Industry Insights

Drew Schnabel, VP of Federal at Zscaler

Written by Fed Gov Today | Feb 19, 2024 12:35:59 AM

 

Accelerating Zero Trust Adoption: Zscaler's Drew Schnabel's Perspective on DoD Modernization


Drew Schnabel, VP of Federal at Zscaler, discusses the Department of Defense's (DoD) journey toward adopting zero trust architectures, emphasizing the need for more rapid modernization of its infrastructure and cloud services. Highlighting the Navy's challenges with VPN vulnerabilities that hinder access to critical applications, Schnabel argues for an expedited move towards zero trust, well ahead of the DoD's 2027 target. He points out the DoD's struggle to pivot from legacy technologies due to its size and acquisition processes, suggesting that pilot programs could demonstrate the efficacy and scalability of zero trust solutions. Schnabel outlines three main goals for these pilots: reducing the attack surface, enhancing visibility and analytics, and adopting a breach-assumption mindset. He envisions success as a combination of fewer breaches, a stronger security posture, and direct, secure access for trusted users to essential applications.

Key Takeaways:

Urgency in Adopting Zero Trust: Schnabel stresses the importance of moving quickly to adopt zero trust architectures within the DoD to secure and protect its "Crown Jewels." He advocates for initiating change now rather than waiting until 2027.

Challenges in Modernization: The DoD's size and entrenched legacy systems, along with acquisition and budgetary constraints, are identified as significant barriers to rapid modernization. Schnabel suggests that starting with pilot programs could help overcome these obstacles by proving the benefits of zero trust in specific contexts, making the case for broader implementation.

Strategic Focus Areas for Zero Trust Pilots: For effective zero trust adoption, Schnabel recommends focusing on reducing the attack surface by granting users access only to needed applications, improving visibility and analytics to understand and mitigate threats, and assuming that breaches will occur to ensure preparedness. These strategies aim to limit lateral movement by adversaries within networks and enhance overall defense postures.