Zscaler 2025 Govt Summit Recap: Govt Modernization, IoT Security, Zero-Trust
The government is lying, it has Zero-Trust!
Yesterday (Tuesday March 25, 2025) I attended the morning session of the Zscaler Public Sector Summit in Washington DC. Zscaler is a cloud security company that provides secure access to applications and data from anywhere in the world, operating under a Zero-Trust security model that seeks to replace traditional “hub and spoke” VPNs and Firewalls. In this article I’ll be going over my top 3 takeaways from the conference:
Modernizing the government is critical, challenging, and costly
Billions of IoT devices are vulnerable to threats
Zero-trust is facing increased investment and adoption from commercial and government customers
Modernizing the government is critical, challenging, and costly
Efficiency is a term often thrown around among IT leaders (and leaders in general) as they analyze the performance of their organization. A big learning point from this panel is to get past the narrow focus on reducing costs (in order to achieve an “efficient organization”), and instead look deeper to understand how end users (customers) are affected. Does switching to a cheaper software provider reduce costs and as a result makes your product worse off? Or does it reduce costs, while maintaining the same user experience, or even better, helps streamline your product?
These are the questions that government IT leaders are asking. How can I solve for cost, user experience, and operational performance? All of the panelists believe that government modernization is happening, and will continue to happen through the decade. The big challenges that organizations will face include upskilling workers (as the technology they built expertise in gets replaced), convincing agency adoption, and executing on fast iteration.
Billions of IoT devices are vulnerable to threats
Jeff Berlet, Technology Director at Peraton, raised an alarm that the 75 billion IoT devices forecasted to be in use in 2025 will pose a massive security vulnerability. The majority of IoT devices have lax security and lack the computational power to run cybersecurity software. From Zscaler ThreatLabz’s 2024 Threat Report, their data shows that manufacturing is the most targeted industry for IoT threats.
By drilling down to the number of unique devices per vertical, Manufacturing again comes in on top. Manufacturers have a big appetite for IoT devices including sensors, equipment and robotics.
These charts only show a small snapshot of the problem, which can be compounded as autonomous IoT devices get introduced to the market. I think this is will be a big theme looking ahead and lot’s of companies (including Zscaler) will offer a competitive security solution.
Zero-trust is facing increased investment and adoption from commercial and government customers
Zero-Trust is seeing real customer adoption. Customers from both the commercial side and government side are making serious investments in rearchitecting their security systems towards a Zero-Trust model. Presenters from Sandia National Labs mentioned they were aiming to replace 90% of their internal firewalls rules, most of which were stood up as an easy solution to “protect” new apps. Maximus CDIO, Derrick Pledger, saw immediate benefits from adopting Zscaler’s platform to gain deeper visibility into the physical locations of ephemeral (temporary) workers. By the nature of Maximus’ business (government contracting), ephemeral workers needed to reside in a specific jurisdiction (e.g. Florida). Maximus faced a problem where workers would lie about where they reside, and sometimes even used VPN spoofing to mask their true location. With Zscaler’s BYOD (Bring Your Own Device) platform, Maximus was able to uncover the true location of their employees and align themselves with regulation.
I’ll close by saying that with AI at the forefront of new innovation, new security systems are going to be stood up. These autonomous systems are going to be critical to secure in the next decade, for commercial + public sectors, and requires completely new tooling to get the job done. Zscaler has focused on integrating the Zero-Trust design methodologies into the AI arena by applying it’s Zero-Trust Exchange towards AI workloads. Looking forward, Prompt Injections (malicious prompts to LLM to manipulate its behavior) and Data Exfiltration (sensitive information leaked to LLMs) are security themes to keep track of as this technology evolves.
As always, please leave any thoughts/questions below. Thank you for reading and see you in the next one! Cheers - Bryan
