Advancing Life & Work

HPE Tech Talk Podcast - Why Zero Trust Security Matters, Ep.4

With data exploding and apps living everywhere, securing a distributed system is an unprecedented challenge. We’ll discuss this pressing question of security, while unpacking why Zero Trust matters to today’s enterprise.


Also available on:  Spotify  /   iTunes  /  Other podcast apps



Robert Christiansen:

Welcome to the HPE Tech Talk podcast. I'm Robert Christiansen, your host. Thank you for joining me this week. We have a really special guest this episode: Sunil James, who is the senior director of HPE Security Engineering Group, and fundamentally at the heart of an initiative that HPE is passionate about. 

Welcome to the show, Sunil.

Sunil James:

Thanks for having me, Robert.



Can you tell everybody what it means to have a zero-trust framework or initiative in their organization and why it matters?


Yeah. Well, I appreciate the time and this is a great conversation to have right now because of the fact that we have an ever-increasing number of people who are no longer able to just work from within the confines of what has historically been a safe network perimeter for their enterprise. The idea of large firewalls, and then everything behind that being safe and secure has fundamentally changed because we don't have those walls like we did; the COVID crisis has forced all of us to rethink about how we're going to be able to get access to knowledge, how are we going to share information with each other and how are we going to do so wherever we are on the planet.

So the zero-trust mindset allows enterprises and its employees to take advantage of flexibility to be wherever you want, but at the same time providing layers of varying trust and security to ensure that you are who you say you are, a system is who it says it is, before it's able to transact or interact with any other system as a whole.

This concept is increasingly becoming relevant to larger enterprises because of the fact that we have technologies such as containers, serverless cloud computing more broadly, that make it possible to take advantage of huge amounts of computational resources, storage resources, networking resources that run all over the planet—and because of that, the old ways of how we've thought about providing security are fundamentally broken. So that's why these zero-trust concepts are taking hold these days.

Imagine, you are the CIO, you're the CEO of an enterprise and on a Monday morning, you wake up and at the front door of your building, there are 50 new employees to your business. So you have to bring them through a process of onboarding

You figure out what job they're going to go do and then you make sure that they have whatever access rights they need to for however long they're going to be there. If you have to make changes to it because they change roles or they leave, and that becomes a little bit of a cumbersome process. Now, imagine the next Monday, you have 50,000 containers showing up to your front door, right?

They've got a specific role. They have to share information with other systems. They have to receive information, and like other software systems, they got to move around virtually and physically. You have to give them all the rights that they need as well and then you have to be able to tear all of that down when they leave. The one difference between humans and systems is that a human usually is going to be inside the enterprise for a good period of time. Containers can last minutes.

So how do you go through a process scalably where you have tens of thousands of containers showing up your doorstep and then 10 minutes later leaving? This is where some of these techniques and concepts really start to show their strength.


That's a fantastic analogy. I mean, can you imagine just drawing on the whiteboard there a whole bunch of 50,000 people standing at the doorway trying to get badged in. Okay. So let's pivot in. What organizations or what industries are really starting to embrace this as a core foundational way of handling security using this zero-trust foundation?

One of the fundamental markers, at least for organizations we've spoken with that are exploring the idea of zero trust for their infrastructure—not necessarily for their humans logging into their systems—is their desire to start taking advantage of much more dynamic computing platforms. The container movement, going back about six, seven years in well before that in the Linux world, has become much more palatable for enterprises because of the fact that there is an increasing amount of tooling available to utilize this much more sophisticated, much more flexible computing model to run your applications.


Obviously HPE has its own with Ezmeral Container Platform. But that technology is a key marker in terms of an enterprise that is starting to rethink how they're going to build, deploy, and run production software for their business. When they start thinking about that, that starts to bring up a number of questions in all aspects of how they build software, including security. So for us, that indication is something that we really see a high correlation with people starting to think about zero-trust frameworks.



So yeah, one of the things I think is interesting here is that you and I have been involved with companies that we would consider early adopters of public cloud. They built net-new applications that are in that space. But I think you and I are seeing organizations like healthcare and automotive and various other places that are absolutely in the same place, because I mean, you think about what goes on in an autonomous vehicle, you've got this problem.


You're hitting it on the head. I've been lucky to have experiences in my career inside of places where they have been thinking about these models of security, because they were born in the cloud for all intents and purposes. Companies are all realizing that we need to be able to provide similar types of platform security capabilities built around zero trust to get scale when you move to the cloud as a whole.

I think a lot of organizations you referred to, whether it's autonomous vehicles and others, have their own scaling challenges. When you talk about the number of distributed components inside of an autonomous vehicle that have to communicate with each other, they have to communicate out of their car into a broader network as well. There's similar types of challenges coming at them and so I expect these models to find their way very quickly into those customers as well.



That's a good point. You and I are both on the front row, literally, of what HPE is doing in the on-premises space for the deployment of Ezmeral with our container platform, our data fabric, a lot of the analytics that we're bringing to our clients, and we're seeing really interesting sets of use cases showing up inside the enterprise clients on premises. Talk about how HPE is positioning itself with this technologies.


Well, there's a lot of use cases. I'll talk about one in particular that's really exciting. Most of the Fortune 5000, they’ve been around for long time. They serve many customers of all forms and fashion around the world. They produce huge amounts of data that have yet to really be tapped into in terms of understanding the signal from the noise. There's been plenty of technological innovations to help enterprises kind of find that signal, but I think we're at the very beginnings of that.

This data is still buried inside of enterprises. It remains locked away in the bowels of data centers They're not necessarily running in public cloud providers, and that data is rich with potential value. One of our customers is a Fortune 100 healthcare provider. They're sitting on a huge amount of knowledge that can be not only leveraged for the purposes of their business, but also for the purpose of solving and addressing healthcare issues as a community and as a population.

So for them, the concept of zero trust is pretty fundamental because they have to figure out scalable ways of allowing for all of their customers, all of their partners—how do they allow the public in general to be able to access and interact with the data, but to do so in a manner that's controlled, that allows for people to show up at their doorstep who've never showed up beforehand, get access to just the things they need to and nothing more. That's a really challenging problem for a company that has that kind of knowledge, that model…



We'll think about that for a second, Sunil. I want to make sure that we're clear here. You're talking about identity around a dataset.


Yes, yes. That's exactly right.

These systems are not just spinning up and just sitting there by themselves. They're spun up to do something, to transform and react to data that's being generated. All of this ties back to data. So the idea of being able to ascribe identity to datasets and correlating those identities with the systems that are trying to interact with them is I think one of the most interesting evolutions of where zero trust is going toward.

How do we think about the ability to not only provide strong validation of humans, of servers, of laptops and other types of computation devices, but how do those tie back into the data itself so that we can have a complete chain of trust from the person all the way through to the data that he or she is trying to interact with? I think that's going to be where you're going to see a lot of organizations spend its time over the coming years.



I really enjoyed this conversation with you, Sunil. I really appreciate you joining us and letting the listeners really have a true insight behind the curtains about the zero trust frameworks.


Thank you very much, Robert. I appreciate the time.



Thank you folks. This is Robert Christiansen with the HPE Tech Talk. Thank you for joining this week. We will be with you next time. Bye-bye.



Check out HPE Tech Talk series


HPE Editor
Hewlett Packard Enterprise



HPE Editor
0 Kudos
About the Author


Editor-in-chief for the HPE Advancing Life & Work blog.