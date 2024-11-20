The Navy’s Flank Speed cloud service, designed and developed by Program Executive Office for Digital and Enterprise Services (PEO Digital) in partnership with U.S. Fleet Cyber Command (FCC), operated by Navy Network Warfare Command (NNWC) and defended by Navy Cyber Defense Operations Command (NCDOC), has set a new benchmark for Zero Trust (ZT) security across the Department of Defense (DOD).

The Department of the Navy’s (DON) Impact Level 5 (IL5) unclassified Microsoft Azure and Microsoft 365 (M365) cloud implementation surpassed expectations during its second round of security assessments sponsored by the DOD Zero Trust Portfolio Management Office (PfMO). Known as Flank Speed, this combined cloud service achieved full compliance with all 91 Target ZT activities — a significant milestone completed three years ahead of the DOD Chief Information Officer’s (CIO) fiscal year 2027 deadline — while also meeting 60 of the 61 Advanced ZT activities.

“We set out to prove that modern service delivery – cutting edge commercial technology married with modern agile management – could offer a revolutionary increase in Customer Experience as well as Operational Resilience,” said Louis Koplin, Acting Program Executive Officer for Digital and Enterprise Services. “This Zero Trust assessment validates not only that objective, but the promise of Zero Trust as an architecture that can improve convenience and security at the same time.”

Launched in 2021 using a greenfield deployment approach, the DON’s Flank Speed service provides enhanced collaboration, productivity and robust ZT security to more than 560,000 users worldwide. The service supports nearly every aspect of Navy information technology (IT) delivery, from cloud-native services to secure data access, modern endpoint device management and identity management. In addition, it integrates Hyper-Converged Infrastructure (HCI) that extends these cloud-based services to the edge, delivering a highly advanced capability that aligns with ZT principles and secures Navy operations in a distributed environment.

“Aligning the Department of Navy with Zero Trust principles was born out of a sense of urgency to deliver a secure collaboration and communications platform that would support the massive telework demand triggered by COVID. We could have tried to modernize the existing collaboration platform, but given the sense of urgency, we moved ahead with a greenfield approach allowing us to architect Zero Trust activities into every aspect of the ecosystem,” said DON CIO Jane Rathbun. “The implementation was a real change in how we deliver and operate capability, tightly partnering between the resource, requirements, acquisition and cyber operator communities.”

Zero Trust Assessments: A Major Milestone

In the summer of 2023, Flank Speed underwent its first-ever DOD ZT PfMO sponsored Purple Team assessment, a collaborative exercise designed to evaluate ZT Maturity before the FY 2027 deadline. This initial test, conducted by the DOD ZT PfMO, stressed the platform’s security response processes, technologies and overall maturity against the 91 ZT Target objectives.

Building on this groundwork, a second Purple Team assessment occurred in spring 2024, involving a coalition of DOD and industry experts, including DON CIO, FCC, NCDOC, NNWC, PEO Digital, MITRE, Naval Information Warfare Center (NIWC) Atlantic, Army Threat Systems Management Office (TSMO), Army DEVCOM Analysis Center (DAC) and Microsoft. This round of testing focused on determining whether Flank Speed could meet all 152 ZT Target and Advanced activities.

The tests scrutinized Flank Speed’s core feature set as well as a host of next-generation capabilities, such as its Flank Speed Edge (FSE) HCI, its built-in application development environment and its Nautilus endpoint management ecosystem. The validation methods included Purple Team penetration testing complemented by service demonstrations, ensuring comprehensive security assessments beyond traditional testing approaches.

After two months of preparation and a rigorous month-long execution, the results confirmed that Flank Speed successfully delivers all 91 Target ZT activities and 60 of the 61 Advanced ZT activities, positioning it as a leader in Zero Trust implementation within the DOD.

“Flank Speed’s unprecedented ability to achieve the very highest level of DoD ZT outcomes demonstrate to the Department and the federal government that ZT cyber defenses work very effectively to protect and defend our data and systems against the very latest cyberattacks from our adversaries,” said Randy Resnick, Chief Zero Trust Officer for the DOD.

Future of Zero Trust for Flank Speed

The path forward for Flank Speed involves an intentional focus on expanding ZT outcomes to the Navy enterprise, bringing the DON’s Information Superiority Vision 2.0 – which calls for improving the Department’s cybersecurity posture by adopting and integrating ZT capabilities, technologies, solutions and processes enterprise-wide – to reality. The DON CIO, FCC and PEO Digital teams remain committed to collaborating with the DOD ZT PfMO and the broader DOD community, sharing lessons learned and best practices to further enhance the DOD’s secure use of Microsoft tools and services.

As the Navy and other DOD entities continue to modernize through Zero Trust, dedicated attention towards interoperability, information protection, and secure collaboration across the DOD will be critical. The Flank Speed platform is primed to lead this charge, ensuring the future of Navy IT remains secure and resilient in an increasingly digital and distributed world.

The original announcement can be found here.