Today, we sit down with Dominic Jainy, an IT professional with deep expertise in applying advanced technologies like AI and machine learning to solve modern business challenges. As organizations navigate the complexities of a hybrid, cloud-first world, the conversation has shifted dramatically from legacy solutions to more dynamic security frameworks. We’ll explore the critical shortcomings of traditional VPNs, the practical steps for transitioning to a Zero Trust model, and how modern tools are making this vital shift more accessible than ever. Our discussion will touch upon simplifying the onboarding process, leveraging granular controls to thwart emerging threats, and gaining the deep visibility necessary for robust security and compliance.
A critical VPN failure has been compared to a “red ring of death” for network security. What specific risks, like lateral movement, does this entail, and how does a Zero Trust model fundamentally prevent these issues from the outset? Please share a concrete example.
That’s a powerful and accurate analogy. When an old game console died, it was frustrating, but the stakes were low. When your network’s security fails in a similar way, the consequences are catastrophic. A VPN failure isn’t just an outage; it’s an open invitation for attackers. The biggest risk is lateral movement. A traditional VPN essentially extends your private network over the internet. Once an attacker compromises a single credential, they are effectively “inside the walls” and can move freely, scanning for vulnerable servers and sensitive data. It creates a soft, chewy center that is incredibly difficult to defend. A Zero Trust model flips this entirely. It operates on the principle of “never trust, always verify,” meaning no user or device is trusted by default, regardless of their location. For example, if an employee’s credentials were stolen, a VPN would grant the attacker broad access to the entire network. With Zero Trust, that same credential would only grant access to the specific applications that user is explicitly authorized for, and every single access request would be re-evaluated. The attempt to move laterally to a finance server or a code repository would be instantly blocked because that access was never granted in the first place.
Many IT teams stick with familiar VPNs due to comfort and the perceived risks of change. How does automating identity provider setup, such as with Microsoft Entra ID, reduce this friction, and what does the initial onboarding process look like for a mid-sized company?
It’s completely understandable why teams hesitate. They’re already stretched thin, doing more with less, and the idea of ripping out a core piece of infrastructure like a VPN feels daunting. The comfort of the familiar is a powerful force. This is precisely where automation becomes a lifeline. By automating the integration with an identity provider—something most companies already use, like Microsoft Entra ID—you remove the most painful and error-prone part of the migration. Instead of spending weeks wrestling with manual configurations and building fragile connections that might break, the system can be set up in a fraction of the time. For a mid-sized company, the onboarding process becomes remarkably smooth. It’s no longer a massive, high-risk project. IT teams can leverage their existing identity system, significantly reducing deployment time, minimizing misconfigurations, and allowing them to move away from their legacy VPN with confidence rather than fear.
Modern security requires precise, context-aware controls. Can you explain how features like device geolocation and explicit URL blocking work together to strengthen security? Walk us through a scenario where these controls would stop a potential threat that a legacy VPN might miss.
This is where Zero Trust truly shines—it’s not just about who you are, but the entire context of your access request. Legacy VPNs are often a blunt instrument; you’re either in or you’re out. Modern controls like device geolocation and explicit URL blocking provide surgical precision. Geolocation allows you to enforce policies based on physical location, for instance, blocking all access attempts originating from countries where you have no business operations. Explicit URL blocking lets you get incredibly granular, preventing users from accessing specific malicious or non-compliant websites. Imagine a scenario where a remote employee’s laptop is infected with malware after they click a phishing link. The malware attempts to connect to a command-and-control server hosted in a high-risk country. A legacy VPN wouldn’t see this; the traffic would be tunneled and trusted. But a Zero Trust system would see the request originating from a blocked geolocation and immediately deny it. At the same time, if the malware tried to direct the user’s browser to a known malicious URL, the explicit blocking rule would kick in, severing the connection and preventing data exfiltration before it even starts.
With the rise of tools like ChatGPT, organizations need to manage access to generative AI sites. How does a dedicated GenAI category help IT teams enforce policy, and what are the key security or productivity considerations they should weigh when granting or denying access?
Generative AI has exploded into the workplace, and IT teams are scrambling to get a handle on it. The challenge is that these tools can be incredible productivity boosters but also pose significant risks, from data leakage of proprietary information to potential compliance violations. A dedicated GenAI category is a simple yet powerful tool for policy enforcement. Instead of trying to manually track and block dozens of individual AI sites, which is a losing battle, IT can apply a single policy to the entire category. This allows them to make a strategic decision: do we block all GenAI tools, allow them for everyone, or grant access only to specific user groups, like the marketing team? The key consideration is balancing productivity with security. Completely denying access might stifle innovation, but unrestricted access could lead to sensitive corporate data being fed into a public model. By using a category-based approach, a company can implement a nuanced policy—perhaps allowing access but logging all activity, or permitting use for certain departments while educating them on safe usage protocols.
True security depends on visibility, especially for audits and compliance. How does having 12 months of access logs change an organization’s approach to incident investigation, and what specific insights can teams derive from seeing firewall connectivity directly within the system?
Visibility is everything. You can’t secure what you can’t see, and you can’t prove compliance without a clear record. Many legacy systems have notoriously poor logging, often retaining data for just 30 or 90 days. Having a full 12 months of access logs is a complete game-changer for incident response and audits. When a security incident occurs, the breach may have happened months before it was discovered. With a year of data, investigators can rewind the clock to find the initial point of entry, trace the attacker’s movements over time, and understand the full scope of the compromise. It turns a frantic, reactive search into a methodical investigation. Furthermore, seeing firewall connectivity directly within the same interface provides immediate, actionable context. Instead of having to jump between different systems and manually correlate data, an admin can instantly confirm that firewalls are properly connected and see how traffic is flowing. This dramatically speeds up troubleshooting and provides auditors with clear, undeniable proof that security controls are in place and functioning as intended.
What is your forecast for the adoption of cloud-delivered Zero Trust over the next two to three years?
I believe we’re at a tipping point. The conversation is no longer about if organizations should adopt Zero Trust, but how and when. Over the next two to three years, I predict we will see an aggressive acceleration away from hardware-based VPNs toward cloud-delivered Zero Trust solutions. The drivers are undeniable: the permanence of hybrid work, the increasing sophistication of threats that exploit the inherent weaknesses of VPNs, and the immense pressure on IT teams to simplify their security stack. As solutions become easier to deploy and manage—with features like identity automation and integrated threat protection—the final barriers of complexity and risk are crumbling. Organizations of all sizes will realize that modern, cloud-native security isn’t a luxury; it’s a fundamental requirement for survival and growth in the current landscape.