For years now, Zero Trust has been top of mind for the Defense Department and industrial base as a way to secure and authenticate users and devices. Now, however, the DoD has recognized that it’s also paramount to similarly secure the data as part of a full-spectrum Zero Trust implementation.
Breaking Defense discussed this issue and how to execute Zero Trust data security with Mario Puras, Senior Vice President of Global Solutions Engineering and Architecture at Netskope.
Breaking Defense: What are the DoD’s Zero Trust goals, and what threats are they designed to address?
The Department of Defense’s Zero Trust strategy is designed to defend against sophisticated, persistent threats by eliminating implicit trust at every level of the digital environment. It emphasizes verifying every access request, enforcing least-privilege access, and assuming adversaries may already be inside the network.
But this isn’t just about protecting users or devices, it’s about securing mission-critical data. Threat scenarios range from credential theft and lateral movement to the exfiltration of classified documents and operational plans. These aren’t just cyber risks, they’re national security threats.
The DoD Zero Trust PMO has established a strong framework and clear use cases, with initiatives like FlankSpeed and COSMOS pushing adoption forward and reinforcing the urgency of a Zero Trust culture. The goal is clear: build an adaptive, risk-aware security posture that replaces perimeter-based defenses with real-time, context-driven decision-making.
That’s why a comprehensive Zero Trust approach is essential to defend against a range of evolving threats, including insider risks, supply chain attacks, and future quantum decryption threats.
These aren’t merely cyber incidents; they carry profound national security implications. Given that threats can originate from anywhere, the capacity to deliver adaptive access based on real-time risk signals becomes a critical defense mechanism. The emphasis here is on immediate, real-time response, rather than relying on downstream post incident analysis and remediation.
Zero Trust must go beyond identity and access control. It must encompass continuous verification, rapid threat containment, and full-spectrum data protection. The mission fails if user access is secured but the data is compromised.
Netskope says it addresses 83 percent of the Zero Trust pillars: verify explicitly, use least-privilege access, assume breach. What is the Zero Trust Engine?
The Netskope Zero Trust Engine is not just a framework, it is a real-time enforcement system embedded within the Netskope One Platform running in Netskope’s GovCloud. It continuously analyzes identity, device posture, behavior, content, and context and many other attributes to make dynamic access decisions at scale.
This engine inspects massive volumes of SSL/TLS traffic and fully decodes JSON which is essential for understanding activity within cloud apps and APIs. Unlike legacy tools, it goes beyond basic allow-or-deny policies, enabling granular adaptive access controls over users, data, network, apps, workloads and actions in a way that aligns directly with DoD Zero Trust objectives.
With integrated policy enforcement and decision points, it enhances resilience, performance, and automation, securing mission-critical data, all in real time.
There is nothing in the industry quite like it.
In addition to the benefits you described, what other gaps from traditional ZT solutions does the Netskope Engine address?
Traditional Zero Trust Network Access, known as ZTNA, and network security solutions fall short when it comes to modern, cloud-native threats. Mission systems today rely on cloud services, real-time collaboration platforms, APIs, and encrypted traffic flows. This is where Netskope stands apart.
Most other solutions, including some ‘modern ones’ can’t scale inspection across encrypted traffic without performance degradation, nor can they parse structured data formats like JSON. Netskope does both.
That means Netskope can detect exfiltration attempts hiding in plain sight, like sensitive fields in API calls, cloud uploads across instances or chat messages, where others simply can’t see. And we do it with inline, real-time policy enforcement that respects operational performance and mission timelines.
This level of data awareness is what closes the gap between theory and execution. It ensures operational continuity, confidentiality, and resilience in real time, without getting in the way of the mission.
Furthermore, in a ‘capture now, decrypt later’ threat model, where adversaries harvest encrypted data for future quantum decryption, choosing a solution that can inspect encrypted traffic today is non-negotiable. If your solution can’t see the data now, you can’t protect it from tomorrow’s adversaries.
Netskope was built to handle this challenge as a foundational policy enforcement point enabling adoption of advanced capabilities such as AI enabled dynamic access controls from day one.
Can you talk about how it’s being used now in the DoD? Can you quantify the efficacy of your system?
We see a shift from traditional perimeter-based security to cloud scale policy enforcement point that delivers both security and networking functions. Today, our US Government customers utilize Netskope’s Cloud Access Security Broker, Next-Gen Secure Web Gateway, Remote Browser Isolation, Cloud Firewall, Zero Trust Network Access, Digital Experience management, Analytics, Posture management and Cloud Exchange. These integrated modules and interoperable components allow the DoD to evolve its Zero Trust solutions incrementally. There are many more services, but these address 83% of the Zero trust pillar activities.
Operationally, the implementation covers adaptive risk and trust-based access, alongside a mechanism to identify and authorize users and devices. Netskope then applies policy-based security controls at the data level, ensuring secure and rapid access to appropriate applications and data while orchestrating risk-based access from context gathered around users, their actions, devices, network connections, applications, and data.
This context allows for risk evaluation relative to data context, enabling flexible control over outcomes. Adaptive, risk-based policies are then automatically enforced and adjusted in real-time in response to changes in context.
Today, Netskope GovCloud delivers the industry’s leading SLA for Availability, Processing for both encrypted and decrypted traffic and Efficacy, ensuring that its low latency security inspection never impedes critical missing workflows.
What should be the takeaways from this Q&A?
Zero Trust isn’t a checkbox, it’s a fundamental shift in how the DoD must operate to ensure mission assurance in contested, interconnected environments. But Zero Trust without data protection is a half-measure.
The DoD needs a scalable, real time Zero Trust platform that works today, but is architected for the threats of tomorrow. Netskope is that platform.
We’re actively deployed in the DoD, delivering policy enforcement, data protection, and telemetry at cloud scale. As I mentioned, our platform supports 83 percent of the DoD’s Zero Trust pillar activities, operational today and extensible tomorrow as the threat posture changes.
We enable real-time inspection of encrypted and structured cloud traffic, not just traditional web or email flows. This extends to any web application and some end to end encrypted applications.
Netskope’s open framework provides the ability to share bi-directional threat and risk information across ecosystems; this is used for real-time policy enforcement and real-time dynamic adaptive access controls.
Finally, and critically, as the quantum era approaches, we help defend against “capture now, decrypt later” threats.
Only Netskope is designed from the ground up to secure data, users, and applications everywhere, without compromise.
For the missions of today and the threats of tomorrow, Netskope is the right choice for the modern military.