Chuck Brooks, President of Brooks Consulting International Shawn Wells, Managing Director for Cybersecurity Strategy and Technology at Accenture Federal Services Gregory Garrett, VP Cybersecurity at Peraton Herb Kelsey, Federal CTO at Dell Technologies Eric Schlesinger, Operations & Engineering VP, Cyber Security at Parsons Tom Van Meter, Senior SE Director at Juniper Networks will discuss how organizations can satisfy federal safety mandates with zero trust.
Corey Baumgartner
Welcome back to CarahCast the podcast from Carahsoft, the trusted government IT solutions provider subscribe to get the latest technology updates in the public sector. I'm Corey Baumgartner, your host from the Carahsoft production team. On behalf of Juniper Networks, we would like to welcome you to today's podcast focused around how the technical community can assist the Government to satisfy federal mandates with Zero Trust. Chuck Brooks, president of Brooks consulting International, Shawn wells, managing director for cybersecurity strategy and technology at Accenture federal services. Gregory Garrett, VP of cybersecurity at Paragon herb Kelsey, federal CTO at Dell Technologies. Eric Schlesinger, operations and engineering VP of cybersecurity at Parsons and Tom Van Meter, senior SDE director at Juniper Networks, we'll discuss how organizations can satisfy federal safety mandates with Zero Trust.
Chuck Brooks
Welcome, everybody. We're gonna be talking about Zero Trust and its implications, particularly to federal agencies, but also how the integrator community thoroughly integrated community deals with some of the challenges with Zero Trust. We have a really illustrious panel. And Janet, you said luminaries and they certainly are, and I'm just going to read their titles. You'll recognize the company's two. We have Shawn wells, manage director for cybersecurity strategy and technology and Accenture federal. Gregory Garrett, Vice President of cybersecurity at peloton, Herb Kelsey, federal CTO at Dell Technologies. Erickson Schlesinger operations and engineering, Vice President cybersecurity at Parsons, and Tom Van Meter, senior SC director at Juniper Networks, I would like to introduce Tom to give us a framework of what exactly Zero Trust is and what's in the government mandate. So then we'll be using this this discussion that he's providing us to go into the nitty gritty of it with our panelists. Tom, let me turn it over to you.
Tom Van Meter
Thanks, Chuck. And welcome, everybody. Zero Trust is a data centric design philosophy or strategy, if you will, to design secure networks. A properly designed Zero Trust network provides authenticated and authorized access to resources. And so when we talk about resources, we're talking about maybe raw data, or a server or an application. And when we talk about authenticated unauthorized access, we're saying that whoever or could be a device like a security camera, whatever wants to access that resource, they have to prove they are who they say they are. And then once they prove that who they are, they don't just get access to the resource, they have to be authorized to access the resource. So let's say John Doe, or Jane Smith uses a cakra pin to authenticate who they are. Just because they're John Doe, or Jane Smith doesn't mean they get access to the resources, they actually have to go through a policy enforcement point that authorizes and validates that they are allowed to get to that resource. Zero Trust is really the next step in securing the nation's cybersecurity infrastructure. So back in 2014, NIST published the cybersecurity framework, the updated in 2018. In 2020, NIST published 800 207, which is the Zero Trust architecture document. In 2021, President Biden signed the Executive Order 14 Oh 28 on improving the nation's cybersecurity. And one of the key things in that Executive Order was direction that federal civilian executive branch agencies implement Zero Trust architectures. And then, in 2022, the Office of Management and Budget, published a memorandum on federal Zero Trust strategy. And it identified a series of specific milestones that need to be accomplished by the end of fiscal year 2024. And they laid those milestones out in accordance with the CISA Zero Trust maturity model. And they had like five pillars that they talked about. So identity and devices and network, and applications and data. Your trust itself is a change of mindset. We're all used to a perimeter and in the perimeters of security stack. And once we get through the security stack, we have implicit trust everywhere in the perimeter and that's we can go anywhere because we've been validated by the edge. Zero Trust is a mind change and it revokes the concept of implicit trust and it requires explicit trust to access anything. The way in which we do that is we group together resources that share common are similar security requirements. And we surround those with a small perimeter. We're going to call that a micro perimeter. And then we'll put a policy enforcement point in that micro perimeter, so that anything or anyone that needs access to the room source inside that micro perimeter gets authenticated and authorized, when we're all said and done, we're going to have an outer perimeter with a security stack on the edge of it. And then inside that you're gonna have a backbone that interconnects a bunch of different micro perimeters, if it helps to think about it this way, think about like an airline, or excuse me, an airport, and you've got a series of gates and the resource you're trying to get access to with the planes. And the gates to get into the plane is the policy enforcement point for each micro perimeter, and then the TSA security checkpoint to get into the concourse. That's the outer perimeter and the concourse connect interconnects all of the micro perimeter. So that's, that's a good analogy, if you want to think of it that way. Once you've got that design put together, remember, you have to constantly monitor and maintain visibility, what's going on in the network. And then you need automation to be able to dynamically change your policies based on what's going on in the network. So hopefully, that's a good quick summary of overview. Back to you, Chuck.
Chuck Brooks
Yeah, thanks, Tom. It's, I think, simply put, it's a trust no one no thing and continually verify, to take now that Tom's framework and actually put it into what it means in the federal agencies and with our federal system integrators. I'm gonna start with Shawn first. And, you know, what is your what are your thoughts? How does Zero Trust impact federal agencies? And actually, how does it impact the VAR? Federal system integrator and OEM network to that has to deal with these agencies?
Shawn Wells
So on, the how does it impact the government agencies, it's, I think it's nice that we're finally preparing on how to implement progressive safeguards, whether we call them layers, but or terminal, the TSA analogy, the idea is we're starting to shift towards quite a bit more discoverability. And governance, where we are using the automated discovery tools to identify, manage and manage endpoints software network, and all that swelling. Good. But I'll we're starting to see, at least at Accenture, a shift towards application centric design pattern, its meaning, we are fundamentally trying to encrypt data in computation while it's being accessed while it's being transposed across the network. And for the first time, that holistic view of security is being pushed down to the developer of how to implement the identity progressive safeguards, how to implement shared services. And it's been a really interesting dynamic in that classically, a lot of the security has been focused on the Cisco, setting up the organization setting up auditing, setting up fighter scorecards. And what we've started to see for the first part of the question is actually a push towards more of the CIOs and CTOs being accountable for layered progressive design patterns more so than we have in the past.
Chuck Brooks
That's interesting, you really do bring that it's a change of policy, then to looking at where you're integrating all those elements rather than just the CISO, which is really good insights. Appreciate that. Herb, I'd like to ask you the same question, particularly from the DoD perspective. I know you do a lot with that agency.
Herb Kelsey
From the DoD perspective, I think, one is to realize that, that they've consolidated their Zero Trust activity into a portfolio office that sits in the CIO. So they're trying to centralize their understanding of how they want to approach this, you know, the next thing that I would say is that, you know, they've been asking us to help them create a, a technology footprint that they can repeat so that they can ensure that they don't have drift in the implementations that they're seeking. And so we're trying to help them with that, so that they can apply these security measures in an automated fashion, use the AI and machine learning from what goes wrong to better inform their policy decisions. But what they're really looking for is the ability to have a repeatable blueprint, a repeatable implementation that they can, that they can spread far and wide. Because their concern is, is that if they if they don't have that kind of control within that architecture, they'll get drift and they'll get exposure. So, you know, that's how I see them approaching it. We're trying to help them with that in a variety of ways. But that's really the impact that I see for them. They're using it as a consolidation as a mechanism to consolidate.
Chuck Brooks
And you mentioned, also the automation aspect of it too, with machine learning.
Herb Kelsey
Yeah, absolutely. I mean, you know, insecurity, we have a scale problem that's at least from a technology perspective, that's where I look at it. We know what to do. We just don't have enough arms and legs and minds to actually act CQ it flawlessly every single time that we have to. So part of what Zero Trust talks about is automating and orchestrating those policy decision points and those policy enforcement points. And so it's applied consistently. And that's the automation. And what we're hoping is that the infrastructure can give us good information, so that we can use machine learning models to supplement what human beings would do to make better, progressively better and better decisions as we get attacked. And as we learn about what the bad behavior is, and so there shouldn't be a virtuous cycle in there. And that's part of that reference architecture for Zero Trust. And certainly, with the announcement of a data and AI portfolio office within DoD, they're believing that they can make some headway in that regard as well.
Chuck Brooks
Things are Gregor Gregory? I'm gonna go actually to you on the next question with and you may also want to speak a little bit, this sort of ties into a to your, your center of excellence that you have create in your in your white paper on Zero Trust as it fits in. But the question is, how does a company or an agency map to what they have already accomplished the Zero Trust framework, so they can discover any other potential gaps that might be in the network?
Gregory Garrett
Chuck, it's both a privilege and a pleasure to join it today and the distinguished panel. It's an excellent question. It's an ongoing challenge for the government agencies. Essentially, as you know, every CIO, Cisco CTO is dealing with sort of a technology, patchwork quilt of hardware and software today, each agency is unique from a threat profile, their technology investment, and they're looking to try to find what's the right solution that will work for them, too, as Tom just spoke to earlier, address these various design tenets that are included within the Zero Trust concepts. And I think, you know, a lot of agencies are struggling because right now there's a lot of companies pitching that their software will provide a Zero Trust panacea. And so you know, as a systems integrator at peloton, what we've done is to try to spend time with as many of the different partners, whether it's cloud service providers, cloud access security brokers, major software providers, to actually vet their software. We've created a Zero Trust ecosystem, a test lab, to be able to bring all the different vendors capabilities in, whether it's their identity, credential, and access management, whether it's companies like Okta or cyber Ark, bringing in various cloud-based internet isolation capabilities, like Menlo security or Z scalar, and their Z scalar. Internet access, or Palo Alto Networks, as herb and others talked about with their cortex, XDR, and their XOR, their security orchestration and automated response technology. Because at the end of the day, people want to know that it'll work in their environment, that it's compatible with their systems. And they want to know how they can optimize their overall security, and in a way that aligns with the design tenants that Tom laid out earlier. And I think that's the big challenge. And so what we're trying to do is help educate people, both internal to our company, as well as our business partners, and our customers, as to all the different technology solutions that are out there. When I talk to clients, you know, my conversation is, we're playing a game of chess here. And it's really a multi-dimensional all technology all domain game. And it's a high stakes game, right? And so we're trying to figure out the best way to help our clients win this game. And it's a big challenge for all the agents.
Herb Kelsey
I'd like to extend that add to that mean, we're being asked to do the same thing. And so, you know, Dells making a fairly considerable investment in a center of excellence for Zero Trust that will allow our customers or our federal customer to see the interaction at an enterprise level at an edge level and at a tactical level. And just as you said, their concern is being able to validate that those workloads can function properly. And the key is if we can accelerate that understanding by Giving them a quote prebuilt Zero Trust environment of the 20 or 30 ecosystem partners that it takes to build that. That's a tremendous accelerator for them tremendous advantage. And as I said, that's work that that that we've been asked to support. And we've been investing in supporting that on behalf of the customer.
Chuck Brooks
Great, both your Centers for Excellence seem to be also, you know, security by design and education, and orchestration. So it's a, I'm glad you're both doing that. As we know, this Zero Trust, involves many votes, many vendors, it's we're all in it together, like assurance, it's holistic. So the more we're working together, the better along that line, I'd like to move to Eric, actually, how can the technical community assist the Government to satisfy the federal mandate? And also, I'd like you to work in the growing attack surface on this because that's an issue to particular Ukraine, Russian conflict going on in our critical infrastructure at risk?
Eric Schlesinger
Sure, no, great question. So I would go back to what Tom said earlier around, you know, we have to abandon sort of traditional models, the idea that perimeter security, and just you know, Endpoint Protection isn't enough, right. And even the concept of layered security, right isn't enough, right. So I think it's a cultural one a mind shift to start with, when it comes to helping sort of translate, you know, the hundreds of pages that come out from NIST, I love all their publications, but you have to have, you know, a doctorate in order to sometimes translate that into real actionable intelligence and the ability to take that and drive behavior, right. But it really starts in a culture change. And I think shifting from that old school sort of perimeter defense into these micro segments, or managing your blast radius starts with realizing that trust is really just another vulnerability that a threat actor can exploit, right? If you can take the idea of micro segmentation and dealing with your blast radius is, and flip that where your model of Zero Trust is, is to take those communities, right, those little communities that are supposed to be empirically trusted, and then allow that to grow. Then through those machine learning those things, that's where Zero Trust can come into play, because you open the aperture slowly versus giving everything to everybody from the beginning. Now, when it comes to how the technical community can help our government partners, it's really to avoid what I consider is the buzzword that is true Zero Trust, I think it's, it's, it's somewhat scary, it's daunting, depending on how you market it and how you pitch it. It could be somewhat well called employee or employer not friendly, right? It feels like to a developer or to the community, it could be something you're taking away, it could mean that they take it as a you don't trust me to do my job, it could be, you're gonna make my job harder, right. And so where we can come in, is really taking our expertise and our partnerships with our vendors and other areas, people in this industry, and being able to bring sort of what I consider a bullet proof set strategy, which translates not to just putting in a technology solution that claims to be Zero Trust, but they put it in because we know it offers Zero Trust and then be able to show and partnership how to prove or validate that it meets those guidelines, right. So it's not a matter of just plugging something in and setting it forgetting it. It's really being consultative and advisory to make sure we can show how it's meeting those mandates.
Chuck Brooks
Good insights there. Yeah. So this is really a process. And I think we're gonna be learning from the process as we go along. But I'm actually surprised how fast it's being adopted already in the federal government, which seems to be unusual, considering how government usually moves much slower. But so this next question is really for everybody. I'd like to get your thoughts on, who should be responsible for implementing Zero Trust? Should it be the CISO, the CIO, the CTO, the CFO, the C suite? And along those lines, it's not just who's responsible? Is it? What are those challenges that will require whoever is responsible to address and why it shouldn't be that person or persons? So I'll start again with Shawn on that, since you brought it up initially too.
Shawn Wells
Yeah, you were trying to lead the witness. I'd argue there's kind of like three, at least three principles. The first that we've all been tap dancing around as the perimeter is dead, and firewalls and VPNs. Don't protect network anymore. So the idea is, as agencies are moving to cloud, native infrastructure, cloud native applications, there's almost a need to dynamically reconfigure based on users and trust scores and optimization, which arguably is a technology problem. So in the concept of perimeter being dead, we're often leaning into CTOs to reevaluate their architectures. There's kind of the second tenant where the compromise must be assumed. So if intruders are omnipresent, they're aggressive. They're agile, they're nation states. Basically, defenders have to lay the foundation in a independent and autonomous way. So oh, that could be dynamic threat analysis that could be risk models have multiple attack vectors, and CISOs are largely leading this conversation. And maybe, lastly, there's this third element of, you know, data is truly what counts. So devices, even internal devices can be friendly, one minute and hostile the next. So what we're really, ultimately protect, protecting is our sensitive data and the intellectual property or the classified data, not necessarily the device themselves. And that conversation lends itself to the chief data officers. So it's, it's really energizing. For the first time we're able to say, no, this isn't a CTO problem. And it's not a Cisco problem. And it's not a Data Officer problem. How do we run a strategy that involves all of us together? So there's, there's been very few, I guess, as a personal opinion, very few forcing functions for all of these individuals to work collaboratively together to issue guidance on how they're going to meet OMB, or Sousa or executive orders. So I'd say between these three principles, the perimeters, dead, compromise must be doomed. And data is truly what matters. It's everybody as a collaborative forcing function.
Chuck Brooks
Herb, do you want to add to that?
Herb Kelsey
So I'm going to, I'm going to add a little bit of a contrarian opinion. But I think the reason will be clear, within government, and especially within government, it's the CIO. And it's because they control the money flow for technology. And especially within DoD, where that's not as true where the technology is deployed as part of a weapon system. I see this as an opportunity for CIOs in DoD, specifically, to start to control the budget flow. And ultimately, I really like Shawn's points, and I agree with them. But I think at some level, it's still got to be the CIO to control the budget to ensure that the AI isn't taken off the ball.
Chuck Brooks
Good points of now, Gregory. And Eric, if you want to answer and then we'll get to our next poll question.
Eric Schlesinger
Yeah, I can jump in real quick. I mean, I think, to Shawn's point, right. It's a group effort going forward, because it is an all-encompassing sort of strategy. I think. However, it's a cultural change for any agency or any company, it's one thing to say we want to do that. And I think it really comes from top down. So there may be a desire to get to a Zero Trust architecture or strategy. But there's got to be clear direction that funnels from the top down, that allows then the employee base to understand the what and the why so they can embrace it, because there's a lot of well call security debt out there. When it comes to existing infrastructures, that employee, you know, every time you make a change, it has a downstream impact. Sometimes it has an upstream, but mostly downstream, that affects the people using it. And so it's got to be a conversation around a cultural change that comes from many different C suites. But it has to be pushed from top down as it not a desire but clear direction.
Chuck Brooks
That makes a lot of sense. Gregory, do you want to also comment?
Gregory Garrett
Yeah, I'd be happy to, I think one of the complexities that federal government agencies deal with as well, is the federated environment, because often I find the headquarters CIOs, who are basically enabling policy, but the implementation is done at a specific center or an institute, or I'll say, a field organization or field command that has their own separate CIO, and sometimes their own separate budget. And so you know, it's a lot more complicated. So the general response is, yeah, everybody plays a part. Absolutely. And so every time I work, a transition for a client, I'm talking to all the C suite members, you know, around their aspect of this challenge, and what needs to be done. But at the end of the day, you have to look at that individual agency, because some of the agencies are so federated with different components. They have multiple CIOs, they have multiple CISOs. And they have very diverse budgets. So candidly, you know, that's why I often like working with state and local governments, because they're a little bit easier to deal with. They tend to operate more commercial like, and they usually have a single belly button that you can go to, which is usually the CIO to work through the challenges. That's just my observation.
Chuck Brooks
It seems like you all have that operation that it is culture these agencies that determines what happens And, in any event, it seems Zero Trust involves more elements. And it did than any other policy has in the past, relating to security. The next question, I think, is really a question that always is really been perhaps one of the biggest challenges in government itself for a lot of reasons. So it's also going to be challenged with Zero Trust. And the question is, how can you integrate Zero Trust with legacy technologies? It's not just the technologies, the programs, policies, technologies and people to, and again, I'll open this up, and maybe we're reversing here. Now. Eric, do you want to go first on that?
Eric Schlesinger
Yeah, sure. So what's nice is, and usually this is from the NIST publications, they don't tell you how to do it, they just give you guidance on what you should consider or what you should do in order to achieve said, compliance mandate. And the same goes with the Zero Trust here, right. So the nice thing is, it is a security strategy, where you can look at your existing investments, you can look at what you've done to harden your environment already. And you can layer that on top and look at ways to translate what you've done already, with your existing investments into a Zero Trust strategy. It's easy to find what covers down and what are the gaps, and then you can go from there, a lot of it much like most of this type publications come down to policy. So how you how you implement and how you execute, and then you layer on the technology with it in order to achieve the Zero Trust strategy. So I wouldn't say that every investment and every legacy infrastructure can be made or forced fit into it. But there's a good chance you can massage what you have there. And in order to find and achieve progress in order to take that forward. Right? It's a journey, right? It's a marathon, it's a you know, I'll give you all those bad analogies, right? It's not a sprint, it's a marathon, you can't flip the Zero Trust by pushing a button. But once you start, you can start to it's sort of like an avalanche, right? Once you a couple of snowflakes here and there and you can get some momentum. And you can see that material progress and start you know, sort of inward and work your way out. As opposed to the old way of putting a firewall up, we go back to the perimeters work in, start from your critical assets, the crown jewels, put those micro segments, put those contain that blast radius, worry about the data there, make sure that's where you've applied your most restrictive Zero Trust strategies, and then work your way out through those gates to basically to reverse what Tom said, take it from the plane and work your way out from there to your car, right. And so get in a sense, you know, get more trust as you walk your way out. But I guess the tie a bow around it, odds are, it's pretty, it's not hard to take what you have and start to translate it in and take and take a first step.
Chuck Brooks
That's good to know. And it's encouraging. Gregory, do you want to go next on that?
Gregory Garrett
Yeah, I think Eric is absolutely right. I think it's working from the inside out. But I'd like to point, you know, to the audience, that there's a lot of good documentation that the government has developed a sort of starting points to assess where you are, I mean, I would point people to the CIS Zero Trust, maturity model. I think that's a good starting point. And also point people to the DoD Zero Trust Reference Guide, which I think has a lot of good, here's how you can do it without being overly specific on technology. I also, you know, want to compliment GSA that put out a I think, fairly early on a buyer's guide, and a five step basic methodology that mirrors a lot of the key components that Eric said, I think the key is to really do an honest assessment, not a, I'll say, what people would like to hear, but an honest assessment of where are you from a cyber defensive posture, and then look at the specific Zero Trust design tenets, that are called out in the NIST 800 207 document. And say, you know, do we have the policies, do we have the capabilities, how are we you know, implementing this today, and do an honest assessment of that and their level of maturity and then decide to take a phased approach with a certain area or aspect of the organization, not try to, you know, implement this on a whole scale, all domain all technology approach, right. You know, it's like, you know, creating a agile process approach where you're doing you know, Sprint's on a limited basis, over a period of time to try to figure out a evolutionary path rather than a revolutionary path to get to Zero Trust.
Chuck Brooks
I can see how important strategy is and is in having that come to fruition. Herb, do you want to go next?
Herb Kelsey
Yeah, I think, you know, what we've been experiencing is that that gap analysis has to be candid. And the things that you can keep are the things that either adhere to that principle currently or can be readily adapted to that Zero Trust principle. But the things that you can't keep are things that violate that principle. And so it's not really a question of, you know, can you adapt this to your legacy environments? It's a question of, you know, what's the amount of friction to get what you currently have to adhere to the principle? Right. And that's kind of the shift that we were talking about earlier, which is, you know, this is a shift in how you approach it. And so it's a question of, you know, in almost any model, you know, is what you have adaptable enough to support the new activity. And if it is, you can keep it if it's not, you can't keep it. And that's kind of the process that we've seen going on, and the reference material that Gregory was speaking of is spot on, it's very helpful.
Chuck Brooks
It makes sense. And with all the emerging technologies coming in line, being able to adapt really is essential, you know, whether it be Zero Trust or whether it be any other implementation of a technology process. Thanks, Herb. Shawn?
Shawn Wells
Yeah, so for continuing, you know, the impact on DevOps process, I would argue that makes us fundamentally reliant on shared services. So we're starting to, for example, further control user access through dynamic trust, scoring, evaluating the state of the identity, the security profile, the behavior of the device. And if I have to do that, as an application owner, I have to be an expert on all these different things. Instead, why isn't there a single identity service that allows me to just say, should this person log on, and all the complexity of credential management trust scoring, profile evaluation happens on the back end. So it's pushing us towards somebody, usually the CIO or the CTO office providing prolific shared services, maybe it's protective DNS, which is one of the programs since it's rolling out, maybe it's truly the dynamic trust scoring of identity, which is a program that Bertman of energies rolling out. So that's kind of pushing us into new design pattern to focus more on the mission to be reliant on shared services. There's a couple of examples of that, you know, I think we've all mentioned ideas, but there's two interesting things maybe the attendees could learn about. The first is NIST has a program called Online informative references. And the idea is how do we start measuring in almost giving our auditors the ability to measure are we mature in our Zero Trust journey? So there's individuals Stephen Cohen at NIST online informative references who's actually coalescing a whole of government maturity model that allows us to incrementally measure, you know, do we did we just read the memo, all the way through? Can we get an A on our five-star scorecard for Zero Trust, and what controls at a organization level at a programmatic and even down to a technical level are being incorporated there? So while we're standing up our shared services and changing the way our DevOps team create buffers around their apps, simultaneously, we need to audit it. And what's cool about the NIST work is that they're doing it in automated methods. So for the question of like DevOps processes, usually you have some CI/CD system, continuous integration system. And for one of the first times, this does actually publishing controls, it's safe if you are using the I think it was Gregory, who mentioned like the Z scalars. And the Palos and the Okta is and the Linux is, wouldn't it be nice if there was an automated way to see if your technical controls are put in place in a machine code method? So for those interested, you can check out the NIST national checklist program as a way to increase the velocity of your DevOps teams, while ensuring you're staying within the guardrails of the Zero Trust controls?
Chuck Brooks
Great. Yeah, I'm a big fan of what they're doing, and particularly NIST, and this is a great checklist. We have time for one more question. And the question is sort of a multi-part question. How do the panel participants plan to help the agencies actually secure agency workloads to meet the Zero Trust parameters? Is the expectation that the CSPs, AWS, Microsoft, etc., will provide adequate security or is there another process and layer that should be implemented? And how will this work in regard to edge computing practices? Who wants to tackle that one?
Herb Kelsey
I'll go first because it's fairly straightforward for us at Dell, we are standing up that enterprise edge tactical environment at those different scales and form factors, connecting them with the network and allowing government participants to, to verify their workloads in those environments. So maybe it's heavy, enterprise centric, and they're just getting simple data from the tactical edge. How does that impact things? Or maybe they're pushing a lot of AI and ML out to the edge for whatever they're architecture reason, and they need to validate that scaling. And so, you know, for us, we're trying to provide a testbed for those workloads, and let them learn before they have to commit.
Chuck Brooks
Would anyone else like to weigh in that from the panel?
Gregory Garrett
Yeah, I would check. I think in a similar manner, in a similar approach at Paragon, we're working with customers very closely with proofs of concepts under OTAs, and other insurance transactional agreements, and various trials, to give them the opportunity to test the integration, the optimization of different devices in different scenarios, and be able to put, I'll say, a parameter around what extent they want to implement various different technologies and capabilities within their enterprise systems. So I think being able to help them provide a secure testbed a sandbox, to test the different technologies in a way that's not going to negatively impact them, but yet demonstrate the capability, the interoperability, the flexibility, I think those are all positive things that we in industry can do to help the government agencies which, you know, tend to be somewhat risk adverse when it comes to making significant changes in their technology stack.
Herb Kelsey
Oh, and also, they would have to use production resources. And that's really not available to them. And so there's some advantages that we have if we can take it out of band from them.
Gregory Garrett
And if I could just add, I mean, CISA, and DHS have partnered with the industry group, a Tarik and done a lot of demonstrations and viability tests, and some proofs of concepts with at least 40 or 50 major vendors over the past six months to try to demonstrate and provide proofs of concepts. I mean, I can't tell you, Chuck, how many times government agencies that said, Greg, don't come in here, you know, with a presentation or white paper, show me a demo, show me how you can make this work. Give me a proof of concept. Show me how you've done this for another government agency or a state and local government agency. And you know, don't want the dog and pony show, you know, show me the proof.
Chuck Brooks
That seems to be a trend now and all the agencies and it's really crazy to see with the knowledge base we have here that I think we will be able to implement Zero Trust in these agencies. With the talent and skills and knowledge of the companies involved. Were up in your time. This has really provided a great understanding of the challenges that they're facing and how they can be helped by the private sector. I also want to take this time to thank our, our really illustrious panel. It's rare that you get someone so many people that have so much expertise in one panel, and also are leading a lot of the Zero Trust movement within the agencies themselves. And that's Shawn Wells. Gregory Garrett hurt Kelsey Eric Schlesinger, in a cost Tom Van Meter for opening this up for us too. And I guess we have a couple minutes for any final thoughts from the panelists if they'd like to weigh in before we adjourn. Again, thank you for being here. It's a great panel.
Corey Baumgartner
Thanks for listening. And thank you to our guests Chuck Brooks, Gregory Garrett, Herb, Kelsey, Eric Schlesinger and Tom Van Meter. Don't forget to like, comment, and subscribe to CarahCast and be sure to listen to our other discussions. If you'd like more information on how Juniper Networks can assist your organization, please visit www.carahsoft.com or email us at JuniperMarketing@carahsoft.com Thanks again for listening and have a great day.