Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Mar 28 2025
Security

Inherited Controls Simplify Cyber Compliance

Sandia National Laboratories’ zero-trust policy gateway has caught the eye of the National Security Agency.

Sandia National Laboratories’ holistic approach to zero-trust security makes cyber compliance easier by allowing controls and capabilities to be inherited, according to the organization’s chief solutions architect.

Speaking Tuesday at the Zscaler Public Sector Summit 2025, Scott Stephens said Sandia Labs transitioned from traditional, on-premises identity management systems to cloud identity management and began leveraging conditional access.

Those policies were integrated with Sandia Labs’ zero-trust policy gateway, stood up by Zscaler, and its endpoint detection and response system so that controls will be inherited should it switch to a different vendor.

“Once you have these existing plans or these precedents, if you will, you can inherit those capabilities into all your downstream security plans,” Stephens said. “So, it’s kind of an amplification effect, once you get through the big hurdles of how to deploy security tools.”

Click the banner below to see how identity and access management can improve the user experience.

 

The Zero-Trust Policy Gateway Gains Traction

Sandia Labs’ zero-trust policy gateway gained the attention of the National Security Agency (NSA), which provides cyber direction and funding across the federal research enterprise.

“They’re the NFL,” Stephens said. “And all the sites are all of the teams.”

The NSA is disruption- and results-oriented and schedule-driven, providing sites with guidance in the form of zero-trust roadmaps, architectures and lessons learned. Only by knowing where sites are headed on their zero-trust journeys can the NSA effectively invest in their projects, Stephens said.

DISCOVER: Predictive AI is essential to zero-trust security.

Allowing UX to Guide Your Zero-Trust Journey

Sandia Labs is currently working to consolidate unclassified networks and storage technologies and implement access controls.

“You’re only seeing what you’re allowed to have access to,” said Jason Crenshaw, director of information security at Sandia Labs.

The goal is for identity and access management to feel seamless.

“When we’re looking at technical roadmaps or innovation pipelines or just movement in general, we try to look at four major areas,” Stephens said. “And user experience is always first.”

Marketing and business analysis sets the stage for user experience, while the second focus area, service value, is concerned with costs and technology business management.

The third priority is business continuity, ensuring that everything is up and running at the proper funding level, and the fourth is security.

“We integrate security throughout the pipeline, from the discovery phase to the implementation phase to the release phase,” Stephens said.

UP NEXT: The FDA took a big step forward with its Electronic Submission Gateway.

Photo courtesy of Sandia National Laboratories