The FY2027 Zero Trust deadline requires Department of Defense (DoD) agencies to meet target level goals of the Pentagon’s Zero Trust Strategy. This requirement aims to fundamentally transform the way DoD handles cybersecurity, moving from traditional perimeter-based defenses to a more dynamic, adaptive, and resilient framework. Unlike the conventional security models that rely on strong perimeter defenses to keep threats out, Zero Trust operates on the principle that threats can originate from anywhere — both inside and outside the network – and relies on a “never trust and always verify” concept – constantly monitoring, authorizing, and authenticating every workload, application, user, device, or system.
A central component of the Zero Trust architecture is Zero Trust Segmentation (ZTS), technology based on Zero Trust principles that divides a network into small, isolated segments and controls access to each segment. This plays a key role in protecting valuable assets, mission data, and national security interests.
Zero Trust Segmentation: An Essential Piece in the Zero Trust Architecture
According to NIST, the Zero Trust architecture adheres to these tenets: everything is considered a resource; all communications are secured – whitelisting only pre-approved applications, processes, and devices within the network; access is granted per session based on dynamic policies; the integrity and security of all assets are monitored; and strict authentication and authorization are enforced.
ZTS applies these tenets to its security methodology. By adhering to the principle of “least privilege” access and enabling continuous visualization of all communication patterns and traffic between workflows, devices, and the internet, ZTS restricts lateral movement if an attack were to occur.
While the DoD recognizes the critical role of ZTS in enhancing cybersecurity, it is prioritizing foundational elements of the Zero Trust framework first. Initial stages focus on strong identity and access management, robust network and application security, and improved endpoint security, which are crucial for supporting security tactics like ZTS.
For example, the DoD’s Zero Trust Strategy consists of seven key outcomes, including reducing attack surfaces through proactive actions enabled by microsegmentation of the DoD Information Enterprise. The DoD also released the DoD Zero Trust Capability Execution Roadmap, which lists ZTS as a key capability. Following this, the U.S. Air Force included an area in its newly released Zero Trust Strategy focused on expanding segmentation capabilities. By adopting ZTS, DoD agencies are not only aligning with strategic objectives, but also fortifying their defenses against evolving cyber threats, ensuring the protection of critical missions, and maintaining national security.
Zero Trust Segmentation Helps Warfighters M eet the Mission – Safely and Securely
To ensure DoD agencies are utilizing ZTS to its fullest effect, they should start with increasing end-to-end visibility to map out all assets and data flows. From there, agencies can identify high-value assets and assess associated risks, which will prepare them to define security policies for precise traffic management and control.
Another key component of ZTS is recognizing that attacks are inevitable – and putting the appropriate measures in place. Through continuous visualization, the isolation of high-value assets, and limiting the lateral movement, these proactive steps reduce the risk of widespread damage by attacks when they inevitably occur. Like how cars are equipped with seatbelts and airbags to reduce the fallout of a car accident, ZTS puts proactive steps in place to reduce the impact and damage when the worst occurs.
ZTS’ granular control over network traffic allows for precise enforcement of security policies, essential for maintaining robust security in complex environments where traditional methods may fall short due to their rigidity and lack of adaptability. ZTS ensures agile operations can remain in place and that rapid recovery efforts can be deployed, if necessary.
From a risk management perspective, ZTS facilitates proactive vulnerability identification and mitigation – allowing detailed monitoring of all traffic patterns further enhances security by enabling early detection of suspicious activities or deviations from normal traffic behavior.
Additionally, ZTS helps prioritize risk mitigation efforts and allocate resources strategically. This proactive approach not only strengthens overall cybersecurity but ensures resilience against evolving cyber threats. By embracing ZTS, mission warfighters can establish a robust defense framework that adapts to the dynamic nature of cybersecurity challenges, safeguarding critical operations and mission-critical assets effectively.
Advancing Defense Readiness Through ZTS
Implementing ZTS is crucial for the DoD because it enhances the security and resilience of its cyber infrastructure. By ensuring full visibility across all traffic patterns, identifying vulnerabilities and risks, isolating critical assets, and containing potential breaches, ZTS prevents lateral movement of threats – minimizing damage and operational disruption. This ensures mission-critical systems remain secure and functional.
ZTS not only safeguards sensitive information but strengthens the DoD’s ability to swiftly and effectively respond to evolving cyber threats. It achieves this by implementing strict access controls, continuously monitoring network activities, and applying policies that limit access based on user roles and context. This means that even if a threat actor breaches one segment of the network, they cannot easily move to other segments.
ZTS can help the DoD achieve its mission, maintain operational integrity, protect sensitive information, and enable a robust defense against sophisticated cyber adversaries.
About the Author
Gary Barlet is the Public Sector Chief Technology Officer, at Illumio, where he is responsible for working with government agencies, contractors and the broader ecosystem to build in Zero Trust Segmentation as a strategic component of the government Zero Trust architecture. Previously, Gary served as the Chief Information Officer (CIO) for the Office of the Inspector General, United States Postal Service. He has held key positions on several CIO staffs, including the Chief of Ground Networks for the Air Force CIO and Chief of Networks for the Air National Guard CIO, where he was responsible for information technology policy and providing technical expertise to senior leadership. He is a retired Lieutenant Colonel from the United States Air Force, where he served as a Cyberspace Operations Officer for 20 years. Gary can be reached online at https://www.linkedin.com/in/gary-barlet-4384115/ and at our company website https://www.illumio.com/
