are an enterprise play. Do you think you might be going back to face-to-face selling or continuing having go-to meetings, Zoom meetings, or whatever platform that sales team versus having that in-person experience?

Tarun Desikan:

Yeah. I think even before the pandemic, we started noticing the shift where people were just more efficient saying, “Hey, let’s hop on a Zoom call and let’s just talk about what we need to talk about.” I do believe there is still a place for face-to-face. Especially if you’re working in complicated environments, you need to meet the other person to understand and build that trust. I think there’s still a place but, I think the world has changed. We’re not going back to standard face-to-face. I genuinely believe 90% of what we can do will be done remotely. You will not be jumping on the plane to go as a vendor to pitch a customer exactly what we do.

Tarun Desikan:

They’re also going to be biasing, just do it over Zoom and come maybe when we’re ready to sign the contract or something like that. I think the world has really changed. I don’t think we’re going back.

Marci:

Vince, what about you? Do you think we’ll be going back anytime soon to a face-to-face model and was your company like that before?

Vince Parras:

Yeah, so like what I was saying earlier, we were a face-to-face company and I think we’ll continue on.

Marci:

I know you were in the office but from a selling perspective?

Vince Parras:

Oh, from a selling perspective, well, for us our target markets were, we were able to sell, be it remote or face-to-face. I think the products that we had gave us that flexibility before COVI. I was going to chime in on Tarun and say, “Hey, how about my free lunch Tarun?” That’s the thing I miss most about the vendor calls, right? It’s like, “Hey, let’s go grab lunch.” Then just talk about the product and let’s grab a bite to eat. I hope that’s still in play, just because again, that’s what Tarun was saying. It builds a relationship. You bring the guard down, you have a conversation with someone and then you can actually open up and see what else is missing.

Vince Parras:

It’s like, “Oh, you guys were actually looking at that.” “We don’t sell it, but a good friend of mine does, would you be interested?”

Tarun Desikan:

Yeah. Those water cooler conversations, I call them water cooler, which is the impromptu discussions. Those are hard in Zoom, right? In Zoom you have to come with an agenda and go one, two, three, no one just hangs out to chat or have [crosstalk 00:16:53].

Marci:

Absolutely. Adrian was your company’s business model in-person in terms of connecting with customers or was it always telemarketing and everything like that?

Adrian Dunne:

Yeah. I think there was a balance between the two. We’re selling a product so it helps for us to be in front of a screen and pitch the product and do demos real-time and all that stuff. I think a large part of our sales org leaned heavily into that area. But, we all know sales folks, they want to get out and get that lunch going and Vince, I’m the complete opposite of you, I absolutely hate it, those lunch meetings, because I was always like, they’re taking too long and I’m the black sheep in regards to that. I just want to be sold and get on with it.

Adrian Dunne:

But Marci, I think what’s interesting is Tarun touched on this earlier. I report into the CFO and in many ways it won’t really matter what we think in terms of face-to-face or not face-to-face. The technology is there that says we don’t need to get on a plane anymore, and the data is already been built that you can sell perfectly fine without the face-to-face. I think a lot of it will be companies will look at their bottom line and say, “Wow, we are really able to stay afloat.” In many ways, improve productivity and sales in the remote environment. I think the CFO will knock on the door there as well. You got to factor him or her in.

Tarun Desikan:

So it’s going to be the kids verses the CFO. I need to leave the house verses the CFO.

Adrian Dunne:

Yeah.

Marci:

Well, let’s just shift gears to our next topic, which is the role of remote access in a work from anywhere strategy. Now, we’re just way past the emergency of everyone trying to get online and working remotely. That was quite the triage affair. For a lot of companies, it was a 48 hour, 72 hour window to get everybody from working in an office to working from home and we had to take a lot of shortcuts and things that had to go to the wayside. But what really stood out to me was actually those that were put in the cloud first, really had a head start. So the infrastructure of just where they were working really was no big deal. At the end of the day it’s just moving your devices around and setting up shop.

Marci:

That gave a lot of companies certainly a headstart that really were forward-thinking as it related to the cloud. Adrian, I want to ask you this, how important is remote access from work from anywhere? Because, now we are truly working from anywhere, where does remote access you think transformation might go or migration? And how does that fit really in the scheme and IT security priorities for your company? I’ll just say, one of the … I don’t know, positive things about the pandemic. You truly can work from anywhere, so how home doesn’t necessarily mean where you’re working from, I’ve had friends go to a resort community because their kids are learning remotely, they’re working remotely.

Marci:

So there’s a little bit of change of scenery of been in the house for days on end. So it just change things up for some people. Adrian, tell us where your head is at on working access, working from home from anywhere?

Adrian Dunne:

Yeah. it’s P1 for us. It has been for the last, however … You touched on it, the initial “oh crap” moment where you’ve got to migrate an entire company from an office-based environment to an at home based environment. You pray for a week that that will go off smoothly and absolutely Marci you’re right. Those that were already in the cloud space, that was quite an easy transition. Personally for our company I felt like it was an easy transition. We were a Google shop and we had a lot of stuff already in place. Phones ironically enough were our stumbling block because we still had a very legacy PBX based phone system that didn’t migrate it over very well.

Adrian Dunne:

We weren’t really happy with the cellphone solution of our provider at the time. But then as you expand and analyze the longevity of this and the cultural shift that’s happening, then you’ve got to reassess your position from just that initial reactionary point to a longevity game. We essentially, like I mentioned, P1 for IT has been getting that footprint right, getting that remote access environment, be it cultural, hardware-based security obviously, and just functionality … all of the umbrella of all of those is critical to what we’ve been focusing on. The living rooms has become the office or the Starbucks has become the office.

Adrian Dunne:

But also in many ways the home router has become the server room now. So you have this very strange and yet wonderful complete reversal of where you were five years ago, two years ago, three years ago, where it was very much let’s build up perimeter around what we’ve got. I never cared about anyone’s home router in many ways. I was whacking a VPN on top of it and I was … see you later. I don’t want to get into that space. You can’t really do that anymore. You have to realize that that’s now a part of your network.

Marci:

Vince what types of solutions are you using to enable the remote access now? Have you seen any vulnerabilities that might be out there and are you finding any challenges in mitigating any security gaps?

Vince Parras:

Again, we’re using Cisco Umbrella for our DNS. We had that in our offices, now we’re rolling that out on the local machine, so it does protect us from the specific [inaudible 00:23:39] we’re calling home. That’s one of the tools to help us bring the fence closer, the barrier closer to the end users. In terms of vulnerabilities per se, it’s the same before COVID. For us as a company, we had VPN, people were able to log in remotely and do their work. So we were a cloud first company and it made it easier similar to Adrian, the transition was hard, but it wasn’t as hard as a lot of other folks. Interesting aside on that is, some people bring their laptops home and now they only have a laptop to watch Netflix.

Vince Parras:

If you’re shoving all traffic through your tunnel, now you have Netflix traffic on top of all your other traffic. So those companies may not have been prepared for those. Luckily for us, we were transitioning to Banyan, so we didn’t see too much of that. But I’ve heard of stories where, when everyone started working from home, the VPNs just started to shut down, just because of those instances.

Marci:

The overflow.

Vince Parras:

Yeah. Everyone’s watching YouTube, Netflix on their laptops because … yeah. They got nothing else to do.

Marci:

Yeah.

Tarun Desikan:

I would be pretty concerned if Vince was judging my Netflix purchases.

Marci:

Well, this actually is a good point for Tarun now. I see is a visionary who co-founded Banyan Security. So what do you think the role of the remote access is going to look like over the next year? Vince touched on it, that the VPNs can’t really hold up their lack of better words, they crapped out at a lot of different companies, because they couldn’t handle the volume of traffic coming in at the same time. What do you see on the horizon for today’s challenges and even tomorrow’s problems?

Tarun Desikan:

Yeah. Personally, I started my career building these networking solutions, so we know how we thought about when we built it. And we really wanted to see your Netflix videos, we wanted all traffic to come through our routers. We designed it that way. I think when we started Banyan, one of the things we realized was that fundamental assumption is false. At least in my philosophy, I don’t think my company wants to know what movies I’m watching. I don’t think they really care. But what they do care about is, if there’s a corporate resource, if it’s a sensitive resource, they want it logged. They want to know when you accessed it and they want to make you productive when you access it.

Tarun Desikan:

We didn’t know COVID would be a thing when we started Banyan, but this problem existed well before COVID. Those traditional network boxes that we built back in the day, I wanted your Netflix videos to come through. I wanted the Zoom videos to come through us. And many times I would host the exchange server for your email. And that was the world that it was built for. But when we started looking at the ecosystem, everyone’s documents are in the cloud and everyone’s emails are in Gmail, who would’ve thought? All our corporate email is in Gmail. 10 years ago that would’ve not been possible.

Tarun Desikan:

But nothing had changed with respect to how the network traffic was being routed. I do think that if you really want to enable work from anywhere and you want to enable it for a large workforce, you have to rethink some of those fundamental building blocks. That I think is really important, the other thing I do believe is that people will come back to the office. Now work from anywhere, we very specifically called it work from anywhere and not work from home, because I personally want to go back to that office. I can hear my kid crying. I’m like, “Please stop.” But I want to go back to the office and just because I’m in the office, I shouldn’t get some new security privileges.

Tarun Desikan:

We should have the same security model, whether you’re at home or you’re in the office. I would like the employees to be empowered, to make security happen regardless of where they’re working, home or office or coffee shop. I do see that philosophy as required to enable a work from anywhere, remote access philosophy for organizations. I’d be curious if Adrian, Vince what you see.

Adrian Dunne:

Yeah, just to jump onto that Marci, the mindset is the exact same for me and for us in that if something different happens in the office, even if it’s a good thing in many ways, we’re ready to pull it out, because there shouldn’t be any distinction between Starbucks and the office anymore. There’s no point to it. The world has changed and so, you don’t need that perimeter, we’re cloud-based, we don’t have the traditional resources sitting in there that we need to hunker down and protect. And so I agree 100% with Tarun when he says, yes we want to go back to the office, but it doesn’t matter that it’s the office, it’s just a bigger than just furniture.

Marci:

Yeah. That’s just a difficult space of things, right? That’s just the physical of where you’re at, that your computer and how you’re using your computer and what it’s accessing should not matter, if you’re sitting in a conference room, a Starbucks, an airport or at the beach, at the end of the day, because you should have the same controls in place, no matter where you are. That’s to me very logical, but it’s taken how many years for us to get there to or think with that mindset, and maybe it took a pandemic as well, but I’m going to shift us over actually to our next topic, which is really where we’re starting to touch about it, but really entering the Zero Trust Access model.

Marci:

That’s really where our security environments certainly have evolved and our mindset here has just evolved. So, it’s just keeping us protected against intrusions and Zero Trust has become a much more hot topic now and more established and understood as a sound actually security principle, but it still has to have gone through some advancements like any emerging type of technology and evolution and to deploy Zero Trust effectively, you really have to think about it from a border less security perspective and how we just equated it. If the physical state of where you are doesn’t really matter so much, it’s the same information and the same work that you’re doing regardless of where you’re physically being located.

Marci:

So let’s go ahead and dive in here. Tarun maybe for those that are new out there to the concept of Zero Trust, because it is a newer thought, it’s not old. Tell us about some of it just the basic fundamentals of Zero Trust, just to get everyone in the same terminology.

Tarun Desikan:

Zero Trust is both a buzzword and a new concept. It’s funny, right? It’s used to say so many things and yet most people don’t know what it is, but I think the fundamental concept was that traditionally, if you are in the office, you can access everything, you’re in a trusted network. Zero Trust says, it doesn’t matter where you’re located, I’m going to authenticate you as the user, I’m going to authenticate the device, I’m going to make sure you’re accessing the correct application, so you’re authorized to access it and I encrypt all traffic. It’s a very simple concept which says, I’m not going to assume any trust. You have to assert it. Then I’ll give you access.

Tarun Desikan:

More and more organizations need this specifically things like older companies, companies that don’t have a cloud first architecture, because a lot of times breaches occur, because the people you trust the most, get compromised. It might be a trusted contractor or a trusted administrator, and you just trust them because they’re in the office. But because they don’t have to assert that trust, assert that identity, someone compromises them and now they have unfettered access to your environment. By making sure every access is explicitly authenticated and authorized, you establish security.

Tarun Desikan:

That’s the geeky Zero Trust feel. But the non geeky one is Zero Trust is just the right way to do access. If you were to design it from day one, this is how you would do it. We just come from a different word. That’s about it.

Marci:

Vince, I’m going to ask a follow-up question here. You talked about some of what you heard in terms of challenges out there with people overloading the networks and the VPNs as it relates to the traffic, because they we’re watching Netflix and all sorts of things. But what other their challenges have seen out there as it relates to the implementing Zero Trust, and then maybe some of the pluses as well. I always like to look at the glass half full but learning lessons of what’s … and being realistic to me is how you forge ahead.

Vince Parras:

To Tarun’s point, lack of knowledge of what Zero Trust is. There’s so many documentation or blogs out there are saying, this is what Zero Trust is supposed to be. You implement it and you do it wrong or it’s not the way that Zero Trust is designed. Yeah, I’ll leave it like that. That’s fundamentally where I see it. What was the second question?

Marci:

Well, just some of the benefits. Is it more reliable overall? As your end users having a better experience of logging in and just being able to see the same things that they’re able to see, regardless of where they’re at?

Vince Parras:

If you do Zero Trust properly, the user shouldn’t really notice or see. On our side, on the engineering side, they had to do some tweaks, but for the finance and the HR side, it’s just accessing the webpage and it just works. On the backend, specifically on the security side, we have better control. We trust but verify. Now we know because we have to have our MDM installed and make sure that if you have the MDM installed, you can access the Banyan and it works together because now we control the laptop, we control the user, it’s tied through Okta. We have better understanding and verification of the user. So, there’s a lot of benefit for us on that side.

Marci:

It really seems like Banyan for you and Zero Trust has co-mingled really well into your existing architecture and even more you enhanced it. That’s pretty what I’m hearing.

Vince Parras:

Yeah, that’s correct. It’s just, we’ve expanded a lot of the use cases for Banyan in our implementation.

Marci:

That’s awesome. Adrian, has there been resistance at your end or has it just been a really positive experience for everybody?

Adrian Dunne:

There’s always resistance to change and it’s always multiplied when engineers are at the front of that line and affected by that change the most. So yeah, resistance is inevitable to … The high level what Vince says, I think going in with the foresight of educating the end user is key to mitigating that resistance. But also again, if you build it out, there’s an ease of use that you gain as part of it. So, that helps the resistance incredibly. But there are challenges, there’s no way of avoiding those. And a big part of what I discovered was one of the key challenges is that essentially you’re carrying three departments together to implement this.

Adrian Dunne:

There’s a DevOps team that are running a lot of the backend stuff, there’s a security team that are prioritizing the security side of it. Then there’s an IT team that personally I think is advocating for the end user a lot and the end user device a lot. You have to move all three of those departments together and balance everyone’s desires at the right moment. But the technology, the timing for the technology is perfect because, the traditional protecting the building is gone. You’ve lost that control. So you need to go back to trying to figure out where can I see start the control? And it starts with the end user getting that trust.

Adrian Dunne:

The trust score basically. So you’re trusting your end user and then trusting your device. If you can build up from that, I think because … Those are the only variables that we can control now.

Marci:

Absolutely. And Tarun did you want to have a quick word before we transition into Q&A?

Tarun Desikan:

Yeah. I just wanted to say, I think Adrian made a great point, right? There’s a convergence and I think this is what the remote world work from anywhere world has gone where three very different teams, IT and security and DevOps have to work together to enable a real work from anywhere experience for the employees. It can’t just be one team’s job anymore. I think companies that recognize that convergence and companies where the teams work well together to enable this, I think they do a great job, while companies that still operate in silos, it’s much harder for them. VPN guys want their VPN, the DevOps guys want their bastions the IT guys keep their Oktas and they don’t really play nicely with each other.

Tarun Desikan:

That makes it very challenging. As a vendor we spend a lot of time trying to build a product that’s easy and as Adrian and Vince knows, it doesn’t always happen on the first iteration but that’s our goal, and we want to get there. I just want to make one more comment which is, many customers, they don’t quite have the right expectations when they hear about Zero Trust. Zero Trust is not one and done, it’s more of a journey. Oftentimes I hear, “We should have started Zero Trust last year. If we had started Zero Trust last year, we’d be golden today.” There’s an Indian saying, it’s like, “The best time to plant a tree was 20 years ago, the second best time is today.”

Tarun Desikan:

I said we should have started Zero Trust a year ago. I’m like, “You can still start. It’s still going to be good for you.” I find that very interesting.

Marci:

Well, excellent. Well, very insightful conversation and looks like our audience has some questions for us. I’m going to start with Dave from Diego Santana. Are you going to split tunnel VPN route? And if so, which traffic do you offload to the ISP? Who would like to take that on? Maybe Tarun would you like to try to take that on?

Tarun Desikan:

I think Adrian and Vince would be better for this question.

Marci:

Okay. Oh, Vince, do you want to go for this?

Vince Parras:

Yeah, I was going to say so we’re running Banyan so it’s naturally split tunnel, right? Like we’re only shoving traffic that we need to go to our AWS cloud. So everything else goes straight to your ISP.

Marci:

Okay. So if somebody is watching Netflix from their computer?

Vince Parras:

Yeah.

Marci:

And then working?

Vince Parras:

Yeah.

Marci:

Something like that thing. Oh, that’s awesome.

Tarun Desikan:

I think Marci it’s a philosophy. As as a IT organization. Yeah, Adrian maybe you can cover that philosophy.

Adrian Dunne:

Well, again, it’s that mindset of changing from what you understand to be a traditional VPN to the Zero Trust layer is really not about that … Sure, there’s aspects of it of course, about the movement of traffic and whatnot. But it’s really about the trust piece of it. Do I trust the person and the device? Then granular access, least privilege wrapped around that. So if I’m on Netflix, nobody cares. We’ve already established we don’t care what that is. So you just move on to the next thing.

Tarun Desikan:

In the old days, you didn’t spend the time establishing the trust of the user and the device. So you had to see that Netflix video, to make sure that it wasn’t malicious. You had to. Then you would block potentially malicious traffic and allow non-malicious traffic. But in the new days, if you put strong trust in the device, strong trust in the user, you can trust them to serve Netflix. What do you care? They’re watching Netflix. Do you guys care what they’re watching on their corporate devices? Do you have a corporate policy on that?

Adrian Dunne:

No. And it’s one of the questions that I get asked all the time. It’s like, “Are you guys looking at what I’m doing?” I think that the folks think that there’s 10 IT guys in a room doing nothing but looking at logs, there’s no benefit to this. And it’s an insight joke Vince is laughing. I’m sure he gets that commentary all the time. We’re not wasting our time doing it. Obviously there’s checks and balances in place, but, there’s no big brother aspect, there’s no benefit to that big brother aspect.

Marci:

From Randy Harold, how are you providing education awareness to you and your users? So we touched on it, but we didn’t actually dive into that. Does anyone want to jump into that question? We’ve got a few questions left in a little amount of time, so I just want to go through them as quickly as possible so we cover them. Does anyone have any thoughts about how are you-

Adrian Dunne:

In my environment … I don’t mean to pick on engineers, but I categorize the end users as twofold, an engineer and then a non-engineer. Oftentimes the non engineer is more concerned about … less, if you will. Does it work? Great. Okay. Can I ignore it? Great, on we go. The engineer wants to understand what’s going on in the background because it oftentimes affects their config and whatnot, and their day-to-day stuff. I think you should manage that education in two ways. You should have a siloed, deep dive with your engineering departments or product, whoever wants to be involved in that, and really get into the granular and get that understanding across of … Tarun said it earlier.

Adrian Dunne:

If we could build security from day one, this is how we should have built it. It’s just that the technology is there now for us to support it, right? So we’re doing it right for the first time. I 100% agree with that, that this is how I would’ve built it from day one, that point system of a access. I think you balance the education around who the audience is and for me there’s a distinct line drawn around that engineering bubble and the rest of the end users.

Marci:

I just want to do one more question from Tom Ray. We are trying to provide a similar and same look and feel where everyone is working, but how else are you providing equity across the physicians that are requiring presence onsite for field, call center and those physicians open to less present IT, engineer types of folks? Anyone want to tackle that real quick before we wrap up?

Tarun Desikan:

I can take a stab. I think we are all very biased here. We are knowledge workers. Our companies are software knowledge-based companies. So we have the luxury on day one, being able to work remotely, but in the service sector restaurants, hospitals in medical sector that’s just not an option. You have to go onsite. I think the same philosophies also apply when you go onsite, but it is applied differently. We didn’t touch upon some of those challenges in this conversation. Their physical security becomes a lot more important, to specifically devices that can be … Anybody can come in and manipulate them. So there are different concerns. The Zero Trust philosophy is still applied.

Tarun Desikan:

It’s not necessarily a work from anywhere security that you need, but it’s a different kind of security, different kind of Zero Trust.

Marci:

Well, thank you very much Tarun, thank you Vince and thank you Adrian. We are thrilled to have all of you with us today and to share your knowledge. I had a lot of fun. I hope it was spicy for you guys. Was it spicy?

Tarun Desikan:

Haha Curry.

Vince Parras:

Yes.

Marci:

There was a lot of questions that were asked and unfortunately we ran out of time in answering those questions. I really would encourage you guys to reach out to Tarun, have some of your questions answered, there’s definitely some interest for sure on Banyan Security. We also would appreciate your feedback on what you thought about today’s webinar and give us some ideas for some other programs. Your feedback does mean a lot to us. Also if you do need a CPE credit, we want to make sure you fill that out so that you’ll get your email tomorrow letting you know that you completed today’s session.

Marci:

I want to say thank you to Banyan Security for being our sponsor today, and I want to thank all of you wherever you might be for joining us at our ISE fireside webinar. I hope that all of you stay healthy and safe, and we’ll see you next time. Thank you.

Tarun Desikan:

Thank you.

Close Transcript

< Back to Resources

Deploy in Less
than 15 Minutes!
Simple, secure, & free!

Quickly provide your workforce secure access to corporate resources and infrastructure.

Get Started Now