sponsor content What's this?

GDIT unveils revolutionary modular approach to zero trust
Presented by
GDIT
Nearly a decade after the National Institute of Standards in Technology (NIST) released its first formal publication about zero trust architecture, agencies are now past the theoretical approach and solidly in practical mode. Technology leaders are no longer simply rethinking how to approach data in the age of zero trust or how to ensure continuous authorization within perimeters, they are acting. What that means for each agency, however, can differ drastically.
“We are in the ‘how’ stage of zero trust,” said John Sahlin, vice president of Cyber Pursuit at General Dynamics Information Technology (GDIT). “And as we’ve seen a ton of different agencies, we know each is different and on their own zero trust journey.”
On top of differing needs across agencies and departments, artificial intelligence (AI) and advancing agentic systems are further requiring zero trust to evolve. AI agents represent a new entity — not quite human users or devices, but something separate comprising aspects of both.
“AI forces us to rethink some of the assumptions of how we treat entities, both person and non-person entities, in the environment,” Sahlin said. “Do we have to create a new set of zero trust rule sets for agents and AI systems?”
Building on these observations and the breadth and depth of GDIT’s federal agency experience across use cases and mission requirements, the organization developed a unique perspective and approach to operationalizing zero trust. The key to successful zero trust no matter where on the adoption journey an agency may be, Sahlin said, is a modular approach.
Effective zero trust requires flexibility and speed
Across various mandates and executive orders, including President Trump’s Cyber Strategy for America and Promoting Advanced Artificial Intelligence Innovation and Security, the current administration is prioritizing accelerated innovation, interoperability and public-private collaboration to deliver new capabilities faster than ever.
At the same time, AI-powered solutions and other emerging technologies are becoming increasingly critical to success at the tactical edge. A modern zero trust approach must address all environments — enterprise to edge — and take into account varying mission needs. Even within the military, for example, how the Navy defines and acts at the tactical edge may be different from the Marine Corps approach and the Air Force approach. Needs can further differ across various regions, theaters and bases.
“You may not need every component at the tactical edge that you need at the enterprise, and the way you deploy for the enterprise may be very different from how you deploy for a tactical edge,” Sahlin said. “You have to think in terms of modularity, you have to think in terms of interoperability and you have to think in terms of usability.”
A zero trust solution made of individual components that can be integrated into data, applications and user base maximizes agility. A modern stack that can be deployed as a full set or in whatever elements a mission may call for enables agencies to adapt to sudden changes and move at the speed of the mission.
“I don't think anyone can afford to supersize a solution set and replicate an exact copy at every base, post, camp, station, ship in the fleet, fill in your blank of the use case for tactical edge that you would also deploy at an enterprise,” Sahlin said. “Focusing on the mission and how that mission changes is important for us, and that's one of the reasons why we focused our zero trust development efforts on a modular stack of capabilities.”
GDIT’s unique zero trust solution
The result of this novel approach has already successfully undergone a Department of War CIO purple team assessment and proven readiness across all 152 activities and seven pillars of zero trust execution. It is the first and only solution among those assessed with a modular deployment model.
“If data is the king on the chessboard, then the modularity of our solution is the queen, the most powerful player on the board,” Sahlin said. “That gives us the ultimate flexibility to address our clients’ mission and data protection needs, while meeting them where they are in their journey.”
In addition to enhancing adaptability, the new approach enables technology leaders to leverage existing investment in zero trust rather than wasting time and resources on a wholesale replacement of agencies’ current zero trust architecture.
“We know that they're somewhere along the journey, so we're not saying, ‘rip out and replace everything you've already invested,’” Sahlin said. “If you have an ICAM stack already, great. If you have a SIEM/SOAR solution, sweet. We bring the rest of the pieces that you need to fill in the gaps, and we integrate with what you have, but we don't start from zero.”
Because while each mission differs and each agency develops at its own pace, the overall goal remains the same: Accelerating delivery to the warfighter.
What’s next for zero trust?
Throwing a new complication into the zero trust landscape, a recent mandate, Adapting Zero Trust Principles to Operational Technology, stipulates that zero trust must be applied to OT systems by 2030. Securing OT systems raises different challenges, both due to the breadth of functions — from digital and cyber operations to physical light switches, locks, railway switches, water treatment facilities, the electric power grid and more — as well as the inherent criticality. If such systems fail, there is a higher likelihood of immediate threat to human lives.
“OT sits at the nexus between the digital and physical world, so the stakes are higher,” Sahlin said, “but also the way OT systems react to security controls is different.”
Much like in the IT space, legacy and outdated systems create hurdles to modernization. In the OT world, however, “outdated” can be a matter of multiple decades. OT systems also cannot tolerate much latency without causing potentially catastrophic failures.
Achieving the 2030 mandate requires assessing how these differences will impact the current zero trust approach, a conversation that must go beyond cyber and IT professionals to include the direct operators of the OT systems. GDIT is already investing in zero trust for OT to help lead this charge.
“As we think about OT systems and control systems combined with IT systems, we have to start thinking about weapons systems platforms — ships, autonomous vehicles, tanks and aircraft,” Sahlin said. “If you look at the General Dynamics portfolio … it's natural for GDIT to be thinking about how we protect those types of systems, because those are the types of systems that the rest of the General Dynamics family makes and delivers.”
Learn more about GDIT’s novel, modular approach to zero trust.
This content is made possible by our sponsor GDIT; it is not written by and does not necessarily reflect the views of GovExec’s editorial staff.
NEXT STORY: Defining the modern government workplace




