Closing out Cybersecurity Awareness Month, GDIT recently hosted the last in its series of internal cybersecurity forums designed to bring industry partners together with our workforce to discuss some of the most pressing cybersecurity issues of the day. While the entire, four-week series focused on Zero Trust, our final two sessions were on Network Access and Software Defined Permitters (SDP), each within a Zero Trust context.

The Network Access session featured invited guest Patrick Perry, the Director of Federal Emerging Technical Solutions at Zscaler, which has developed a Zero Trust Exchange platform and is a leader in the Zero Trust security space. He joined GDIT cybersecurity leads to talk about why Zero Trust Network Access is so important.

“Applications are everywhere, and users are too,” he said. “The importance of identity and device context when creating conditional access has been growing over time. Connectivity needs to be more of a per-application basis, rather than entire networks.”

The fourth and final session was on Software Defined Perimeters and Segmentation and featured Jonathan Roy, Principal Security Architect at Appgate, which is an identity-centric, network enforced perimeter security solution, designed around user and device identity. SDP builds a multi-dimensional profile of a user or device to authorize a user before granting access. It applies the principle of least privilege to the network to enforce the Zero Trust model. He spoke about the importance of understanding users, devices, and behaviors on a given platform or network and then using that information to make access decisions in real-time and on a continuous basis.

“We focus on creating a unified policy edge that can read in telemetry data and decision data creating more of a global entity,” he said. “The second piece is that we want to reduce a lot of the complexity in traditional, choke-point architectures and, instead, take a data-centric approach without increasing complexity… and do it in real-time to define what a user should and shouldn’t be able to see.”

Just as previous sessions, recordings of the sessions were made available to all GDIT staff, maximizing their impact and reach and reaffirming our commitment to ensuring our staff are as informed and up-to-speed on emerging technologies as possible – in the cybersecurity domain and elsewhere. Earlier sessions featured Palo Alto Networks and Crowdstrike, discussing cloud workload protection and endpoint protection respectively.

“We’re so grateful to all of the industry partners who participated in this event with us. We understand that collaboration and the sharing of ideas are what drives innovation, ” GDIT Cybersecurity Vice President and Cybersecurity Center of Excellence Lead Dr. Matthew McFadden said. “It’s so important that we hear from industry about what they’re developing and, at the same time, that they hear from us about the challenges we’re solving for customers. We can’t deliver the ‘art of the possible’ without broadening the lens of what that means, and our industry partners help us do that in really meaningful ways.”