Entrusting Zero Trust with John Davis

Play episode

Or listen in your favorite podcast app

Apple Podcasts  /  Google Podcasts Spotify

Over the last few years, how we see and use storage has gone through a major transformation. We no longer carry around bulky hard drives and we’re less concerned about running out of space. Instead, we simply upload everything to the cloud. It’s an invisible, broad infrastructure that feels neverending and sometimes appears too good to be true. It’s a dream come true … for most people. But for someone like John Davis, the Vice President of Public Sector at Palo Alto Networks, the cloud isn’t this amazing, perfect thing. Quite the opposite, in fact. Instead, John sees a technology littered with unknowns and filled with potential threats. On this episode of IT Visionaries, John returns for his second appearance and he updates us on his new role, what some of the best practices are for preventing data breaches, and he tells us why zero-trust isn’t just a buzzword.

3 Key Takeaways

  • There’s beginning to be a shift away from the traditional legacy approaches
  • Cloud security is a two-way relationship & communication between provider and consumer is key
  • Zero Trust is gaining popularity and is the art of securing your most valuable assets from the inside out

For a more in-depth look at this episode, check out the article below.


As technology continues to evolve, providing the public with exponential growth and opportunities, it’s connected us in ways never before imagined. But as the dependency on devices grows, the threat of cyber attacks continues to rise. If there’s one thing John Davis, Vice President of Public Sector at Palo Alto Networks, knows it’s security. After all, Davis — a retired major general who served in the U.S. Army — constructed his career around staving off threats and protecting others. Davis joined IT Visionaries to update us on his role with Palo Alto Networks, and to talk about best practices for data breach prevention and why the zero trust journey is never-ending. 

Davis has first-hand experience with cybersecurity from his time at the Pentagon, and while the threats he faces are different from those he was familiar with while serving the United States, the importance of implementing security still rings true.

“You need to consider security because it’s going to impact your business,” Davis said. “It’s not just security for security’s sake, it’s security for material impact. You are at risk if you don’t ensure that you have very detailed conversations with your security provider.”

Cybersecurity continues to be a moving target, and identifying key strategies is constantly changing. But Davis harped on four key tactics that organizations need to follow; prevention mindset, better use of artificial intelligence and machine learning, and understanding how threats operate. And most importantly, the basics.

“Basics matter, just doing the basic standards, discipline, hygiene, whatever you want to call it,” Davis said. “That actually makes it very difficult for 80 to 90% of any type of cyber threat to get through and be successful.

Davis stressed that there is a shift occurring within the industry, with most organizations moving away from legacy processes and toward a modern-innovative process with less reliance on individuals.

“The really good organizations are leveraging innovations that are happening now in cloud capabilities and making it so that there’s no fear about the cloud,” Davis said. “I think it’s actually a more secure environment if you do things right. And the organizations that I talked to that are successful are increasingly doing things right.”

The problem lies in the details if you’re truly trying to do things correctly. While the cloud brings endless possibilities, Davis explained that certain risk remains due to the scope of the platform, with miscommunications occurring in the relationship between the user and the provider.

“Most people think, ‘Hey, if I’m going to use a cloud service provider, they’ve gotten really good at securing the cloud,’ and only part of that statement is true,” Davis said. “They have definitely gotten very good at securing what they’re responsible for, which is the infrastructure, the cloud, but it’s still the customer organization’s responsibility to secure their apps and data.” 

So how should companies be protecting themselves? Davis said they need to be asking important questions to providers: What are you doing to protect your cloud infrastructure? And where does your responsibility end and where does ours begin?

Davis said those key questions are moving agencies toward a zero-trust approach, where companies are protecting their most valuable assets from the inside out.

“Trust nothing, verify everything,” said Davis. “Zero trust then is to build your architecture from the inside out. And step one means [identifying] what’s important to protect.”

Davis deploys a maturity model to help organizations develop zero trust networks. The first step? Understanding it’s a journey and there is not a one-size-fits-all model, but identifying roles and placing them into groups.

“The first 80% of the journey deals with identifying applications, identifying users, putting the users in small functional buckets, authorizing applications for each bucket, and deploying the user policy for all the buckets,” Davis said.

As for completing the model? Davis said that’s the beauty of the journey.

“That’s the concept — it’s zero trust,” Davis said. “You manage the risk by breaking things down into these small components and focusing your priority and your efforts and your technologies around the smallest components.” 

Threats, risks and dangers, still remain around the size and scope of the cloud but the industry is taking steps to level the playing field. Including the implementation of machine learning and artificial intelligence.

“From a security perspective, the use of automation and software-based advanced analytics can level the playfield between offense and defense,” Davis said. 

While machine learning and A.I hold promise in detecting and preventing attacks, Davis believes Palo Alto Network’s values and skills position them well in fighting an invisible army, but the only way to fix some of the issues is to implement a more holistic approach moving forward.

“The model of the future is integrated products, interoperable products, more use of an open API architecture for, for software-based capabilities,” Davis said.

To hear the entire discussion, tune into IT Visionaries here.


Episode 175