Original Broadcast Date: 06/07/2026

Presented by SolarWinds & Carahsoft

Federal agencies pursuing zero trust initiatives should view the effort as more than a cybersecurity requirement. According to Brian Chamberlain, Business Development Lead for Public Sector at SolarWinds, zero trust represents a fundamental shift in how organizations think about security, risk, and mission operations.

Speaking on Fed Gov Today, Chamberlain explains that traditional cybersecurity models focused heavily on protecting network perimeters. Once users successfully authenticated and entered the network, they often gained broad access to systems and information.

That approach no longer reflects today's threat environment.

Instead, zero trust requires agencies to operate under the assumption that adversaries may already be inside the network. Whether a threat actor is actually present or not, organizations must design security strategies that account for that possibility.

"We have to assume that they're there," Chamberlain says.

This shift in mindset changes how agencies approach cybersecurity. Rather than concentrating solely on keeping attackers out, organizations must also focus on limiting access, protecting critical assets, and maintaining operations even if a compromise occurs.

For federal agencies, that creates both technical and organizational challenges.

One of the biggest obstacles, according to Chamberlain, is the existence of stovepiped technology environments. Many agencies operate a mix of modern systems and older technologies that continue to support mission-critical functions.

Over time, organizations have adopted new platforms and capabilities while maintaining legacy applications that remain essential to daily operations. The result is a collection of systems that often operate differently, generate different types of data, and present unique security challenges.

When agencies begin implementing zero trust, those differences become difficult to ignore.

"I think it really is a challenge," Chamberlain says of stovepiped environments.

Legacy systems are particularly important because many were developed before modern visibility and telemetry capabilities became standard. While these systems may still perform critical functions, they often lack the information and monitoring capabilities that support modern cybersecurity practices.

As a result, Chamberlain recommends that agencies begin their zero trust journey with observability.

Before implementing new controls or technologies, organizations need a complete understanding of what exists inside their environments. That includes identifying assets, understanding dependencies, and determining which systems support mission-critical operations.

"We need to identify everything within that network environment," he says.

A thorough inventory allows agencies to distinguish between critical systems and less essential assets. It also helps leaders identify which mission-critical functions remain dependent on legacy technology.

Once that understanding is established, agencies can take targeted steps to improve security while minimizing operational disruption.

For example, Chamberlain points to microsegmentation as one approach for protecting legacy technologies that cannot immediately be replaced or modernized. By limiting access pathways and isolating systems where appropriate, agencies can reduce risk while continuing to support important mission functions.

The modernization process itself requires patience and careful planning.

Chamberlain cautions against treating zero trust as a one-time technology deployment or a simple compliance exercise. He says agencies should avoid viewing zero trust as a switch that can be flipped once the right products are installed.

Instead, implementation should occur through a phased approach that gradually improves security while maintaining operational continuity.

"This isn't an all-or-nothing," Chamberlain explains.

A measured strategy helps agencies avoid introducing new vulnerabilities through rushed deployments or poorly coordinated changes. It also allows organizations to adapt as requirements evolve and new technologies become available.

Leadership engagement plays a critical role throughout that process.

Chamberlain notes that successful zero trust initiatives require participation from senior leaders, technology teams, and end users alike. Security decisions often involve funding priorities, operational tradeoffs, and modernization investments that cannot be addressed by technical teams alone.

Budget alignment is especially important.

As agencies evaluate modernization efforts, Chamberlain recommends focusing resources on mission-critical capabilities and the systems that support them. Understanding those priorities enables organizations to make informed investment decisions while advancing their broader zero trust objectives.

Ultimately, Chamberlain views zero trust as a long-term transformation that strengthens both security and mission resilience.

By improving visibility, protecting critical assets, addressing legacy technology challenges, and adopting a phased implementation strategy, agencies can build environments that are better prepared to operate in an increasingly complex threat landscape.

For federal organizations, zero trust is not simply about defending networks. It is about creating a framework that allows agencies to continue executing their missions while managing risk in a world where threats must always be assumed to be present.