Despite massive cybersecurity investments, breaches continue to happen and the reason for that is often inertia. Technology moves quickly and that can cause discomfort for some executives, meaning they often cling to old models that have been proven again and again to be ineffective against today’s threats. Instead of reimagining security and the network from scratch, they try to update legacy models. That’s why, when I started Zscaler, the goal wasn’t to build a better firewall — it was to remove the network from the security equation entirely. True zero trust means no implicit trust, no network to “get on”, only direct, policy-based connections between users, devices, and applications.
One company that shares Zscaler’s zero trust vision is MGM Resorts. The company’s CISO, Stephen Harrison, joined me onstage at the Cloud Security Alliance Summit on the first day of the RSA Conference to talk about MGM’s transformation.
MGM stretches far beyond Las Vegas casinos. The company has hotels in the United States and around the world, golf clubs, entertainment venues, and even gas stations. With over 70,000 employees and a high-profile brand, robust cybersecurity is critical. Stephen and his team embraced zero trust not as a buzzword, but as a practical architecture to simplify and scale security across this diverse environment.
Making a difference
Our conversation focused on three critical areas where Zscaler’s platform has made a difference to MGM: combining zero trust and AI to improve security operations, enabling safe use of public generative AI applications, and rethinking branch architecture to minimize attack surfaces.
First, we explored how AI amplifies the power of zero trust. In Zscaler’s model, every connection is policy-driven and independent, with no traditional network to attack. When AI is added to the mix, it becomes possible to detect anomalies and enforce policies in real time, making enterprises far more agile against threats. It’s about moving from reactive security to proactive defense and with our AI we are even able to predict what threat actors might do next.
Stephen described how this shift has improved resilience at MGM. Centralized policy enforcement combined with AI insights has streamlined their incident response, allowing them to avoid the traditional chaos of managing thousands of disconnected policies and rule sets. As he put it, “it just doesn’t scale” to do it the old way, but zero trust has made it manageable.
Next, we addressed the challenge of employees using public AI applications. The response from many companies has been to ban access to AI from corporate devices, but that simply drives employees to use personal devices to evade the block. Zscaler enables organizations to govern usage safely by inspecting prompts and responses without restricting innovation. Employees can access the AI tools they need while corporate policies silently protect sensitive data.
Stephen emphasized that empowering employees was critical to MGM’s success. Rather than handicapping teams by limiting access, they used the Zscaler platform to allow responsible AI use, applying data protection policies transparently. “Telling people not to use AI would be like asking them to work on typewriters,” he noted—and he’s right. MGM Resorts is now monitoring around four million prompts a week and allows users to access the AI apps of their choice, then inspecting and blocking and transforming the prompts and returns based on their governance and policy.
Scaling without friction
Finally, we discussed why zero trust branch architecture is so important. Traditional network designs still expose businesses to lateral movement once attackers are inside–any branch can become an entry point for an attacker intent on spreading ransomware or stealing IP. Our approach treats every branch like an isolated cafe: no broad trust, no internal sprawl, just secure, direct application access. We create a network segment of one per device in your factory, in your headquarters, in your branch, and only authorized connections are allowed without having to deal with the old school IP addresses.
For MGM, this model fits perfectly. Whether it’s a full resort, a hotel, a standalone gas station, or even a sports betting kiosk, they can deploy secure infrastructure quickly and without the old burdens of managing complex and increasingly expensive firewalls and networking hardware. In Stephen’s words, it’s about scaling zero trust everywhere, without friction slowing them down.
Parting thoughts
I left the audience with three key thoughts: First, in a zero trust world, an organization’s attack surface is minimized and if attackers can’t find you, they can’t attack you. Second, users, employees, or contractors, are treated equally, always connecting through a secure guest-like network–trust is never extended and connections are constantly verified. And last, every branch office, no matter the size, becomes an isolated environment, stopping lateral movement before it can ever start. That’s the future of security—and it’s here today.
I’m very grateful to the Cloud Security Alliance for hosting us and look forward to continued engagement with their community.
To learn more, visit us here.
Read More from This Article: Zero Trust everywhere: How MGM Resorts found agility and security with Zscaler
Source: News