As Netskope continues redefining secure access and adaptive trust, the company’s commitment to innovation extends into culture, operating models, product design, and forward-looking security strategy. In the first installment of this series, Mike Anderson, Chief Digital and Information Officer at Netskope, discussed the evolving responsibilities of the CIO and what it truly means to do Zero Trust “right.”

In the second part, he unpacked GenAI adoption, enterprise browser strategy, embedded AI within SaaS, and guardrails for developer-led AI innovation.

In this final installment of his conversation with Kirk Ball, CIO of Worldpay, Anderson delves into three critical frontiers shaping Netskope’s strategy: the power of Customer Zero, convergence of IT and security through product operating models, and the emerging urgency of post-quantum threats.

The Customer Zero mindset

When asked about Netskope’s “Customer Zero” philosophy, Anderson says it is a discipline he considers essential to building great products and supporting the field. “I’m very passionate about our Customer Zero program because as a technology company, you have to drink your own champagne, and you should drink it and taste it.”
He continues with an analogy: “Just like a sommelier is tasting the wines. If I’m the winemaker, I’m tasting the wine before I bottle it.”

For Anderson, being Customer Zero means uncovering issues before customers experience them and shaping product evolution through real-world usage. With over half of Netskope’s workforce focused on engineering and R&D, this loop of testing, feedback, and refinement is central to continuous innovation.

Eliminating whack-a-mole troubleshooting

One of Anderson’s most frequently used capabilities internally is digital experience management. It helps teams pinpoint where performance issues occur — on the device, on home Wi-Fi, through third-party VPNs, local telco networks, Netskope infrastructure, or external app providers.

He explains the complexity: “Is it on their device? Is it something in their local network? Is it Netskope that’s causing a problem? Is it past Netskope to the application provider themselves?”

Without this visibility, resolving incidents often becomes a “whack-a-mole” exercise for service desks.

“That’s where you have a user that’s just trying to get their job done, and they’re not being productive,” he says.

For Netskope’s level-one help desk, the tool has become indispensable: “Digital experience management has been a godsend for my level-one help desk to be able to do that troubleshooting.”

Turning feedback into product evolution

Anderson also uses data and analytics to examine trends, evaluate AI tool usage, and surface insights that directly feed product enhancement. “We can provide feedback directly to our product teams and say, ‘You fix this; it’s going to help us drive more value for our customers,” he explains.

He also thinks deeply about integrations with partners like Okta and CrowdStrike. “I always look at integrations as how does one plus one equal something more than two?”

By using these third-party tools internally, Netskope uncovers ways to deepen symbiotic partnerships and deliver richer capabilities for customers.

Converging IT and security into product operating models

When asked how Anderson and Netskope’s CISO have merged IT and security into a unified operating model, Anderson acknowledges the pattern: “A lot of times networking and security are not aligned, or infrastructure and security aren’t aligned in organizations.”

The tension often arises because infrastructure teams feel their budgets are continually redirected to security investments. To break this cycle, Netskope restructured around a product-centric model.

“What if we converge identity and access management into one product fusion team?” Anderson recalls proposing.

This new team included a single product owner, architects from both IT and security, and shared accountability for outcomes across:

• Identity and single sign-on
• Multi-factor authentication
• Identity governance and administration
• Privileged access management

The unified team then tackled major goals, including reducing user access request tickets, which accounted for 25% of the help desk’s 60,000 annual service requests, and improving accuracy and timeliness of access reviews.

Their first major win was implementing a new identity governance solution in under 90 days, including onboarding every SOX in-scope application.

“We’ve been able to move very quickly,” Anderson says. “We no longer have the waste in the process, and we get inefficiency in handoffs between teams.”

The model has been so successful that Netskope is rolling out similar product teams for secure endpoints and secure workplaces, and Anderson and the CISO have submitted their approach for presentation at RSA.

Preparing for post-quantum threats

The final question turns to quantum computing and whether Netskope is preparing for post-quantum risks. Anderson’s answer is unequivocal: it’s not too early.

He warns about a growing threat pattern known as “harvest now, decrypt later.”

“We’re seeing threat actors, especially nation states, grabbing as much data as they can and not even worrying about decrypting it. At some point, they’re going to decrypt all this data using quantum.”

His guidance begins with a tough organizational question:  “What data in their organization would deliver the most harm if it were to get decrypted?”

Anderson stresses that not all encryption is equally at risk:

• Data at rest protected with AES-512 or higher remains safer (with performance considerations).
• Data in motion, protected by today’s public–private key encryption, is far more vulnerable.

“That’s the area you have to focus on first,” he says. NIST has published quantum-safe algorithms, and Netskope is already acting: “We actually are going into beta with our quantum encryption for data in motion.”

Financial services organizations, especially in Japan, have been early design partners, pushing the industry toward readiness.

Concluding, Anderson says, “Don’t wait. Start at a minimum; start doing an inventory of all the different encryption methods you have today. Start getting ready and start thinking about the roadmap.”

CDO Magazine appreciates Mike Anderson for sharing his insights with our global community.