Google Cloud announced that the Defense Innovation Unit of the United States Department of Defense (DoD) had chosen Google Cloud's secure cloud management (SCM) solution for organization-wide implementation, paving the way for potential broader adoption across defense agencies worldwide. The production contract was awarded after DIU deployed three separate, year-long prototypes by Google and two other commercial vendors. The goal was to provide DIU with fast, secure, and controlled access to software-as-a-system (SaaS) applications directly over the internet.
Google Cloud's solution, which was developed in collaboration with Palo Alto Networks, is based on zero trust principles and the idea that implicit trust in any single component of a complex, interconnected system can cause significant security threats. The SCM offering from Google Cloud aligns with the White House's May 2021 executive order and the recent memorandum by the U.S. office of management and budget urging the federal government to improve national cybersecurity. In addition, other DoD agencies can acquire this SCM solution through other transaction authority (OTA) agreements as they implement their own zero trust strategies.
"In today's new cybersecurity paradigm, it's critical that government agencies see the benefits of adopting a zero trust security strategy and have the option of selecting more modern, cloud native solutions that meet their unique needs,"
Lynn Martin, vice president, North America Public Sector, Google Cloud
Built on Google Cloud's secure application access anywhere offering, this SCM solution is a container-based offering for secure application access and monitoring. This open, standards-based solution will replace DoD's present network boundary points with a scalable, highly responsive alternative. Additionally, SCM leverages Anthos from Google Cloud to manage hybrid cloud and multi-cloud applications using Kubernetes.
A third-party assessment group evaluated Google Cloud's SCM system using criteria established by the Defense Information Systems Agency (DISA). Seventy-seven security measures were assessed during the audit, comprising test cases for network, user, end device, data, and secure cloud management controls.