Key Takeaways
- Many cybersecurity breaches happen because companies rely on outdated security models that don’t work against modern threats.
- True “Zero Trust” security eliminates the traditional network concept, instead creating direct, policy-based connections between users, devices, and applications.
- MGM Resorts implemented Zero Trust architecture to enhance security across its complex global operations, including hotels, casinos, and entertainment venues.
- Combining Zero Trust with AI helps MGM detect threats faster and respond more effectively.
- The approach allows MGM employees to safely use public generative AI tools while automatically protecting sensitive company data.
- Zero Trust simplifies securing branch locations, treating each site as isolated to prevent attackers from moving laterally through the network.
Despite significant spending on cybersecurity, data breaches remain a persistent problem. Often, this stems from companies clinging to old security methods that are no longer effective against today’s sophisticated threats, rather than adopting new approaches.
Instead of simply patching up legacy systems, a concept known as Zero Trust fundamentally reimagines security. It removes the idea of a trusted internal network altogether. In a true Zero Trust model, no one is automatically trusted; connections are made directly between users and the applications they need, based on strict policies.
MGM Resorts International is one major company embracing this shift. According to a report from CIO.com, the global hospitality giant, with its vast network of hotels, casinos, entertainment venues, and over 70,000 employees, needed a robust and scalable security solution.
MGM’s Chief Information Security Officer, Stephen Harrison, explained how they adopted Zero Trust not just as a trend, but as a practical way to simplify and strengthen security across their diverse business.
The company found particular success by combining Zero Trust principles with Artificial Intelligence (AI). This allows them to automatically detect unusual activity and enforce security policies in real-time, shifting from simply reacting to breaches to proactively defending against threats.
This AI-powered Zero Trust system has streamlined MGM’s incident response. Harrison noted that managing security the old way, with thousands of separate rules, “just doesn’t scale,” but the new architecture makes it manageable.
Another challenge was the rise of public generative AI tools. Instead of banning these potentially useful applications, which often leads employees to use personal devices, MGM uses its Zero Trust framework to govern their use safely. The system inspects prompts and responses, protecting sensitive data without hindering employee innovation.
Harrison emphasized empowering employees, stating that blocking AI access would be like “asking them to work on typewriters.” MGM now monitors millions of AI prompts weekly, allowing access while enforcing data protection policies.
Finally, the Zero Trust model transforms how branch locations are secured. Traditional networks often allow attackers who breach one location to move laterally to others. The new approach treats every site—be it a large resort, a small office, or even a gas station—as an isolated entity.
This prevents attackers from spreading easily and allows MGM to deploy secure infrastructure quickly without the cost and complexity of traditional firewalls and networking gear. It’s about applying Zero Trust principles everywhere, efficiently.
The core ideas are simple: minimize the areas attackers can target, treat all users and connections as untrusted initially, and isolate every location to halt threats instantly. This represents a more agile and effective future for cybersecurity.
