Dr. Harrison Nnaji’s Post

Transcript

But at least there's a you should adopt A pathway. So to come back to the question, is said the answer? I'll say never before had it been important to consider such never. But it's not a silver bullet, it's not a silver blood. So each organization have to evaluate on their own with the right knowledge to know first the pace of adoption, the kind you need to adapt and how you can sit with it to answer all the questions that you need to answer and how you can also test it out at POC level so you can have the one value creation for for your organization. I think that's about it. Thank you. Hi there. Thanks very much. I really enjoyed that presentation. I thought it was one of the best ones I've heard over the last few days. Just the philosophical approach to sassy and zero trust. Many since Gartner announced you know the the term, many of the vendors have aligned themselves, especially the big ones, against that framework and used all the marketing material and taken what's come from the cloud security alliance in terms of zero trust. As part of their approach, right and it's it's pitched as A1 size fits all but I think for a lot of us and very refreshing to hear you from a customer and client perspective rather than a vendor is. The cost barrier to entry is high, right? And you've got the business case and blah blah blah. This is silver bullet, I doubt it. And you contrast that with zero trust where it's a multi year journey, best of breed, You can adopt it incrementally. You can look at the five pillars you can do, you can pick and choose and it's probably more a pragmatic and practical approach to adoption over time given the cost constraints that we exist in. I was gonna ask you an easier question which is for Bank of Nigeria who is your sassy vendor, but I and feel free to answer it. But my actual question is what what's your response to my thinking around zero trust incremental adoption with best of breed tools that we already have versus paying a lot of money for assessing member and the realities, you know, the practicalities of achievement? Thank you. Thank you. Right. OK, I can answer. OK. First is that because I'm a customer, you know, not promoting the vendor here, right. So if you want to ask me any private question, I can answer. So second is should I just do zero trust rather than just embracing sausage? One of the things I have said, I've said it in many sessions like this, no organization is zero on zero trust. Yeah, every organization have made progress with 0 trusts, right? Either. So no organization is practically like 00 trust movement is you're on the zero. No way you have met some. So yes, the trust is one way to start. But it's always interesting to understand. Should I do zero trust by domain? Should I do it by people? Should I do it by There's always all that conversation. Should I focus it on engineers? Should I focus it on a component of my my ecosystem? For example, I say these are my core systems. Anyone coming here, I apply zero trust. But if you're going to public services, no, you can go. Or should I focus it on engineers to say for example, people that have administrative access, can I apply the trust for them and allow people that just read emails you understand. So all those kind of questions are things you need to answer to know whether you should just go zero. Because one of the bigger issue is zero trust is adoption. It's acceptance and adoption. You know people are impatient and. Again, automation, you understand to make sure that the end to end is completely automated so that if my access is stopped, I don't need to. I do not need to call anyone to give me access. There's a system that needs to check my profile and and everything that has been set up for me and grant me that access automatically. That's what helped. But yes you can. If you already own a zero trust journey, you can't embrace it. Say yes. I must say yes. There's some costs, cost element that you have to be, but if you compare it with long term benefits. Not that long term benefit and you also compare it with looking at how to on your current ecosystem. When you adopt us, remember there are things you can decommission, you understand. So if you look at the entire cost conversation to look at what you need to invest and what you need to save because you need to decommission some systems when you adopt it may at the end of the day see that the cost is not what it first appeared to be. Yeah, but again yes is that a trust if you already on the journey? I I sincerely will. There's actually one way to go, but their trust again brings you back to the issue of backhauling of traffic, meaning that people need to come into that environment before they go every other place. You have a throttling point because you can't deploy other trustees. I'm going, for example, to WS. I'm going to assure you have services spread across everywhere. You have to get into a back hall where you can now apply the policies and then you start having issue of user experience and and traffic back on it and all that. So that's just the. And then you shoot. But otherwise you instead of staying at one place and waiting until you have all the money to adopt Sassy, you can continue to improve. Because I always say when it comes to security, it's more like a journey than a project. He needs to continuously improve. So yes, I agree with you. Thank you. Does that help you to your question? All right. Alright, alright. Thank you so much. I appreciate you.