In the public sector, and for defense agencies specifically, mission analytics can be the difference between success and failure. Without real-time access to intelligence data, teams on the ground may be unaware of threats, targets, or other critical information required to carry out missions.
To meet this growing need, the Department of Defense’s Joint All-Domain Command and Control (JADC2) strategy demands that data analytics capabilities traditionally confined to enterprise environments be pushed closer to the tactical edge, where forces operate in disconnected, denied, intermittent, and limited (DDIL) environments.
In practice, this means equipping deployed teams with tactical kits, which are lightweight systems that can generate, visualize, and share intelligence data for mission-centric awareness and communication. Since these kits operate in DDIL conditions and often handle highly sensitive information, controlling access while maintaining operational effectiveness is both a necessity and a challenge.
Implementing a zero trust architecture at the tactical edge is therefore critical, but also presents a unique challenge: controlling access while maintaining operational effectiveness in resource-constrained environments.
In this blog, we’ll look at how a real public sector agency struck the balance with advanced governance and provisioning capabilities that ensured mission-critical data delivery, with no security or compliance gaps.
To understand how zero trust works at the tactical edge, let’s examine a DoD systems integrator (SI) that required zero trust capabilities in its tactical kits.
The core challenge centered on implementing attribute-based access control policies for mission analytics, while maintaining the security posture needed for military operations. A successful solution had to support custom, mission-specific identifiers and adapt to the organization’s internal data classification frameworks.
However, standard enterprise data governance platforms could not effectively address these requirements due to a lack of granularity, flexibility, and on-demand monitoring of controls – particularly as demands scaled. This was complicated by the fact that, using the MITRE Tactical Edge Characterization Framework, the SI’s deployment spanned:
Therefore, the tactical kits needed to process sensitive mission data while ensuring that different force components could access analytics based on their specific clearance levels and operational need-to-know requirements.
Immuta’s deployment architecture centers on K3s clusters – lightweight Kubernetes distributions optimized for tactical environments – combined with Trino SQL federation for cross-source data integration. Since K3s are streamlined and optimized for resource-constrained environments, the DoD SI found them more practical than large-scale K8s, which are more complex and resource intensive.
Combining Immuta with Trino SQL enables comprehensive data discovery and classification using custom military identifiers, while maintaining zero trust principles throughout the data access chain. Users simply connect Trino to their visualization tools and user identities, and Immuta enforces policies seamlessly on the data they query – with no workflow changes or performance impacts.
Immuta was uniquely positioned to deliver this solution due to its distinct capabilities for:
This agency – like many in the public sector – has highly specific and sensitive data types. Therefore, typical classifiers may not fully cover the contents of its datasets.
Immuta offers a more nuanced approach, supporting 60+ prebuilt data classifiers, as well as the ability to define custom classifiers designed for military operations. The platform’s automated sensitive data discovery identifies and tags sensitive information across military data sources without manual intervention, using those classifiers as metadata.
At a tactical level, the classification system operates through three phases:
For military applications, this system automatically identifies mission-critical data, understands its operational context within specific domains, and applies appropriate security classifications without impacting analytical workflows.
This capability proved critical for the DoD systems integrator, enabling custom tagging frameworks that align with its specific mission requirements and internal classification standards.
Why it matters for you: The ability to automatically find and tag sensitive data provides confidence that you’re working with appropriately classified intelligence, minimizing the risk of exposure and accelerating analysis under mission timelines.
Immuta’s domain-based architecture enables organizations to constrain user access and organize data sources by operational domain. Domains can be configured manually or dynamically using tags, allowing for flexible assignments based on mission requirements, unit affiliations, or operational phases.
This addressed a critical requirement for the DoD systems integrator: ensuring that ML models and AI agents access only data appropriate for their specific analytical functions. Each domain maintained its own policy management structure, enabling different force components to manage access controls for their specific data holdings – without compromising enterprise-wide security standards.
This federated governance model proves essential for tactical operations where centralized policy management may not be feasible due to connectivity constraints. It also puts the responsibility of access management in the hands of those who know the data best, so access decisions can be made swiftly, efficiently, and safely.
Why it matters for you: Each unit is only allowed to access the intelligence relevant to its mission role, reducing decision latency and preventing cross-unit data leakage in the field.
See how to scale data use with domains here:
Immuta provides real-time monitoring and unified audit capabilities, which are essential for maintaining operational security in any industry, but particularly in the public sector.
With Immuta, the SI was able to automatically track user activity metrics and create observations when behavior exceeds configured thresholds. For military applications, this enables detection of:
Immuta’s audit dashboard also provided near real-time visibility into data access patterns, query sensitivity levels, and user behavior across all tactical systems. This capability enabled mission commanders to maintain situational awareness of data security posture while ensuring that analytical capabilities remained available to support operational requirements.
Why it matters for you: You’re able to gain situational awareness in your environment, but also with regard to your security posture. This helps ensure analytics remain available without introducing new vulnerabilities.
In tactical and classified missions, external connectivity cannot be assumed – or trusted. The systems integrator addressed this by deploying Immuta in a fully air-gapped configuration, ensuring that tactical kits operated independently of enterprise networks.
Using container artifact transfer and policy-as-code deployment, the DoD systems integrator could pre-configure tactical kits with appropriate security controls before deployment. Data governance teams could then adapt policies as missions evolved, without requiring external connectivity or exposing sensitive infrastructure.
Why it matters for you: Air-gapped deployment enables mission teams to operate securely in hostile, denied, or disconnected environments, maintaining both operational independence and rigorous data governance standards. This helps ensure that missions continue under any circumstances, without compromising security or compliance.
The DoD system integrator’s deployment demonstrates that zero trust operations are not just possible at the tactical edge, but are also essential for mission assurance and success. By combining sensitive data discovery, domain-based access control, continuous monitoring, and air-gapped deployment, this architecture transforms data from a potential operational constraint into a mission enabler.
The result is accelerated decision-making based on comprehensive data analysis, improved situational awareness, and greater resilience in DDIL environments – all without compromising security. For defense organizations tasked with balancing operational effectiveness and compliance, this architecture allows sensitive intelligence data to be leveraged where it matters most: in the hands of the people who need it, when they need it – no matter how complex the environment.
Go deeper into zero trust architectures and implementations.
