Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Zscaler: How NOV Eliminated Firewalls and VPNs with Zero Trust

Zscaler
07/12/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


My job is to make sure our IT infrastructure and security enable our business as we power the people who power the world. Our transformation journey was driven by a recession in our industry caused by excess production of our main commodity, which is oil. With our revenues plummeting and our tech stack at end of life, we needed to find a way to reduce cost, improve productivity, and protect against the ever-evolving threats we faced. We were the classic, normal hub-and-spoke network with a castle-in-moat security model. Taking that same legacy architecture and trying to use it with our growing cloud utilization was holding us back from achieving our business objectives. We needed a radical new approach, and we needed it fast. That's why we partnered with Zscaler and adopted their Zero Trust Exchange platform. During our journey, we learned our goal of Never Trust, but Always Verify is actually something called Zero Trust. We have eliminated our user VPNs and have decided now that firewalls need to go, because you can't implement Zero Trust by poking holes and building tunnels everywhere. You have to eliminate your attack surface and eliminate lateral movement. Like most organizations, we were heavily reliant on VPNs and firewalls for our employees and locations to have a pathway to the resources, such as files, applications, and web servers they needed to get to to do their work. Problem was, our firewalls and VPNs were exposing public IP addresses on the internet. They were discoverable by design and created an attack surface that has kind of ended up as an unattended consequence. VPNs and firewalls expose their IP address publicly and act like a homing beacon for the bad guys that says, here I am, come attack me. While it enabled our employees and customers to find NOV resources, it was just as easy for the bad actors to do the same. Zero-day vulnerabilities, like we all saw with Heartbleed or Log4j, could impact us at any time. If an attacker finds you and then exploits a vulnerability in an unpatched device exposed on the internet, then they're in. And today, imagine how much easier this is with Gen AI. I often use the analogy that a firewall acts like a door to a house. Once it's open, the traffic flows. Once in the house, attackers can move unimpeded to any room and steal or inflict damage at will. Firewalls and VPNs can't help us anymore. They have literally become our attack surface. It's not only employees in our offices, or remotely connecting, or even our consultants or contractors that we have to think about. This risk is constantly expanding. Think about all the IoT equipment, such as time clocks, cameras, access control systems, and even more scattered all across our enterprise. Or the CNC machines and sensors at our manufacturing facilities. And this is to say nothing about all of our NOV equipment on oil and gas rigs across the planet, where our customers need data streamed to them in real time, many of which are only accessible via satellite. We live in a world where every device, every location needs to be connected at all times. That means more public IPs, more attack surface. And a pile on even more. Every time we acquire a company or enter into a joint venture with a partner, there's a real need to share data across systems from different companies, integrations, migrations, and on and on. It all leads to a growing attack surface because the number of exposed public IPs just grows. So we thought, what if we didn't need to expose IP addresses on the public internet? How would that work? Wouldn't it be better if these bad guys couldn't even find us in the first place? The Zero Trust approach to the attack surfaces eliminate it. No public IPs mean the bad actors don't have anything to attack. Zscaler Zero Trust Exchange is a security proxy that operates like a switchboard on steroids. It delivers policy-based conditional access. It will check identity, context, and posture before stitching together connections between entities, between users and applications, or admins to OT systems, or even branch sites to data centers. The only thing exposed is the Zscaler proxy. I don't have to expose any of my public IP addresses. As we implement, it's like we put on a cloaking device and our operations simply went dark, invisible from the internet. It is a journey, but we need to start now. Yes, it is probably impossible to eliminate every public IP address. For example, my company can never eliminate the public IP address for our external website. Everyone needs to be able to get to that. But challenge your teams. Going down from 100 to 5 IP addresses will substantially reduce your attack surface and your risk of breach. We need partners with new thinking, not doubling down on what got us into this problem. You also can't boil the ocean all at once, and we need partners that can work together on a phased transformation journey that realizes there will still be some legacy that needs to be supported. We partnered with Zscaler and adopted their Zero Trust Exchange platform to eliminate a bunch of legacy point products, which helps us drastically reduce costs and complexity, and it also improves our user experience. And of course, just like with our legacy vendors, resilience and uptime is critical. The reality is if Zscaler doesn't work, NOV doesn't work. Their resilient, comprehensive Zero Trust platform has been pivotal in helping make NOV business a lot more agile. It saved us millions of dollars, improved our user productivity, and drastically improved our security posture.

TL;DR

  • NOV eliminated user VPNs and is removing firewalls because they expose public IP addresses that create discoverable attack surfaces for threat actors.
  • The Zero Trust Exchange acts as a security proxy that verifies identity, context, and posture before connecting users to applications, making NOV's infrastructure invisible to the internet.
  • Attack surface concerns extend beyond employees to IoT devices, manufacturing equipment, oil rig sensors, and integration points from acquisitions and joint ventures.
  • The transformation saved NOV millions of dollars while improving user productivity and security posture by consolidating legacy point products into a single platform.

The Business Case for Eliminating Public IP Exposure

Alex Phillips, CIO of NOV, explains how an industry recession and aging technology stack forced a fundamental rethinking of their security architecture. The company had operated with a traditional hub-and-spoke network and castle-and-moat security model, but growing cloud utilization made this legacy approach untenable. Phillips describes how VPNs and firewalls, once considered security essentials, had become the primary attack surface by exposing public IP addresses that acted as homing beacons for attackers. The risk extended beyond employees to encompass IoT devices, manufacturing equipment, oil rig sensors, and the constant integration challenges from acquisitions and joint ventures.

Implementing Zero Trust to Go Dark on the Internet

NOV partnered with Zscaler to adopt a Zero Trust Exchange platform that fundamentally changed their connectivity model. Rather than exposing resources through firewalls and VPNs, the Zscaler proxy acts as a switchboard that verifies identity, context, and posture before stitching connections between users and applications. Phillips uses the analogy of a cloaking device—once implemented, NOV's operations became invisible to the internet. While acknowledging that eliminating every public IP address is impossible (external websites still need to be reachable), he emphasizes that reducing from 100 to 5 exposed addresses substantially reduces breach risk. The transformation eliminated legacy point products, reduced costs by millions, improved user productivity, and strengthened security posture.

Chapters

0:00 - Introduction and Business Context
0:33 - Legacy Architecture Limitations
1:18 - VPN and Firewall Vulnerabilities
2:36 - Expanding Attack Surface
3:38 - Zero Trust Approach
4:33 - Implementation Guidance

Key Quotes

1:02 "We have eliminated our user VPNs and have decided now that firewalls need to go, because you can't implement Zero Trust by poking holes and building tunnels everywhere."
1:43 "VPNs and firewalls expose their IP address publicly and act like a homing beacon for the bad guys that says, here I am, come attack me."
2:30 "Firewalls and VPNs can't help us anymore. They have literally become our attack surface."
5:30 "The reality is if Zscaler doesn't work, NOV doesn't work."

FAQ

Can organizations completely eliminate all public IP addresses?

According to Phillips, complete elimination is probably impossible—external websites still need public IP addresses so customers can reach them. However, he challenges teams to reduce dramatically, noting that going from 100 to 5 exposed IP addresses substantially reduces attack surface and breach risk.

How does Zero Trust Exchange differ from traditional VPN and firewall security?

Traditional VPNs and firewalls expose public IP addresses that are discoverable by design, creating attack surfaces. Zero Trust Exchange operates as a proxy that verifies identity, context, and device posture before stitching connections, meaning only the Zscaler proxy is exposed rather than the organization's resources.


Categories:
  • » Webinar Library » Zscaler
  • » Cybersecurity » Network Security
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Zero Trust
  • Network Security
  • Customer Story
  • OT
  • IoT Security
  • SASE
  • SSE
  • Zero Trust Architecture
  • Attack Surface Reduction
  • VPN Elimination
  • Firewall Replacement
  • Public IP Exposure
  • Cloud Security Transformation
  • Lateral Movement Prevention
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Zscaler: How NOV Eliminated Firewalls and VPNs with Zero Trust

              Upcoming Webinar Calendar

              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Worthy Security Team for Unmatched Defense
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-worthy-security-team-for-unmatched-defense/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Strategies in Data Protection and Privacy Management
                https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                14

                Crafting a Championship-Worthy Security Team for Unmatched Defense

                07/14/202601:00 PM ET
                • Jul
                  14

                  Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                  07/14/202602:00 PM ET
                  • Jul
                    21

                    Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                    07/21/202604:00 AM ET
                    • Jul
                      22

                      Insights and Strategies in Data Protection and Privacy Management

                      07/22/202606:30 AM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version