The Pentagon’s Defense Innovation Unit (DIU) said July 1 that cloud security providers Zscaler, Google Cloud, and McAfee Public Sector have successfully completed Secure Cloud Management (SCM) prototypes as part of a year-long process under which DIU has been evaluating service offerings that “deliver fast, secure, and controlled access by DIU users to software-as-a-service (SaaS) apps directly over the internet.”
DIU said its award of “success memos” to the three providers means that Defense Department (DoD) organizations can “contract with the vendors for these solutions without needing to recompete.”
Each of the three vendors developed solutions that embrace zero trust security principles, which line up with President Biden’s cybersecurity executive order issued in May, and DoD’s own zero trust reference architecture. “The timely results of the SCM prototypes will help inform other DoD entities as they formulate their own zero trust plans in alignment with Administration guidance,” the agency said.
John Chen, DIU’s interim CIO, said, “These solutions simplify engagement with non-traditional technology vendors by allowing DIU users to collaborate in real-time.” He continued, “the solutions provide equivalent security and control to the DoD’s Cloud Access Point (CAP) while delivering real-time performance, which is critical for such things as videoconferencing and file sharing.”
“We have seen widespread interest in our SCM effort from Services and DoD agencies that are looking for solutions to similar challenges,” commented Rick Simon, contractor and DIU project lead. “These successful prototypes will give Services and agencies several independently-assessed choices, especially as they implement zero trust architectures.”
The next step for DIU is to select one of the three providers that best fits the organization’s needs and procure a long-term SCM solution through a Production Other Transaction contract. The timeline for that selection is September, DIU said.
“The DoD is working to strengthen cyber defenses on many fronts,” commented Patrick Perry, Director of Emerging Technology at Zscaler. “DIU is exploring and testing new innovative approaches in security architecture. CMMC is in its final stages to improve security consistency to all contractors working with the federal government.”
“But, we have to approach things differently than in the past,” he continued. “Government as a whole can transform security by taking a user-centric approach, where the first priority is to protect the data, then provide secure access once contextual validation occurs, and finally applying appropriate security based on risk scoring – whether accessing the internet or applications that reside in an on-prem data center or using a cloud service.”