Meet the experts embracing "zero-trust" security in the workplace
From the moment Bhakti P. starts work, she lives and breathes a philosophy—or framework—called “zero-trust: Never trust, always verify.” In the tech industry, zero-trust security helps ensure personal and professional data is safe from harm and misuse.
The senior director of inbound product management says in the early days of her career, this daily commitment to distrust presented a challenge. “You don’t want to take that inherent distrust into your relationships with family,” Bhakti explains. To prevent that, she created a compartmentalized thought process.
“At work, I am focused on securing customer data relentlessly by monitoring least-privileged access and reverifying users,” she says. “At home, when my son says, ‘Hey, mom. I’ve got this,’ I say, ‘I trust you.’ My purpose there is to create a family environment where we have inherent trust with each other.”
Understanding and protecting data
Itzik K. founded a security-related startup early in his career. He spent more than 15 years focused on security before joining ServiceNow as senior director of product management. “You’d be surprised how many companies don’t know where to start [with security],” he says.
“One of the first things we do is help our internal business partners or our customers understand their instance security posture and determine the sensitivity levels for each data set. With ServiceNow’s Zero Trust Access feature, we can then apply dynamic security policies and ensure robust protection measures are in place for each data set.”
Protecting data is a big responsibility. “When operating in the cloud, it is crucial to maintain the minimum required access and continuously reverify users to prevent accidental leakage,” Bhakti explains.
“The ultimate goal is to ensure that the right users have the right access at the right time and from the right location. ServiceNow Zero Trust Access features achieve this consistently and efficiently,” she adds.
“When it is someone else’s data, you take it even more seriously. It’s like when you’re babysitting your neighbor’s child, you’re maybe even a little more vigilant of threats.”
Prioritizing security through customization
Sandeep N., senior staff software engineer at ServiceNow, has been interested in security since college and has worked in the field for more than 13 years. He has a simple way to help people understand customized security.
“Your home has different rooms,” he says. “Imagine each has varying levels of privacy and importance. You want to ensure that only trusted guests have access to specific areas,” he explains.
“Suppose a guest (user) arrives from an unfamiliar car (untrusted network) and enters your home with a valid key (simple password). In that case, the smart security system (Zero Trust Access) only lets them into the living room (essential roles). This way, the important and safe rooms (sensitive data) stay protected from potential intruders (unauthorized access),” Sandeep says.
“Our products give companies the ability to do the same for their employees and customers regarding their digital offerings,” he continues. “There is also technology to say, ‘Hey, wait a minute. This employee is using an unsecured network in an unknown location. We’d better limit access to certain data or tools for the time being.’”
“You might not know it's happening,” Bhakti adds. “Or you might see a banner that says your access has been reduced. We never give the reason why, as that could give hackers ideas as to how to break the security door.”
Balancing security and user experience
Protecting our customers is top of mind. The platform security team regularly rolls out additional features that we use internally ourselves. “The customer now has complete power to balance the user experience angle with security,” Sandeep says.
“We use zero trust to build a balancing act,” he adds. “For example, maybe 95% of users are fine to use a personal device for business, but there’s another 5% who do work that is too risky on a personal device. They will have access to sensitive data only when they are using a corporate device,” he explains.
“All of this customization is a win-win for both security and user experience.”
“The zero-trust framework is our North Star,” Itzik adds. “We are always striving to do better for ourselves and our customers.”
“Building zero-trust security is nonoptional for digital transformation,” Bhakti concludes. “The ServiceNow Zero Trust Access product accelerates that journey.”
Join a company that prioritizes security, collaboration, and innovation. Explore ServiceNow careers.