For the past year, the Defense Innovation Unit (DIU) has been prototyping three different commercial solutions that aim to deliver fast, secure, and controlled access by DIU users to software-as-a-service (SaaS) apps directly over the internet.
All three Secure Cloud Management (SCM) prototypes have now achieved their project goals and all three vendors – Google Cloud, Zscaler, and McAfee Public Sector – received success memos. These success memos enable Department of Defense (DoD) organizations to contract with the vendors for these solutions without needing to recompete.
“These solutions simplify engagement with non-traditional technology vendors by allowing DIU users to collaborate in real time. The solutions provide equivalent security and control to the DoD’s Cloud Access Point (CAP) while delivering real-time performance, which is critical for such things as videoconferencing and file sharing,” said John Chen, interim CIO for DIU.
All of the selected vendors developed solutions that embrace zero trust principles, making DIU’s efforts consistent with the May 2021 Executive Order on Improving the Nation’s Cybersecurity and the DoD’s recently published Zero Trust Reference Architecture. The timely results of the SCM prototypes will help inform other DoD entities as they formulate their own zero trust plans in alignment with Administration guidance.
“We have seen widespread interest in our SCM effort from Services and DoD agencies that are looking for solutions to similar challenges,” said Rick Simon, contractor and DIU project lead. “These successful prototypes will give Services and agencies several independently-assessed choices, especially as they implement zero trust architectures.”
Google Cloud, Zscaler, and McAfee Public Sector implemented their prototype solutions at DIU beginning in May of 2020. The solutions all include Secure Access Service Edge (SASE) services, which are a convergence of several related network security functions with wide area network capabilities. Zero trust principles are core to the SASE security framework.
The prototypes were assessed by third party assessment organizations based on criteria developed by the Defense Information Systems Agency (DISA). DIU will select one provider that best fits their unique needs and will procure a long-term SCM solution through a Production Other Transaction contract likely by September 2021.