Strengthening DOD Cybersecurity: The Journey to Zero Trust by 2027
In early 2023, the Pentagon was forced to alert more than 26,000 individuals that their personally identifiable information might have been leaked during a data breach in which a Department of Defense (DOD) service provider inadvertently exposed emails containing sensitive personal information about current, former, and prospective DOD employees.
The breach made it clear that traditional security postures — such as perimeter and operational technology security — no longer suffice in today's cloud-based environments. Modern threats have exposed vulnerabilities in once-reliable models, and organizations must find a new path forward.
To protect and future-proof DOD information systems, the DOD’s Chief Information Officer, John Sherman, started searching for a new approach.
Enter Zero Trust: a security architecture that requires continuous authentication and is proven to strengthen defenses against cyberattacks and unauthorized access.
By embracing a Zero Trust architecture, the DOD can better safeguard national security and protect American lives. Read on to learn more about Zero Trust — and discover how you can use it to defend your organization from cybercrime.
The DOD Zero Trust strategy
Zero Trust is a cybersecurity strategy that hinges on a simple yet powerful philosophy: never trust, always verify.
Zero Trust enablement means that organizations must continuously authenticate and authorize every user and device seeking access to critical data and applications. No one is given default access to information technology systems, and user experiences stay the same regardless of user identity or location.
This granular approach strengthens security and risk management in the face of evolving threats — but raises concerns about integration with legacy systems, policy adaptation, and maintaining operational efficiency.
In 2022, the Defense Department set a goal for all DOD components — including the Army, Air Force, and Navy — to achieve full Zero Trust implementation by the end of fiscal year 2027. The DOD CIO established the Zero Trust Portfolio Management Office to oversee the process. The DOD’s plan also includes goals for encouraging cultural adoption of Zero Trust among employees and calls for technology acceleration.
A strategic framework for compliance
The DOD Zero Trust Capability Execution Roadmap is a reference architecture that provides a strategic framework for compliance while paving the way for a more secure future. The roadmap lays out a structured and phased implementation plan that addresses the unique challenges and requirements of seven Zero Trust pillars:
- User
- Device
- Network and environment
- Application and workload
- Data
- Automation and orchestration
- Visibility and analytics
Overcoming challenges to modernization
Transitioning to a Zero Trust cybersecurity framework isn’t a simple process. Agencies must overcome legacy system integration and policy adaptation hurdles while maintaining operational continuity.
Other key challenges include:
- Diverse environments: Providing secure, frictionless access in a diverse environment that includes various user roles, devices, and access points spread across different geographical locations and operational contexts
- Complex infrastructures: Gaining visibility and control over complex, hybrid infrastructures encompassing a mix of on-premises, cloud, and edge computing resources — each with its own security considerations and requirements
- Limited resources: Addressing the volume and velocity of threats to network security with limited resources and tools
Key elements for Zero Trust success
With the right strategic elements, you can integrate Zero Trust pillars into your existing workflow and strengthen data security without compromising efficiency and agility.
Key elements include:
- Diligent verification: Ensuring every user and device is continuously verified and authorized through a robust identity and access management (IAM) system
- Strategic isolation: Isolating assets and resources based on specific policies and risk profiles
- Robust protection: Protecting applications and APIs against evolving cyberthreats with comprehensive web application and API protection (WAAP)
- Constant monitoring. Gaining visibility and insights into potential threats using advanced threat intelligence and security monitoring
Accelerate your Zero Trust journey
The transition to Zero Trust security requires collaboration and focus. For a smooth process, find an industry partner capable of providing advanced technological support.
Akamai has a long-standing partnership with the DISA Global Content Delivery Service (GCDS), providing secure, mission-critical capabilities with strategic tools like Akamai Connected Cloud. Our solutions integrate seamlessly with Zero Trust principles — empowering teams to confidently adopt a Zero Trust approach.
Tailored to meet the DOD's Zero Trust requirements, these solutions include:
- Akamai Enterprise Application Access: Continuously evaluates every access request, ensuring only authorized users and devices gain access
- Akamai Guardicore Segmentation: Uses software-defined segmentation to isolate and protect critical assets, providing unified visibility across the enterprise
- Akamai App & API Protector: Delivers multilayered defenses to safeguard applications and APIs from sophisticated cyberthreats
- Akamai GovShield: Offers advanced threat intelligence and security monitoring tailored to the DOD
Establish the groundwork for a resilient defense infrastructure
Not only does Akamai’s comprehensive approach address immediate security needs, but it also lays the groundwork for a resilient, future-proof defense infrastructure.
With proven expertise in protecting critical defense systems and a commitment to compliance with the strictest security standards, Akamai is a valuable ally in your agency’s Zero Trust journey. Accelerate your Zero Trust modernization with Akamai’s advanced solutions to help achieve a more secure and resilient defense posture.
Ready to reach your Zero Trust goals? Contact us to schedule a demo and learn how Akamai can be your strategic partner in achieving Zero Trust by 2027.