Threat Vector by Palo Alto Networks
Episode: Securing Modern Workforce
Date: October 9, 2025
Host: David Moulton (Palo Alto Networks, Unit 42)
Guest: Harish Singh (VP & Global Head, Infrastructure & App Mgmt, Wipro)
Overview
This episode dives into how organizations can modernize and effectively secure a dynamic, app-centric, hybrid workforce. Host David Moulton interviews Harish Singh, a veteran in digital transformation and cybersecurity, exploring practical strategies for balancing innovation, compliance, user experience, and the growing adoption of SaaS, SASE, automation, and secure browsers. The discussion is grounded in real-world examples and actionable insights from financial services and global IT environments, with an emphasis on making security "invisible yet powerful" to empower users without compromising safety.
Key Topics and Insights
1. Security as an Invisible, Empowering Force
- Security must be powerful but not obstructive, enabling users to "work freely" while ensuring protection, experience, and satisfaction.
- "We believe the real opportunity is in making security invisible yet powerful, so that people can work freely. This consists of user satisfaction, user experience... and this is what we practice."
— Harish Singh (00:25)
- "We believe the real opportunity is in making security invisible yet powerful, so that people can work freely. This consists of user satisfaction, user experience... and this is what we practice."
2. Lessons from Financial Sector: Risk as an Enabler, Not a Gate
- Balancing protection, agility, UX, and regulatory requirements is essential.
- Shift from viewing security as a “control gate” to as an “enabler of confidence”.
- “That environment taught me to see risk and security not as a control gate, but as an enabler of confidence.”
— Harish Singh (04:37)
- “That environment taught me to see risk and security not as a control gate, but as an enabler of confidence.”
3. Dynamic Workforce & SaaS Transformation
-
The move to SaaS at scale and hybrid workforces increases both complexity and opportunity.
-
Decoupling security from the network and making it identity-driven is critical for modern work models.
- "We decouple security from the network. That’s the most common mistake... Important thing is identity-driven. So policies follow the user wherever they work."
— Harish Singh (06:47)
- "We decouple security from the network. That’s the most common mistake... Important thing is identity-driven. So policies follow the user wherever they work."
-
Notable analogy:
- "It’s like your corporate ID badge. Your access remains the same whether you go to hq, branch or any other place... SASE at the edge has become a core."
— Harish Singh (07:20)
- "It’s like your corporate ID badge. Your access remains the same whether you go to hq, branch or any other place... SASE at the edge has become a core."
4. Top Security Blind Spots
- Unmanaged devices (contractors, BYOD)
- Inconsistent identity governance
- Lack of visibility into SaaS applications
- “It’s like you lock the front door but you forget to close the side windows.”
— Harish Singh (08:50)
- “It’s like you lock the front door but you forget to close the side windows.”
5. SASE (Secure Access Service Edge): Foundations and Pitfalls
- SASE should be treated as an identity-led transformation, not just a network upgrade.
- "Early pitfalls come when SASE is treated as a network upgrade instead of identity-led transformation. It's like building a skyscraper without a foundation."
— Harish Singh (09:57)
- "Early pitfalls come when SASE is treated as a network upgrade instead of identity-led transformation. It's like building a skyscraper without a foundation."
- Strongest gains: hybrid work enablement, simplified cloud security, unified policies.
6. Secure Browsers: Closing the Last Mile of Zero Trust
- Secure enterprise browsers offer real-time protection for legacy and SaaS apps, especially for unmanaged endpoints.
- They enable “dynamic DLP” and policy enforcement directly at the endpoint, essential for rapid threat evolution (e.g., GenAI).
- "Secure browser helps you to create that extended zero trust directly to the endpoint... After deploying Endpoint secure browser all CXOs will embrace that. They will get a good night's sleep because their worry... will no more be there."
— Harish Singh (11:28)
- "Secure browser helps you to create that extended zero trust directly to the endpoint... After deploying Endpoint secure browser all CXOs will embrace that. They will get a good night's sleep because their worry... will no more be there."
7. Zero Trust & GenAI: The New Security Frontier
- Only 13% of organizations have full visibility into GenAI data usage—a massive risk.
- Real-time DLP, keyword blocking, and browser-level controls are essential to maintain trust and compliance.
- “Without visibility, organizations risk data leakage, compliance breach and erosion of trust with customers... With gen AI adoption surging, the stakes are high as losing intellectual property without even realizing it.”
— Harish Singh (12:54) - “Smart browsers level control can be key to providing real time visibility into AI tools.”
— Harish Singh (13:37)
- “Without visibility, organizations risk data leakage, compliance breach and erosion of trust with customers... With gen AI adoption surging, the stakes are high as losing intellectual property without even realizing it.”
8. User Experience as a Metric for Security
-
User experience is now a top priority alongside security (76% of leader respondents).
-
Adoption rate and satisfaction scores indicate successful invisible security.
- "If security is invisible and employees can work without friction, we know we have struck the right balance."
— Harish Singh (21:13)
- "If security is invisible and employees can work without friction, we know we have struck the right balance."
-
Failure to adopt is quickly investigated via satisfaction surveys—goes back to “fail fast” ethos from the banking sector.
- "It's not about the product, it's about the policies your organization carries."
— Harish Singh (21:53)
- "It's not about the product, it's about the policies your organization carries."
9. Resistance and Change Management
- Security often feels like a burden; effective change management and involving end-users early are key.
- "Security can feel like a hurdle. Correct. People can feel suffocated and choked... It's like seat belts... Initially everybody used to resist ... but now for safety, there's no question."
— Harish Singh (22:39)
- "Security can feel like a hurdle. Correct. People can feel suffocated and choked... It's like seat belts... Initially everybody used to resist ... but now for safety, there's no question."
10. Automation at Scale: The New DNA
- Automation in patching, threat response, and SOC operations is essential for scaling and agility.
- "Automation is no longer about options... it is a foundation for scaling... Automation allows security teams to move like machine speed rather than human speed."
— Harish Singh (24:19)
- "Automation is no longer about options... it is a foundation for scaling... Automation allows security teams to move like machine speed rather than human speed."
11. Looking Ahead: The Enterprise Browser is Here, Not the Future
- The enterprise browser is already a "new security edge"—not a future technology.
- “It’s no longer about future. The enterprise browser is happening now and here... It’s a new security edge.”
— Harish Singh (26:07)
- “It’s no longer about future. The enterprise browser is happening now and here... It’s a new security edge.”
12. The Mindset Shift for Next-Gen Security
- Move from “castle and moat” (firewalls as perimeter) to “identity and data as the new perimeter”.
- Security must “shift left”—meet users and data wherever they are.
- "Move away from castle and moat mindset to one where identity and data are the new perimeter. The shift is simple but powerful."
— Harish Singh (27:11)
- "Move away from castle and moat mindset to one where identity and data are the new perimeter. The shift is simple but powerful."
Notable Quotes and Memorable Moments
-
“Risk and security not as a control gate, but as an enabler of confidence.”
- Harish Singh (04:37)
-
“Early pitfalls [with SASE] come when it’s treated as a network upgrade instead of an identity-led transformation.”
- Harish Singh (09:59)
-
“Secure browser helps you to create that extended zero trust directly to the endpoint... All CXOs will embrace that, they will get a good night's sleep.”
- Harish Singh (11:28)
-
“If security is invisible and employees can work without friction, we know we have struck the right balance.”
- Harish Singh (21:13)
-
“It's like seat belts... Initially everybody used to resist it, but now for safety, there's no question.”
- Harish Singh (22:45)
-
“Automation allows security teams to move like machine speed rather than human speed.”
- Harish Singh (24:19)
-
“Enterprise browser is happening now and here; it’s a new security edge.”
- Harish Singh (26:09)
-
“Move away from castle and moat mindset to one where identity and data are the new perimeter.”
- Harish Singh (27:11)
Useful Timestamps
| Topic | Timestamp | |---------------------------------------------|-------------| | Security as "Invisible yet Powerful" | 00:25 | | Financial infra lessons for cybersecurity | 02:11-04:07 | | User experience vs. protection vs. reg. | 05:52 | | SaaS & dynamic workforce | 06:28-08:02 | | Security blind spots | 08:12 | | SASE: Pitfalls & opportunities | 09:57 | | Secure browsers in Zero Trust | 10:50-12:41 | | GenAI visibility/Risks | 12:54-13:37 | | UX as security metric | 20:50-21:53 | | Resistance/change management | 22:39 | | Automation | 24:19 | | The enterprise browser—why it’s now | 26:07 | | Mindset shift: Identity & data perimeters | 27:11 |
Conclusion
In this deep-dive, Harish Singh and David Moulton illuminate the necessity for organizations to transition away from legacy, network-centric security models to user-centric, identity-led strategies, underpinned by SASE, automation, and secure browsers. The future of workforce security is here: flexible, seamless, and wrapped around the user and their data—enabling productivity and protecting trust, invisibly.
