TL;DR: NGG is being positioned to support more than one million users across 187 Air Force bases, with AppGate describing identity-centric, least-privilege access for distributed and disconnected operations. The real issue is not perimeter removal alone but whether enforcement can stay close to mission execution without breaking continuity or segmentation.
NHIMG editorial — based on content published by Appgate: Zero Trust at mission scale with NGG
By the numbers:
- NGG is designed to support over one million users across 187 Air Force bases globally.
Questions worth separating out
Q: How should defence teams apply Zero Trust without creating mission bottlenecks?
A: Defence teams should keep policy enforcement close to the resource, scope access by identity and mission need, and test the design under degraded conditions.
Q: Why is identity-centric least privilege hard in distributed military environments?
A: It is hard because access must stay consistent across connected bases, remote locations, tactical settings, and classification boundaries.
Q: What breaks when partner access is treated like normal internal access?
A: When partner access is treated like normal internal access, the organisation expands trust unnecessarily and loses control over the blast radius of a compromised partner identity.
Practitioner guidance
- Map mission applications to explicit identity policy Document which identities can reach each mission-critical application, then remove broad network assumptions from the access model.
- Test access under degraded and disconnected conditions Validate whether direct-routed encrypted connections still support mission continuity when latency increases, routing changes, or central services are unavailable.
- Separate partner access from internal user access Create distinct entitlement and review paths for mission partners, with access limited to approved systems and data sets.
What's in the full article
Appgate's full article covers the operational detail this post intentionally leaves for the source:
- How NGG is positioned to support enterprise, tactical, and classified users across a global defence footprint
- The certification and assurance context behind Appgate's NIAP validation for government use
- The mission-partner access model and how it is intended to support interoperability without extending network exposure
- The DoD Zero Trust mandate context and the role NGG is claimed to play in that path
👉 Read Appgate's analysis of Zero Trust at mission scale with NGG →
NGG and mission-scale Zero Trust: what does this mean for IAM?
Explore further
Mission-scale Zero Trust exposes a governance problem, not just a connectivity problem. When access has to work across enterprise, tactical, disconnected, and classified environments, the programme can no longer depend on a single perimeter or a single trust zone. The operational question becomes whether identity policy can remain consistent when the mission context changes faster than the network does. Practitioners should treat this as an architecture boundary issue, not a deployment detail.
A few things that frame the scale:
- 72% of organisations have experienced or suspect they have experienced a breach of non-human identities, according to The 2024 ESG Report: Managing Non-Human Identities.
- Two-thirds of enterprises have endured a successful cyberattack resulting from compromised non-human identities, with a quarter encountering multiple attacks.
A question worth separating out:
Q: Who should own Zero Trust access decisions in mission environments?
A: Ownership should sit with the team accountable for the mission resource, identity policy, and access lifecycle, not with a generic perimeter control function. That keeps access decisions aligned with operational need, classification, and partner requirements.
👉 Read our full editorial: Zero Trust at mission scale changes how NGG access is enforced