DOD wants an alternative to traditional cloud access points
The Defense Innovation Unit is looking to Silicon Valley for an alternative to the traditional access points the military uses to protect its networks when connecting to the commercial cloud.
DIU issued a solicitation for solutions briefs recently asking for companies to pitch ideas for an “alternative cloud security gateway” for the Department of Defense to connect to cloud service providers. The agency is the Pentagon acquisition arm tasked with bringing commercial innovation to national security mission sets.
DOD currently requires in the Secure Cloud Computing Architecture that all impact level 4 and 5 data that is sent to and from the cloud run through a cloud access point for monitoring and defense. While this adds a layer of security to DOD’s connections to commercial clouds, many are critical of the bottleneck this can create. Currently, the Defense Information Systems Agency and the Navy operate DOD’s only two access points.
The solicitation doesn’t come with a long list of requirements. The department wants “near-complete” commercial solutions “that leverage a deployment track record and wide customer base to ensure off-the-shelf compatibility with a continuously growing base of managed cloud services.”
Other than that, qualified vendors will be asked to create a prototype that can support at least 500 users and 1,000 endpoints through the gateway, and show evidence that it can scale to 500,000 users and 1 million endpoints in full production.
Companies will be asked to pitch the prototype in person in Silicon Valley in early 2020. DIU also requires a solution to have “controlled access to managed/unmanaged apps in the cloud, including real-time network monitoring, application access control, and session termination.”
Interested companies need not be based in Silicon Valley, but they must be from the U.S. and have DOD impact level 2 compliance under the Federal Risk and Authorization Management Program (FedRAMP), or be on the path to achieving that. They must also be open to achieving impact level 4 certification down the road.
DIU will accept briefs until Nov. 27. After the pitch and live demonstrations in 2020, the team anticipates awarding an other transaction agreement to fund the prototype, with the potential for follow-on production funding.