What does it really take to move from talking about Zero Trust… to actually making it work in the real world?
Recording live from IGEL Now And Next in Miami, I caught up with John Walsh for what has now become something of a tradition, our third conversation together, and one that reflects just how much has changed in the last 12 months.
When we last spoke, the focus was on securing the edge and rethinking security through a preventative lens. This time, the conversation has expanded from IT to OT, from devices to platforms, and from theory to real-world implementation across manufacturing floors, healthcare environments, and government organizations.
John shared how IGEL is increasingly being adopted as a global standard across both IT and operational environments, bringing new challenges and new insights. From kiosks and signage on factory floors to shared workstations in hospitals, the need for persona-based and now context-aware access is becoming far more than a technical concept. It is shaping how organizations think about identity, risk, and control at scale.
We also explored how the idea of the "adaptive secure desktop" is evolving beyond traditional VDI thinking. Instead of static devices, the focus is shifting toward environments that respond dynamically to the user, their role, their location, and the level of risk in that moment. It raises an important question. How do you deliver that level of control without introducing friction for the user?
AI inevitably entered the conversation, but not in the way many might expect. Rather than focusing on features, John highlighted the acceleration of threat velocity. The time between vulnerability discovery and exploitation is shrinking rapidly, and with AI amplifying that speed, traditional detection and response models are struggling to keep up. The implication is clear. Security strategies need to shift toward prevention and control, not just reaction.
We also touched on emerging challenges around agentic AI, non-human identities, and the need to apply Zero Trust principles beyond people to machines. As organizations begin to explore these new models, questions around identity, access, and guardrails are becoming more complex and more urgent.
And throughout the conversation, one theme kept coming back and reducing complexity while increasing control. Whether it is through immutable operating systems, centralized policy enforcement, or contextual access, the goal is to simplify the environment while strengthening security outcomes.
As organizations continue their journey toward modernization, one question remains: Are we still layering new technology onto old models, or are we ready to rethink how access, identity, and control are delivered from the ground up?
What do you think, is Zero Trust finally becoming real at the endpoint, or is there still a gap between strategy and execution?
Useful Links
[00:00:04] Welcome back to the Tech Talks Daily Podcast. Today, I'm recording this episode from Miami at iGels Now and Next event. And it feels like one of those conversations where the buzz around the event is actually being matched by what's being said on stage. Yeah, there is lots of talk this week about zero trust, AI and the future of endpoint security. But what is really standing out to me so far is how the conversation is shifting.
[00:00:33] Less hype, more reality. Less theory, more how do you actually make this work in my organization, in my industry, in the real world. And that is exactly why I'm so excited to sit down with John Walsh again today. This is his third appearance on the podcast. So that makes him officially friend of the show. And we have spoken a couple of times before about securing the edge and taking a more preventative approach to security.
[00:01:03] But today, here in Miami, feels like those ideas are moving from concept and something much, much more tangible. Especially as the IT and OT worlds continue to collide. But enough from me. Let me beam your ears directly to Miami, Florida, where you can join myself and John in a conversation on the show floor. So a massive warm welcome back to the show. We last spoke, we spoke twice last year.
[00:01:31] So that makes it your hat trick of appearances today in Miami. But we previously spoke about securing the edge with zero trust and preventative models. And also rethinking edge security through a preventative lens. So I've got to ask, what has been keeping you busy since we last spoke in Frankfurt on a cold, dark November? Well, I think there's a few things.
[00:01:53] We, as IGEL continues to evolve, we're beginning to work with customers who are adopting IGEL, both in IT and OT. And so becoming a global standard for some, you know, big folks that are using process automation, discrete automation.
[00:02:12] And so as they're beginning to implement, it's providing us a lot of insights, collaboration, and beginning to see what our priorities need to be in terms of being able to provide them the contextual-based enforcement in terms of access controls. And the ecosystem that is associated with that in terms of priority of IGEL-ready partners that we want to make sure that we can support.
[00:02:39] On the OEM side, we're beginning to see a movement towards a thought process around a platform model. And what I mean by that is the terminology of IT for OT, where we go out onto a floor, a factory floor, and we're seeing IGEL in the kiosks, on the signage, in the platforms that are providing standard operating procedures, scheduling, and things like that.
[00:03:06] And so what that is, what's occurring is, as we're beginning to work with the likes of Siemens or Rockwell and others, is a better understanding the specific requirements that we need to make sure we can provide. We know, for example, RDP. RDP is something that we've really worked on this year to make sure that we can support all of our customers' OT environments. We can host their agents.
[00:03:36] We can host their browsers. We can provide that immutable read-only security execution plane, extend it there. And we can provide the central management of all the endpoints on that floor, enforce policy, so that not only can they meet their 62443, but we can begin to drive that IT-OT convergence that people are looking for.
[00:04:01] And when people listening hear adaptive, secure desktop, I think it can sound like another evolution of VDI or desktop as a service. What does it, or where does this actually break away from the traditional endpoint thinking in a more meaningful way? How do you see that evolving, or how would you demystify it for someone outside of this space? So I think, you know, I have maybe a bias on that thinking, right?
[00:04:27] Even having been in a position where I had manufacturing facilities at one time in my role, you know, there are locations in an organization where you have stations, where they have access to multiple personnel. And they provide a pretty big threat. And I've experienced that threat where, you know, people can get access to these environments and do things.
[00:04:54] And a persona-based adaptive desktop, you know, which really we see in our healthcare companies within Privada, you know, where we have a nurse show up or we have a doctor show up. And it's the same station, the same patient, but you want to provide specifically the environment and because of certain regulations, only access to specific type of data.
[00:05:17] But taking that to the next step in manufacturing and OT, we have the same thing in shipping and receiving and all over the floor where we want to be able to be persona-based. I'm going to take that to the next step. When I take the next step to zero trust, and we're talking to folks in government and otherwise where they're really driving zero trust, I want to start to track least privilege access and contextual access to the end user.
[00:05:46] So we'll take, I believe, this persona-based thought process to the next level so that, you know, as we introduce our contextual-based policy enforcement, we're building on that persona-based, that adaptive, meaning adaptive, meaning just that when the endpoint wipes, there's no data left, the new person comes on, they gain access to something that they're specifically enrolled in based on their persona, their credentials.
[00:06:15] But as we continue with that and go to contextual-based policy enforcement, we'll take that to the next level. And kudos to you and your team because it was well over 30 minutes before AI even got a mention in the keynotes today. It was a big focus on solving very real world problems. And there's some great insights from the Forrester research there as well, especially around zero trust and some of the attitudes and thinking and maybe even confusion. What are you seeing there?
[00:06:44] Well, I think there's a number of ways to look at AI. So yes, let's start with James at Forrester. And you'll hear about, we'll talk about this a bit tomorrow with General Nakasone and the panel that we have put together. But, you know, starting at the place where James was today, I'd say that number one, velocity. So I think we touched on this last time in the sense that vulnerabilities discovery.
[00:07:10] In the past, we've seen maybe 45, 50 days before we see an exploit. That's one issue. And now we're seeing that that timeline from vulnerability discovery to exploit getting down to five days. So that's an issue. And then we add AI to that, right? And we have a geopolitical situation where we have things that are living off the land. You know, we've seen some of the first signs of that with the recent striker attack.
[00:07:38] We're in a geopolitical situation. And so AI provides the ability to accelerate the use of tools, modify those tools, and bring those attacks at a rate that from the perspective of an organization that's relying on humans to respond. We can't detect, we can't monitor, detect, remediate, restore, patch in the timeframe that they can generate attacks.
[00:08:06] So that's going to drive us to a, again, my favorite theme, preventative, zero trust based architecture to better deal with those things. And we could get into a discussion about specific parts of AI kill chains because the kill chain is not changing. What's changing is, as Forrester talked about, the rate at which that kill chain can be generated, regenerated, and redeployed.
[00:08:35] I think the second thing that people are talking about a lot is open claw and things like that. So agentic, right? So as we move towards agentic, a lot of questions about how do we protect in the agentic, in the agentic world. So I'm going to step back and say from the dialogue that we're having, I think the work we're doing in zero trust, again, you know, where we're looking at central management, contextual access control, right?
[00:09:02] Right. Confidence level, establishing least privilege access and boundaries. I think with agentic, we want to think in terms of two things. One is assigning a non-human identity to the agentic, treating it in many respects like we would in a zero trust environment in terms of least privilege access.
[00:09:24] Ideally, I'd like to bind it if it's an assistant to the human identity so that we can relate that, you know, these behaviors are associated with, you know, Neil. So I think the community in general is beginning to think like that and how to do that. And I think we're very well positioned with what we have now. And we're having discussions with AI folks on that. I think the second component of it is the component associated with sandboxing.
[00:09:51] And this is a thought process around, you know, the MCP libraries and these things are very vulnerable. Folks are developing methodologies around providing observability so that they can see where some of these vulnerabilities are, where these attacks are occurring, and what types of guardrails to put in place.
[00:10:11] So I think in the future for us, it's going to be a combination of leveraging, as I meant, how do we put that identity, leverage this architecture we have that can deliver that, and working with NVIDIA and others to look at how do we implement guardrails and work together to drive that.
[00:10:32] And finally, I think that another key component is the read-only immutable OS, because in many cases we'll run the AI, right, as an overlay.
[00:10:44] So the AI is going to run as an overlay, either on containers or on a VM, but it's not going to have the ability to write to our OS to get access, if you will, to other things, unless, you know, with our OS and our architecture in terms of our ability to segment access to that point.
[00:11:07] You beat me to the preventative word there, because I was just looking at my notes, and for the last, what, two occasions we've spoke, one of the things I've always admired about you is that this approach to preventative security rather than reactive defenses. So what does that look like in practice? How does it change the day-to-day reality for security teams dealing with constant threats, that velocity that we're talking about? Well, nothing's bulletproof, right? Yeah.
[00:11:33] So I think that they have to be complementary, and certainly from a preventative security standpoint, what we can do about the threats that are typically facing the endpoint is we can substantially reduce the noise, the complexity, the cost.
[00:11:50] You know, we've gone through some processes with some customers who are looking at, you know, minimizing, getting the level of confidence that they need so that they can minimize what's required at the endpoint in the way of platforms to reduce cost complexity and so on. I also think that in the position we're looking at, and as you'll see tomorrow, we open up our UMS to be able to interact more with other policy engines.
[00:12:20] We not only are your policy enforcement point at that point in time, but we're a policy information point. So with Insights, with our Insights module coming out, we're also going to be in a position to talk to the SIMs and SOARs and be able to provide information about was the policy deployed on the endpoint? Is it continuing to operate in the way it should?
[00:12:45] Or if something changes, what type of a reaction would you take? But I do think the big thing here is, we talked about this before, is kind of the needle in the haystack, right? And how do we reduce, especially with AI accelerating the number of attacks, the air traffic?
[00:13:05] So at least the things that are occurring that people are beginning to see are triggers to do something, not just noise to hide what the real intent is. I think finally, you know, the big issue, I think, Neil, always has been, especially with zero trust, is to assume that the threat's present. And I had a question earlier about what's the zero day on a ransomware attack.
[00:13:30] And, you know, I said probably when they started doing the social engineering on everything they needed to do to get access to your organization and so on. I was recently in a meeting with a very senior individual in the Canadian government. And he said to me, one of my biggest concerns is when you begin doing these things, how does it expose weaknesses in your architecture?
[00:13:57] And I had a similar conversation with a senior level person in the U.S. government. And he said that the adversary already knows what those weaknesses are and likely has already exploited them. Your job, John, is to figure out how to put an infrastructure in place with IGEL that won't allow them to pull that trigger when the day comes. And on that very same topic, I was speaking to a few people recently about quantum computing.
[00:14:25] And there's almost adversaries that are harvesting data now with the hope of de-encrypting it later. So in the U.S. right now, we have something called QPC. It's relating to requirements that you have to meet post-quantum. And it's a combination of both hardware and software in terms of how you bring things together. And I'd like to say that we're going through FIPS 140. Right? We're in the lab. We talked about that last year. We're in the lab right now. We expect to be certified soon.
[00:14:53] And I think one of the strategic things we did was selecting Wolf SSL as our partner. And one of the reasons for that is that Wolf is already working on qualifying and certifying their post-quantum crypto. It's happening already. And so with the architecture we've put in and the agreements we have in place, we will be in a position to just bring that capability right into the IGEL platform.
[00:15:21] And also the idea of tailing desktops by persona and location, incredibly interesting and sensible. But how do organizations avoid adding extra complexity when delivering that level of personalization at scale? Is it a tricky balance doing it without annoying all the users? Well, I think the reason you do that's obvious.
[00:15:44] And one of the ways that you avoid AI and deepfake, as we talked about last time, is that, you know, that contextual access control provides you enough information so that the deepfake can't figure out, you know, all the combinations of where you might be and all that kind of thing. So it makes it very challenging for that kind of thing.
[00:16:08] But I think many of the components, the policy information points that are required to do that, you already have. You're already using. What you need to have is a platform like IGEL that integrates those so it's seamless and it isn't complex. And it provides you the outcome that we're talking about. And zero trust has been discussed for years, but adoption has often stalled at the end point.
[00:16:36] So again, just to bring to life what you're working on here, how does IGEL turn the end point from a weak link into something that actively enforces trust decisions? Because this feels like a real strong point of yours here. Yeah. So I think there's two questions there, really. One is almost like, you know, it gets to even modernization, right? So statistics, Neil, on modernization right now are, as I read them recently and I'll talk about tomorrow, surprising.
[00:17:04] 80 to 90% of organizations have strategic intent. Yeah. But only 50 to 70 or something like that, I'd have to go back and actually see the slide, are making real progress. But for sure, only 10 to 20 have done it. So now you start to say, well, we're a zero trust in that priority. And zero trust has to be recognized not as a requirement, but as a tool to help you modernize to meet your objectives.
[00:17:33] And so one of the things that I think is really important and we're finding as we talk to senior leaders, senior leaders say, well, where do I begin the process? So we're in a modernization process. Modernization typically takes years, right? This isn't something, you know, we started zero trust in 2019.
[00:17:55] So I think that from an IGEL perspective, one of the things that we talk to senior leaders about really is how do you start the journey? Well, you start the journey with us by just simply putting in IGEL. Because when you put IGEL in, you move away from perimeter defense, right? Because immediately without anything, you have independent endpoints, independently enrolled with independent policies enforced by UMS.
[00:18:24] So we actually meet the CISA level one. When you basically make UMS connect to Forescout, Cisco, or one of our other policy engine partners, you meet level two. So a lot of times we're having now discussions with senior leaders about how we can help them pick where are your crown jewels? Where are the things you want to protect the most? Where do we start? And if you own IGEL, we can help you with that.
[00:18:54] I mean, seriously, you know, it's really interesting is a lot of conversations. I'll talk about this tomorrow is removing friction. How do we help you remove friction with your modernization objectives? And in some cases, we're having to go as far as, John, will you come into the organization and coach us a little bit? Yeah. And I think that is a powerful moment to end on. So a big thank you as always to John for taking the time to sit down with me here in Miami,
[00:19:24] especially in what is clearly a packed and fast-moving week. And what I found particularly interesting in the conversation that we had today is just how many of these challenges are no longer theoretical. Whether it's the speed or velocity of attacks, the pressure of modernization, or the complexity of managing endpoints and securing them across IT and OT, these are the problems that organizations of all industries are dealing with right now.
[00:19:52] And maybe the biggest takeaway for me is this. We've spent years talking about directing and responding to threats. But increasingly, the conversation is shifting towards how you reduce the opportunity for those threats to exist in the first place. But as always, I'd love to hear your thoughts. Are you and your organization finally ready to move from reactive security to something more preventative, even if it involves a completely different mindset?
[00:20:21] Or is that easier said than done? TechTalksNetwork.com, 4,000 interviews, loads of ways of reaching out to me. So please, check it out and let me know your thoughts, your experiences, your takeaways. But time for me to hit the show floor again now. So I'll speak to you all again bright and early tomorrow morning. Bye for now. Bye for now.