This story has been updated with comments from the Defense Innovation Unit.
The Defense Innovation Unit will pilot a secure cloud management solution that may eventually provide zero-trust access to about 500,000 concurrent Pentagon users, after announcing Zscaler as the provider Monday.
Zero trust narrows cyberdefenses from wide network perimeters to micro-perimeters around individual or small groups of IT assets, and the Silicon Valley-based DIU aims to accelerate its adoption across the Department of Defense. Zscaler, also based in California, specializes in doing that work for cloud environments.
The prototype will allow DIU users to directly access the internet and software-as-a-service (SaaS) applications in Amazon Web Services, Google Cloud and Microsoft Azure while they are operating off-network, regardless of their location or device. Zscaler will change the way those users access their workflows.
“It’s completely different from the way they’re doing business today. What we can provide is secure cloud management solutions for government,” said Drew Schnabel, vice president of federal at Zscaler, in the announcement. “The way they’re doing it today, they’re basically accessing applications via virtual private network (VPN). They’re inherent with security vulnerabilities.”
Zscaler and more than 30 other vendors responded to DIU’s November request for solution briefs on prototypes for a next-generation cloud access point. In March, Google, McAfee and Zscaler solutions were selected for piloting — with Zscaler’s assignment changed to secure cloud management.
“SaaS application providers deliver valuable services that can be cost-effectively leveraged by the DOD,” said a DIU spokesperson. “As those cloud services become authorized for use by the DOD, we want to be able manage access to them in a secure manner without impacting performance and usability.”
The Zscaler pilot will secure DIU users’ access to Google applications via Zero Trust Network Access, which is a software-defined perimeter, and through outbound internet. DIU consists of active duty military, National Guard reservists and civilian contractors, and the prototype must secure their access to different areas while integrating with other solutions, Schnabel said.
DIU doesn’t want to give government-furnished equipment (GFE) to reservists for every network they need to access.
“We’re proving out bring-your-own-device as well as GFE,” Schnabel said.
The Defense Information Systems Agency has a “very large role” in adding criteria to the testing scenarios because it believes Zscaler may be able to help with DOD Information Network (DODIN) needs, Schnabel said. The anticipated increase in users is why the pilot must be able to eventually scale from 100,000 endpoints — desktops, laptops and mobile devices — to 1 million using an expedited acquisition process known as an other transaction authority (OTA).
The pilot runs for 12 months, the kickoff meeting being last week.
“Successful prototypes will then be able to solicit follow-on business within the DOD as a sole-source supplier pursuant to the OTA,” the DIU spokesperson said. “All three approaches include zero-trust elements.”