Recently, Sandeep Shilawat, ManTech’s Executive Director, Cloud & DevOps, participated in a panel discussion on Zero Trust in the Cloud at ATARC’s Cloud & Infrastructure Summit.
The annual cloud summit brought together government leaders and industry representatives to discuss how federal agencies could better employ cloud computing and the challenges ahead in full-scale cloud adoption.
The backdrop to these discussions?
OMB’s new “Cloud Smart,” a policy shift away from the government’s previous “Cloud First” strategy.
Cloud Smart aims for agencies to adopt cloud-based technology in an integrated fashion that links IT security, procurement, and workforce training together as part of an overall IT modernization plan.
Key government representatives who spoke about the challenges and opportunities for agencies with the Cloud Smart initiative included Margie Graves, Federal Deputy CIO, OMB; and Pam Isom, Deputy CIO, DOE.
Deputy CIO Graves noted that Cloud Smart emphasizes IT transformation with security as key focus across the enterprise.
Cloud Smart in fact focuses on three areas of improvement that, taken together, will help drive cloud adoption throughout the federal government. These are:
Security – A focus on automation and policy updates that emphasize better decision-making;
Procurement – Improvements to knowledge-sharing and the ability of agencies to purchase approved cloud solutions; and
Workforce Training – Ensuring that key talent understand the benefits of cloud adoption and how to implement cloud capabilities – and maximize their benefits.
Years after “Cloud First,” many federal agencies still lag in cloud adoption.
Few, if any, federal agencies have IT management as part of their core mission responsibilities, noted Shilawat. Further, recent surveys have revealed that 81% of agencies that are not currently using cloud vs. legacy on-premise data centers are strongly considering transitioning to the cloud.
That said, a key challenge for those agencies wishing to accelerate cloud adoption is operational complexity. Most agencies will have data spread across five different clouds, leading to interoperability challenges.
For instance, an agency may be using both Amazon Web Services and Microsoft Azure for cloud hosting – yet effective mission operations may require the smooth transfer of data among those systems.
Zero Trust in Cloud
To discuss the prospects of zero trust in cloud, ManTech’s Shilawat was joined by Jeff Flick, Acting Director, Enterprise Network Program Office, NOAA; and Rock Sabetto, Principle Systems Engineer, MITRE.
Shilawat began by emphasizing that “Perimeter security is dead…therefore zero trust is the way to achieve full-scale cloud adoption.”
He continued by explaining zero trust is a concept – an approach to IT architecture designed to enhance security laterally within an organization as well as outside that organization.
Rather than assuming that anyone within a given agency should have full network access once they verify their credentials, a Zero Trust model instead embraces concepts like – gateway security, physical or logical micro-segmentation and identity proxy – presuming everyone is a stranger and then granting only authorized users’ access to data – even within the organization thereby adopting principal of least privilege.
The zero trust framework thus establishes identity federation, micro-perimeters and Communities of Trust.
- Greater containment against breach attempts from actors outside the network, and
- Increased protection against (and easier containment and mitigation of) unauthorized breaches from actors already inside the network (i.e., insider threats).
ManTech and Zero Trust
One of the reasons ManTech is uniquely positioned to help federal agencies with their IT transformation and migration to the cloud is not just its understanding of the Zero Trust model, but also ManTech’s deep technical expertise.
For instance, ManTech is currently the prime contractor on the government’s CDM DEFEND-E contract, which means we are responsible for helping a group of nine federal civilian agencies transition to a cloud-based network that is more secure and enables administrators to more easily see both what is on the network, and who is on the network.
These are the critical first steps on the road to implementing a Zero Trust framework, said Shilawat: “Step one in getting to Zero Trust is to audit everything,” he said. “Then, once you have a sense of exactly what is on the network, the next step is to catalog it all – assign tags via meta-data.”
“Many cloud breaches have occurred due to misconfigured AWS S3 buckets – which leads to unnecessary weaknesses,” he said.
Ultimately, said Shilawat, “The internet was not designed for trust or security. So the challenge for government agencies is to approach IT transformation with security in mind. Both cloud migration and a Zero Trust framework assist in this goal – and are achievable, even in agencies with limited budgets.”
In addition to its CDM work for federal civilian agencies, ManTech recently announced its Secure Tactical Edge Platform, or STEP.
STEP is the tactical application of new cloud capabilities for military forces in the field.
It offers high-bandwidth capable, ruggedized, secure and scalable solution that performs real-time data analytics for military personnel operating at the spearhead of combat or close-in reconnaissance of hostile forces.
Leveraging micro-services delivered via cloud technology, STEP culls mountains of data at the tactical edge to provide computer and storage capabilities essential to mission success. Users communicate on a secure “cloudlet” that can operate standalone, or, as the need arises, connect to affiliated U.S. military cloudlets for tactical support from ground, air or naval forces. These cloudlets are tailor made for Zero trust security models.
For more on ManTech’s approach to forward-deployed cloud capabilities – called Secure Tactical Edge Computing, or STEP, read the white paper .
For more information about ManTech’s past performance on cloud implementation for federal agencies, .
More about our CDM DEFEND work may be found .
For more on how ManTech can assist with cloud integration and IT modernization, contact:
- Sandeep Shilawat
- Executive Director, Cloud & DevOps