As part of its zero trust journey, BT is implementing Zscaler’s security solutions to protect its own operations. This will enhance BT’s first-hand experience as it also supports customers looking to adopt and implement Zscaler solutions. Zscaler and BT entered into an expanded partnership earlier this year that will position BT, one of the UK’s leading providers of fixed and mobile telecommunications and related secure digital services, as the first global service provider to offer a full suite of managed security services based on the Zscaler AI-driven Zero Trust Exchange cloud security platform. The platform protects customers from cyberattacks and data loss by securely connecting users, devices and applications in any location. David Harcourt, Chief Security Authority at BT and also a BT Fellow, spoke to Intelligent CISO about the new partnership with Zscaler and BT’s zero trust journey.
Why did you choose Zscaler?
We are moving towards cloud as many organisations are. We’ve always had a degree of agility in our workforce, but COVID was clearly a big change for every organisation in driving a dramatic increase in remote working. Since COVID we’ve had a really agile way of working across the organisation. We have a three to two policy – three days in the office and two anywhere – which is ultimately about empowering teams to work in the best and most productive way.
As well as needing to enable more flexibility for our workforce, BT has many third parties who need to secure access our systems while maintaining agility and flexibility, the ease of access through Zscaler and its Zero Trust Exchange for both client access and clientless access is therefore an important part of bringing some of that agility into what we want to do for the future.
What improvements do you expect once Zscaler is implemented?
There are three key areas we are focusing on from an improvement perspective. One is through app connectivity rather than network connectivity, which means a reduction in risks. When users are just connecting through to the apps they need, rather than to the network itself, that reduces the risk posture of connectivity and exposure of our estate to the user community, especially as we are supporting customers in 180 countries around the world.
Secondly, flexibility, speed and agility of connectivity for both internal colleagues and third parties that are working with us is another significant improvement that we’re expecting to see and bring in.
And finally, it’s important from an operational perspective that we streamline from the number of different solutions we’ve got in place today to a single approach from a zero trust access perspective, both into the organisation and out of the organisation. This will enable us to have a single process to put controls in place to respond to incidents and respond to threats, reducing our security and operational risk.
What’s BT’s approach to AI in terms of cybersecurity?
From an AI perspective, we are concerned about the risks but we’re also really looking forward to the benefits AI is going to bring. We are very conscious that AI is going to increase the speed of some of the attacks that we see today. Certainly, from a security perspective, there are concerns about AI making phishing look even more genuine than it looks today, increasing the likelihood that people are going to click on the links that look more personal.
Equally, we’ve been adopting AI solutions in BT now for some time. AI has been around for much longer than we’ve been talking about GenAI, which has brought the topic very much to the forefront. AI is so vital for us in terms of understanding, even with things like cameras on our physical estate. For example, looking at the behaviour of people in car parks – are you just leaving a car and walking away from it, or have you got people walking from car to car – because that latter behaviour is something that you probably want to be aware of.
AI is already helping us understand a whole bunch of things from a solutions perspective, both in the security world and elsewhere. I think GenAI and broader elements of AI will help bring improvements to how we work across the board – whether that’s guidance from a design perspective on how we help to provide awareness of patterns, all the way through to supporting our security operations teams by having AI help to understand the concepts of malware and reverse malware to understand what it’s doing. I think AI is a really good opportunity for us as much as it is a threat.
How do you approach the never-ending threats in cybersecurity?
The one thing I really enjoy about my role in security is that every day is different. Maybe not quite every day, but the next challenge is always around the corner. And I like solving problems and solving challenges.
There is that constant drive to actually look at what’s coming next. What’s the next technology coming down, like AI? What threats are there? But also, the mindset of the bad guys, what’s next on their set of things to do? It’d be great to have a crystal ball to understand that before they start attacking us. Unfortunately, we don’t have that technology available to us yet. It is a constant risk and a constant challenge. I often get asked, how do you sleep at night? And I think you have to be conscious that there is no 100% answer to security – you can’t get it 100% right.
As a defender, you’ve got to try and defend all of the potential opportunities. The attackers only have to be successful at getting through one element of it, which really puts them on equal footing from a defender’s perspective. But I think knowing that we apply the best skillsets to what we’re doing is key. That way, at least we’ve done the best job we can do, and we look at how we can contain and respond to those attacks, and we prepare and rehearse for those things when they happen.
We are conscious that there will be attacks that are successful and it’s then about how you respond to those. We are always making sure we have got the right skills, the right capabilities and the right preparedness. It’s those things that at least gives you the confidence that you’ve done the best you can do.
How do you see your partnership with Zscaler developing?
Zscaler is a really important partner for BT. We have been a partner for a long time from a go-to-market perspective. By leveraging and using them ourselves, it gives our customers confidence in what we’re selling to them. The feedback our sales team receives from our internal teams helps us again to support our customers better.
We have a commitment with Zscaler to work and collaborate on innovation and features and how we can jointly improve offerings out there today, helping to make the world a safer place. One of the things I get a lot of pride in is how we help to defend the broader elements of the Internet, especially our consumer customers who need help in protecting themselves against some of the stuff that’s out there. I get a lot of pride from doing work to try and make the world safer. We can do that together with partners like Zscaler.
Click below to share this article
