Summary6 min read

Podcast Summary: Encore: Securing Modern Workforce

Podcast: Threat Vector by Palo Alto Networks
Date: June 4, 2026
Host: David Moulton, Palo Alto Networks
Guest: Harish Singh, VP and Global Head of Infrastructure & Application Management, Wipro

Episode Overview

This episode focuses on the intricate challenges and opportunities organizations face while securing a modern, dynamic workforce. As enterprises accelerate SaaS adoption and move toward highly distributed, app-centric environments, the discussion spotlights the need to balance security, user experience, regulatory requirements, and emerging risks such as GenAI data leakage. David Moulton taps into Harish Singh’s two decades of experience to explore how organizations can make security powerful yet invisible—empowering productivity without sacrificing resilience.

Key Discussion Points & Insights

1. Shifting Perceptions: Security as an Enabler, Not a Gatekeeper

Security’s role has evolved: Harish describes how early in his banking career, risk and security were often seen as control mechanisms, but today the focus is enabling innovation with confidence and resilience. (04:07)
- Quote [04:07]:
  “That environment taught me to see risk and security not as a control gate, but as an enabler of confidence.” — Harish Singh

2. Elevated Priorities: User Experience and Compliance

The fusion of user experience (UX) and security is now at the forefront, especially in highly regulated industries like banking.
Customer trust is maintained by delivering both security and exceptional user experience. (05:52)
- Quote [05:52]:
  “The belief in your customer is maintained by delivering both security and user experience.” — Harish Singh

3. Adapting to SaaS and Workforce Dynamics

Wipro’s strategy:
- Decouple security from the network: Make security identity-driven so access policies follow the user wherever work happens, not the physical or network location. (06:47)
- Metaphor [06:47]:
  “It’s like your corporate ID badge. Your access remains the same wherever you go.”
Zero Trust and SASE: SASE architecture is a core enabler for dynamic workforces—policies travel with the user, not the device or location.

4. Infrastructure Security Blindspots

Major Oversights Identified [08:12]:
- Unmanaged devices (like contractor laptops)
- Inconsistent identity governance
- Lack of visibility into proliferation of SaaS applications
- Quote [08:12]:
  “It’s like you say you lock the front door but you forget to close the side windows.” — Harish Singh

5. SASE: Success Factors & Pitfalls

SASE shouldn’t be just a “network upgrade”; the real power comes from treating it as an identity-led, holistic transformation. (09:57)
- Quote [09:57]:
  “The early pitfalls come when SASE is treated as a network upgrade instead of identity-led transformation.”

6. Secure Browsers: Extending Zero Trust

Secure browsers (like Palo Alto Access Browser) give organizations a way to quickly secure legacy and SaaS applications without waiting years for core rewrites. (10:50)
Critical for managing unmanaged endpoints and rapid GenAI adoption.
- Quote [11:30]:
  “To fix this problem at core will take at least 5 years… The secure browser helps you to create that extended zero trust directly to the endpoint…” — Harish Singh

7. GenAI & the Critical Visibility Gap

Only 13% of organizations report full visibility into data shared with GenAI tools—leading to serious potential for data leakage and compliance breaches. (12:41)
- Quote [12:54]:
  “GenAI is no longer about the future, it’s happening here and now.”
Browser-level controls and dynamic DLP can provide real-time visibility and content-blocking capabilities. (13:37)

8. Browser as Security Perimeter

The browser, often overlooked, is now a key interface for work and major risk vector—but can also be transformed into the strongest line of defense. (14:18)
- Quote [14:18]:
  “You think about wrapping security around all of those things we’re trying to do through the browser... It's just wild that you wouldn't want a secure browser, especially when you're interfacing with these spaces that leak your data, leak your code without necessarily intent." — David Moulton

9. Real-World Benefits of SASE

For Wipro, with 96% workloads in the cloud, SASE enables unified policies, reduces complexity, and delivers improved user experience by connecting cloud and user endpoints seamlessly. (16:35)

10. User Experience as a Key Metric

Measuring success isn’t just about incident reduction but on adoption and user satisfaction. (20:50)
- Quote [20:50]:
  “If security is invisible and employees can work without friction, we know we have struck the right balance.” — Harish Singh

11. Change Management & User Adoption

Early involvement of end users is essential; security controls are framed not as barriers but as enablers—comparable to the gradual acceptance of seatbelts in cars. (22:39)
- Quote [22:39]:
  “It's about habit, it's about how much time you give them and how we improve, do a continuous improvement.” — Harish Singh

12. Automation as Foundation

Automation is the “DNA” for scaling security, vital for rapid threat response and patch management. Allows SOC teams to focus on strategic tasks rather than repeated manual work. (24:19)

13. Future of the Enterprise Browser

The next three to five years? The enterprise browser isn’t the “future”—it’s the now. It’s the “control tower for the modern workplace.” (26:07)

14. Mindset Shift for Security Leaders

Leaders must abandon “castle and moat” thinking and recognize identity and data as the new perimeter. (27:11)
- Quote [27:11]:
  “Move away from castle and moat mindset to one where identity and data are the new perimeter. The shift is simple but powerful.” — Harish Singh

Memorable Quotes & Moments

| Timestamp | Speaker | Quote | |-----------|---------|-------| | 04:07 | Harish Singh | “See risk and security not as a control gate, but as an enabler of confidence.” | | 08:12 | Harish Singh | “It’s like you lock the front door but forget to close the side windows.” | | 11:30 | Harish Singh | “The secure browser helps you to create that extended zero trust directly to the endpoint...” | | 14:18 | David Moulton | “It's just wild that you wouldn't want a secure browser, especially when you're interfacing with these spaces that leak your data...” | | 20:50 | Harish Singh | “If security is invisible and employee can work without friction, we know we have struck the right balance.” | | 22:39 | Harish Singh | “It's about habit, it's about how much time you can give them and how we improve, do a continuous improvement.” | | 27:11 | Harish Singh | “Move away from castle and moat mindset to one where identity and data are the new perimeter.” |

Important Topics by Timestamp

| Timestamp | Section | Summary | |-----------|---------|---------| | 02:00–04:00 | Security Mindset | Harish’s journey through banking and how it shaped his security-first, user-centric philosophy. | | 06:47–08:10 | SaaS, Zero Trust | The need to decouple security from networks and move to identity-based controls. | | 08:12–09:33 | Blindspots | Unmanaged devices, ID governance inconsistencies, SaaS sprawl. | | 10:50–12:40 | Secure Browsers & GenAI | How secure browsers extend zero trust, critical for quick protection in SaaS-heavy orgs. | | 16:35–17:40 | SASE Value | Real-world benefits: unified policy, complexity reduction, and UX. | | 20:50–23:50 | Measuring UX | Focusing on adoption, frictionless security, and continuous change management. | | 24:19–25:04 | Automation | How automation is key to scaling security operations. | | 27:11–27:42 | Mindset Shift | Moving from “castle and moat” to identity-and-data-first thinking. |

Tone & Takeaways

Practical, user-first, and forward-looking. Both guest and host speak candidly, using real-world analogies and hands-on leadership experiences.
Security must be invisible yet omnipresent: The goal is adopting solutions that empower users, not encumber them.
Change is now, not future: Technologies like SASE and enterprise browsers are essential today, as is the mindset shift away from legacy perimeter security.

This episode is a must-listen for security leaders and practitioners seeking to make security an enabler of innovation and productivity in a modern, cloud-first organization.

Loading summary

Transcript43 lines

[00:02]
A
You're listening to the Cyberwire Network powered by N2K.
[00:13]
B
Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host, David Moulton, Senior director of thought leadership for unit 42.
[00:26]
A
So we believe the real opportunity is in making security invisible yet powerful. So it has a very deep meaning. The security is invisible yet powerful so that people can work freely. This consists of user satisfaction, user experience. So this is something what I will tell and this is what we practice.
[01:05]
B
Today. I'm with Harish Singh, vice president and global head of infrastructure and application management at wipro. Harish brings decades of leadership experience across financial services, tech consulting and infrastructure strategy, most recently helping wipro clients modernize and secure their environments for a hybrid first app centric world. Now today we're going to talk about security complexities that emerge AS organizations adopt SaaS at scale re architect infrastructure and try to support dynamic workforces, all while balancing user experience, automation and emerging risks like Gen AA data leakage. Harish Singh, welcome to threatvector. I'm really excited to have you here today.
[01:55]
A
Thank you, David. I'm also very excited to be part of this.
[02:01]
B
Talk to me a little bit about your journey through banking tech services and infrastructure leadership and how that's changed your approach to cybersecurity.
[02:11]
A
So that's a very good question and to be very frank, David, I've been in banking for last 20 years, that's two decades and I have seen a bank from Greenfield to becoming a brownfield bank. So that was a journey, what I have done with the banking. So I know how unique that experience was, how I managed all the risk, the compliances, the regulations and the resilience for the organization, being always part of the infrastructure side of the domain. Having led large scale digital transformation along regulatory environments or banking, I have firsthand experience how secure compliant, foundation enabled bank both growth and innovation today in my experience, my approach to cyber security is balancing protection, agility, user experience and regulatory adherence at an enterprise scale.
[03:14]
B
Oh, I really like that, that idea of finding that balance between what you need to deliver for the business, what you need to do to protect the business and your customers, but also thinking about, you know, what's the engineering challenge and what's the end user experience. And if you don't get those mixed in just the right way, any one of them could be the thing that stops you from success, stops you from growth. So it's, that's a big Range of things to think about. You've said 20 years and you went from Greenfield to Brownfield in that time. Have you noticed a shift where one of those ingredients, one of those things that you're considering in your strategy has really gone from sort of the back burner to, you know, to the forefront or have things changed around or has it always been balanced?
[04:07]
A
So David, to be honest to you, back at my banking journey, there was something which banking, Indian banking sector actually believed in, something called fail fast. So we were very enthusiast of looking at latest technologies and the greatest technologies, trying them and not living with them. And we could fail fast because we know because of the technology it carried a direct link to customer trust. One misstep could ripple into compliance issue, reputational issue or even financial stability of the bank. Correct. That environment taught me to see risk and security not as a control gate, but as an enabler of confidence. Even today in wipro, our global infrastructure, I carry that mindset and that helps me build resiliency and try more new products.
[05:07]
B
Not too long ago I interviewed our CIO here and she talked about how she trusts our security team to act as a strong brake so that she can go fast and she wants to drive innovation as fast as possible. She needs to be able to rely on, on, on that strong break. And it sounds like you have some of the similar mindset of how do you go fast. Well, I have great security around me. We've thought about this, you know, and I think that's a great way of looking at security and its relationship to innovation. I'm curious if that's the number one lesson you've learned over the years or if there's, there's something else that you've learned working in the financial sector that influences your approach to risk and security today.
[05:52]
A
So if you, if you talk about Financial Institute is always user experience, the compliance, the regulatory compliance. Basically these two play a major role when you talk about banking. And the belief in your customer is maintained by delivering both security and user experience. So those are in the forefront and that's the same thing. The same philosophy helps me in Wipro where we serve more than 1400 offshore development centers.
[06:29]
B
So let's shift to talking about your work with Wipro and how you're helping your customers re architect their infrastructure as those organizations are accelerating to SaaS adoption. How do you support a more dynamic and app centric workforce?
[06:47]
A
So if you, if you talk about, purely from a wipro perspective, we are helping our client to modernize. So the, the first principle, what we apply is we decouple security from the network. That's the most common mistake what, what other organizations are doing and what we are making. Important thing is identity driven. So policies follow the user wherever they work. It's not the other way around. I don't know if you have seen a Vodafone ad. It's very common in India where a pug, a dog, is always following a user, a user, a Vodafone user. So it shows wherever you go that pug will be with you. That means the Vodafone connectivity will be with you. In the similar way in today's identity driven zero trust framework, that's the same case wherever you go. It's like your corporate ID badge. Your access remains the same whether you go to hq, branch or any other place in your organization or to a hotel or to your home. So it has become very embedding. SASE at the edge has become a core.
[08:02]
B
You know, from the infrastructure perspective, what are some of the big security blind spots that you see a lot of organization tending to overlook?
[08:13]
A
There are three main blindfolds. What I could talk about right now, the one we talk about is the unmanaged device in our organization, or in any organization for that matter, where we have contractors coming in, they're getting access to the sensitive data, we have customer related data, we have customer related unmanaged devices, we have VPNs running through it, we have VDIS running through it, and so on, so forth. So it becomes very paramount on, on the unmanaged devices. That's the, that's the most important I believe for any organization. The second one is always about identity governance. The inconsistency in ID governance is a killer, is a no, no kind of a thing. The final thing, what I believe is what you spoke about on the SAS usage, the application SAS usage. If you look at the, the old and good times where it was more of a build rather than a buy, today SaaS environment is more about buying applications. So lack of visibility on those applications becomes a major hindrance. It's like you say you lock the front door but you forget to close the side windows.
[09:33]
B
So you're talking about SASE gaining real traction. And in the state of workforce security there was a stat in there, 34% increase in widespread production development developments year over year. What are you seeing as the biggest gains in sase? And you know, maybe what are some of the early pitfalls to avoid?
[09:57]
A
So David, SASE is a very big word. When I say SASE, it consists of multiple products, multiple vendors, multiple OEMs, which makes a SASE technically. So the early pitfalls come when sase is treated as a network upgrade instead of identity led transformation. So giving a very lame analogy is like building a skyscraper without a foundation kind of a thing. Correct. So we are seeing strong gains in our hybrid work enablement where SaaS protection and simplifying cloud security operations is paramount.
[10:40]
B
Haresh, how do you see secure browsers completing SASE strategies particularly in extending zero trust to unmanaged endpoints and SaaS applications?
[10:50]
A
So if you look at secure browser close a very critical gap and we recently have deployed a PAB browser which is Palo Alto Access browser. So I'll take a step back. I'll tell you David, the prima facie reason for getting a secure browser. If you look at our application stack or any application stack in a brown field kind of environment, in the brownfield kind of organization, you'll see n number of legacy applications being there, the new SaaS based application coming in. So there's a mix and match, there's a confusion and then security becomes very important because these applications, they contain user data, they have client data, they have PII information, GDPR information, etc. Etc. So and so forth. To fix this problem in core will take at least five years. If you look at the number of application organization has runs into hundreds too long into hundreds. So to fix it, you can't fix it at the source because that will take five years. So the secure browser helps you to create that extended zero trust directly to the endpoint which helps in managing all the security related at the core of the endpoints. So after deploying Endpoint secure browser all CXOs will embrace that. They will get a good night's sleep because their worry of people accessing applications from anywhere anytime will no more be there. That's my take on the Secure browser.
[12:42]
B
Only 13% of organizations report full visibility into data shared with Genai tools. What's at stake if this visibility gap isn't addressed?
[12:54]
A
So we all know Genai is no longer about future, it is happening here and it is now. So it becomes very important that Genai we all know that JNai is the new frontier of productivity visibility. And if you look at without visibility, organization risk, data leakage, compliance breach and erosion of trust with customers with gen AI adoption surging, the stakes are high as losing intellectual property without even realizing it. So there's a plenty of thing if we talk about zna, do you think
[13:32]
B
that the browser is going to play a key role in Stopping those risks.
[13:37]
A
Yes, definitely. If you look at from a browser perspective, there is something called browser level controls which we can enforce so that the smart browsers level control can be key to providing real time visibility into AI tools. Capturing images, text, code to generation the dynamic DLP in the secure browser, enforce blocking sensitive content to be taken out. Keyword blocking is there. And from a business view perspective, this is about trust with regulator, customer and partner. So yes, definitely.
[14:19]
B
You know what strikes me is that the browser is such a common and useful tool that we all have and we don't necessarily think about it, but it can provide that leakage, it can provide that risks on one side or you can flip it 100% and it can provide that security. And it's also the interface that so much work is getting done. So when you're able to make that shift, it feels like in a space where gen AI is moving so quickly that the browser gives you the opportunity to not only catch up, but to actually wrap that security around. Going back to your analogy of before with the TV commercial, right? As you use that browser, that's what travels with you. That's the first thing you pop open. You know, I'm sitting here talking to you through a browser. I've got a couple of tabs open. I'm sure you've got a couple of tabs open. Our listeners do too. And you think about wrapping security around all of those things that we're trying to do through the browser. It's just wild that you wouldn't want a secure browser, especially when you're interfacing with these, these spaces that leak your data, leak your code without necessarily intent. You're not malicious, you're just trying to get your job done with these better tools. And they are better, right? But they come with that incredible risk right now. So it's interesting to see where the browser has an opportunity to play in this space as we, as we race forward. I want to get back to the report for a second where I saw that it emphasizes SASE as a way of unifying networking and security. What benefits are you seeing or expecting from implementing sase architectures?
[16:36]
A
So Wipro is a very large organization. We have 96% of our servers and server workload running on our cloud. So we have big clouds like Microsoft, Google aws. Now we have Oracle also. So if you look from their perspective, SASE plays a very important role where they become the gatekeeper. So anything coming inside from a hub and spoke perspective, the SASE helps, the SASE architecture helps in the hub and spoke environment. So that is from a, from a cloud perspective. But when we come to the end user and endpoint, it is about defining unified policies and enforcing them across the environment, reducing complexity, managing multiple tools and improve user experience. That is almost always a key thing, if you ask me. User experience is one of the key thing. What I always believe SASE should deliver and Sassy should improvise on.
[17:42]
B
So Haresh, I don't know if you know this about me, but I spent the first 20, we'll just call it 20 years of my career building software, building websites focused on ux. Can you give me an example? Can you delight me with one of those user experience that you've delivered that you think it hits or exceeds your expectation for that end user to be delighted, to have, you know, something that they didn't expect and they're able to pick up quickly and get out of the way, let them do the work that they're looking to or have the experience that they deserve to have.
[18:21]
A
So David, if you look at, if I'm right, if I understand your question correctly, if you look at Covid taught us, and if you look at users were pretty happy that they could work from anywhere. Before COVID it was always a dream, which I believe when I used to talk to the CXOs, they always used to say, how can Starbucks work? Why can't we have a Starbucks? Kind of an environment where Internet is available, people are using it, there is no east west traffic, nobody's bothered about what the other person is doing, while if you take a cut, you come to your organization when you're sitting inside, you know, anybody can hack into your machine because the next person sitting may have a malicious intent, whether it's employee or whatever. So we talk about internal risk as the most, most critical kind of a risk. So with sase, that is my. The SASE helped us to change our mindset from a network driven to a person policy driven state. Correct. So this, wherever you take your machine or wherever your mobile phones, wherever you want to access your applications, it's available, just click of a button so you go anywhere. That's the beauty of sase.
[19:40]
B
Now I love that example because you're talking about that moment of inspiration or that moment when you need to get something done isn't a drop everything, get back to headquarters, get to a machine that's, you know, locked down and secure and do your job. You're talking about the ability to basically flip open whatever device, make sure that that browser security is wrapped around you make sure that that identity that you're talking about, that that individual security is there and you're able to knock out your work. So that is a better user experience. You know, as somebody who's been remote for quite a while, I can tell you it delights me that we have architectures and leaders like yourself working on making this just a seamless way that we go about, go about our lives. As I was looking through the report, I saw that 76% of leaders say that user experience is a top priority. And I think that you would agree with that. Alongside security, how do you measure or evaluate solutions that aim to balance those two specific goals?
[20:50]
A
So I'll give you a use case, David. When we deployed a PAB browser, it was not about how much incident that the PAB browser is reducing, but what is the adoption rate today? Adoption has become a most important factor and along with adoption came the satisfaction score. How people are leveraging this particular browser to safeguard them to ensure their work is happening was very paramount. And I'll tell you, if security is invisible and employee can work without friction, we know we have stuck the right balance.
[21:35]
B
I like that. So you're able to see adoption and therefore you know that the security is there and it implies that if they're adopting the tool, right, like we all move towards the thing that's going to get us the best experience. And that's actually very elegant. I love that answer, David.
[21:54]
A
If you look at it, if you look at it, if there is no adoption, see, we have seen, as I told you in banking, we used to fail fast because when we see the adoption is not happening, we used to understand why it is not happening. There used to be a satisfaction survey which calls out why it is not happening and whether this is suited to our organization or not. Because it's not about the product, it's about the policies, what your organization carries. Sometimes some products are the best product. So that plays a, from a product perspective, that plays a greater role.
[22:33]
B
Do you ever face pushback from teams when security controls affect their workflows?
[22:39]
A
Absolutely, David. That's a pain area when you hit the infrastructure. That is something which is very common. But yes, security can feel like a hurdle. Correct. People can feel suffocated and choked. But the key is to what we do is we involve end user at an early stage, ensure there is a org wide change management. We have our teams who run change management or wise and we frame controls as enablers and those are not something which will block our people from doing more business or Being more productivity. It's like you can always say that much like seat belts, what you used to. What we wear in cars. Correct. Initially everybody used to reset it, but now for safety, there's no question, there's no question asked. As soon as a person sits in the car, he looks out for a safety seat belt. Correct. So it's something very similar. It's about habit, it's about how much time you can give them and how we improve, do a continuous improvement.
[23:50]
B
Yeah, I think you're absolutely right on that seatbelt and the strong brake. Mira talked about that on an episode before. You want those things and once you don't have them, I think that's when you start to feel exposed. So you got to get used to it. But then it seems awkward not to have it. I'm curious if you could talk about the role of automation and what it does in securing infrastructure at scale.
[24:19]
A
So automation is no longer about options. So obviously automation came before machine learning or AI. So it's no longer option, it's become a DNA and it is a foundation for scaling. Correct. You talk about patch management, you talk about threat response, you talk about society. By the way, we use your product demi store for automating all our SOC alerts. Correct. So automation allows security team to move like machine speed rather than human speed. So with all the automation going in, our SOC team is much more agile and nimble and the rest of the thing is done by your tool.
[25:05]
B
Yeah, I know. I've talked to our team here about the wide deployment out of Xor in our own SOC and the number of things that it takes care of so that they can keep up. It's a relatively small team and the comment that really comes back to me was the team doesn't think about it until something doesn't work and they have to go back to doing it manual and they're moved off of those highly strategic tasks, those threat hunting, you know, exercises that they're in, some of these things that they do to protect the business to move back towards something that had been automated away. And it is wild to me to look at what you can do with an automation tool to move to that next level of speed. So, Harish, I want to look ahead. Let's move into the future. And I'm curious what role you see the enterprise browser playing in say the next three to five years in reshaping how organizations deliver secure work experiences.
[26:08]
A
So David, maybe I will repeat what I said for chain AI. Correct. So it's no longer about future. The enterprise browser is happening now and here so there is no second thought. It's a new security edge so enabling policy enforcing DLP identity control. Everything is very critical and call to every organization in in many ways it's like a control tower for modern workplace. So you can't there's no five years or three years. It's happening here and it's now. That's why Wipro embarked on it in such an early stage.
[26:51]
B
So if I hand the mic over to you to talk to all of your counterparts, you know those that lead infrastructure security leaders, is there one mind shift that you recommend as they prepare to for the next wave of digital transformation? And while I think I know what it is, what would it be?
[27:12]
A
David, I will suggest that move away from castle and moat mindset to one where identity and data are the new perimeter. Most of the people are still of this old mindset where they feel firewalls are the perimeter. But it's a left shift which has already happened correct? The shift is simple but powerful.
[27:43]
B
Haresh, thank you for this awesome conversation today and for sharing your insights on UX on hybrid work on SaaS security and the evolution of the enterprise which isn't coming in three to five years, it's already here. I really enjoyed this conversation.
[28:03]
A
Thank you so much David and the entire Palo Alto Network team. It's been a great discussion and I look forward to continuing our journey of making security simple, trusted and user first.
[28:25]
B
That's it for today. If you like what you heard, please subscribe wherever you listen and leave us a review on Apple Podcast or Spotify. Your reviews and feedback really do help me understand what you want to hear about and if you want to reach out to me directly about the show, email me at threatvector palo alto networks.com I want to thank our Executive producer Michael Heller, our content and production teams, which include Kenny Miller, Joe Benacourt and Virginia Virginia Tran. Original music and mix by Elliot Peltzman and a special shout out to Monique Lance for all of her work on this episode. We'll be back next week. Until then, stay secure, stay vigilant. Goodbye for now.
[29:15]
A
Sa.