Zscaler Federal Chief Technology Officer (CTO) Ryan McArthur detailed how the cloud security company is helping the U.S. military deploy zero trust at the operational edge during AFCEA International’s TechNet Augusta 2024.
McArthur recently served as the executive program manager of the Defense Department’s (DoD) Joint Warfighting Cloud Capability (JWCC) contract until he transitioned to Zscaler in April.
“In the past, the Army and the Air Force have consistently tried to envision doing agile deployments,” McArthur said during his Aug. 21 TechNet Augusta session titled “Beans, Bullets, and Bytes: Realizing the Promise of Zero Trust.”
“But if you look at how we’ve inherently done this across the service, what you’ll see is we don’t do it in an agile way. We don’t do it in a fast way. We do it in a heavy way,” McArthur said. “We deploy large amounts of hardware, large amounts of capabilities.”
McArthur pointed to the Pentagon’s Joint Regional Security Stacks (JRSS) as “a perfect example” of this.
“JRSS is a massive capability that’s taken years to deploy. It’s been going on for the last 15 years. And we ended up having to back off of it. You didn’t see it go out to the [Indo Pacific] because of the size and mass and cost,” he explained.
McArthur said that programs like the JRSS slow the DoD down and don’t allow it to roll out new capabilities at scale.
“By moving to a zero trust Secure Access Service Edge (SASE) deployment, what this allows you to do is move to a more cloud centric [solution],” the Federal CTO said. “Cloud-based security solutions will allow you to do just in time access, it provides zero trust lines of communication which will allow you to use any type of transport.”
McArthur warned that having a heavy IP footprint puts you at risk of being breachable. Deploying a SASE solution allows for more interoperability between organizations, he said.
“How you can actually function is to gain access to capabilities. You can do role-based attribute identity. You can do rapid onboarding capabilities. You can do identity positioning. You can segment them out from data and identity perspective, and you can do joint access,” he explained.
McArthur offered an example of an operational edge zero trust use case that Zscaler recently deployed overseas with a mission partner and an Army unit.
“Ultimately, what this was able to do, we were able to do rapid installation, and we were up and running in two hours,” McArthur said. “There’s no exceeded latency added by using cloud-based technologies … and they had dynamic based policy access for all the users.”
