AWS Public Sector Blog

Building zero trust for the Department of Defense: Insights from Les Call, Director of the DoD CIO ZT PfMO

AWS branded background design with text overlay that says "Building zero trust for the Department of Defense: Insights from Les Call, Director of the DoD CIO ZT PfMO"

In today’s digital landscape, federal agencies face unprecedented challenges in securing their complex information technology (IT) infrastructure. Traditional security models require more capabilities, which is why departments like the Department of Defense (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) are mandating zero trust architectures across their agencies.

Renzo Rodriguez, managing director of US Federal Solutions Architecture at Amazon Web Services (AWS), sat down with Les Call, director of the Department of Defense CIO Zero Trust Portfolio Management Office, in a recent episode of “Mission Innovation, powered by AWS,” to explore the challenges and strategies of implementing zero trust within the DoD.

Key takeaways from Renzo and Les’ discussion include:

Shifting security paradigm: Traditional security models are no longer enough in the digital landscape, as adversaries have already infiltrated critical infrastructure. Agencies need to shift towards a zero trust approach to identify threats before they can move laterally and limit their attack surface.

Aligning with DoD Zero Trust strategy: The DoD is working to implement a zero trust architecture across its vast and complex IT infrastructure, aligning with the DoD Zero Trust Strategy and Reference Architecture. This is a significant challenge given the scale and complexity of the DoD’s IT environment.

Embracing collaboration and commercial solutions: The DoD is recognizing that government-owned solutions (GOTS) need more capabilities, and are actively collaborating with the commercial world, including AWS, to bring in solutions that can accelerate their movement towards zero trust.

Ensuring interoperability: The DoD is finding that different departments are interpreting the Zero Trust Strategy and roadmap differently. They are now focused on bringing everyone together, starting with identity and federation, to ensure interoperability across the organization.

Addressing operational technology and mission partner environment: The DoD still needs to tackle the challenges of implementing zero trust in the operational technology and mission partner environments, and is looking to AWS and AWS Partners for solutions to simplify these complex areas.

Leveraging proof of concepts and pilots: The DoD is applying a “proof of concept” approach where they are working on 18 separate pilots, many in partnership with AWS, to accelerate their movement towards zero trust and evaluate commercial solutions.

Embracing generative AI for proactive security: While there are concerns about adversaries using artificial intelligence (AI) to create exploits, the DoD sees the potential of generative AI to help them move to a proactive anticipatory approach to security by creating models that can anticipate and prevent threats.

Les’ insights underscore the complexity of implementing zero trust in an organization as vast and diverse as the DoD. This journey requires not only advanced technology solutions but also careful coordination, strategic planning, and strong partnerships between government and industry.

Whether you are starting your zero trust journey or looking to enhance your existing solution, AWS is here to support you every step of the way. Consider this strategic guidance for elevating your zero trust framework to achieve your overarching security objective:

Defining your zero trust goals: The first step in your zero trust journey is to clearly define your agency’s specific challenges and requirements. Identify the desired outcomes and benefits of implementing zero trust, and establish measurable success metrics to track your progress. This will help you align your zero trust strategy with your agency’s unique needs and priorities.

Choosing the right AWS zero trust solution: To select the right AWS zero trust solution, review the AWS Prescriptive Guidance Embracing Zero Trust: A strategy for secure and agile business transformation to understand the various capabilities and activities within the zero trust framework. Evaluate how AWS guidance aligns with your agency’s goals and requirements, considering factors such as scalability, flexibility, and ease of integration with existing systems.

Designing your zero trust architecture: With your zero trust goals and the right solutions in hand, it’s time to design your zero trust architecture. Map your zero trust strategy to the AWS zero trust guidance, and leverage services and best practices from AWS to design a robust and secure architecture. Collaborate with AWS Security Partners to integrate third-party solutions as needed.

Implementing zero trust with AWS: When it’s time to implement your zero trust solution, work with AWS to develop a step-by-step deployment guide for your use case or enterprise. When developing the deployment guide, address any challenges, such as scale, complexity, legacy systems, and operational requirements, that could arise during the implementation process.

Monitoring and optimizing your zero trust solution: Continuous monitoring and optimization are crucial for the success of your zero trust initiative. Implement AWS monitoring and logging services to gain visibility into your environment, and utilize AWS security tools and services to detect and respond to threats in real-time. Regularly review and optimize your zero trust architecture based on feedback and changing requirements.

By collaborating with AWS, you can navigate the zero trust landscape with confidence and build a secure, resilient, and future-proof infrastructure for your agency. Explore our comprehensive suite of zero trust resources, attend our workshops, and contact us to learn more about how we can help you achieve your security goals.

As Les noted, the path to zero trust is ongoing, and we look forward to continuing our partnership with the DoD to enhance national security through advanced cybersecurity measures.

Watch the full conversation between Renzo and Les on YouTube to learn more about the DoD’s zero trust journey.

Tyler Replogle

Tyler Replogle

Along with hosting and show running the Mission Innovation Powered by AWS video series, Tyler is a principal solutions architect and technical databases leader at Amazon Web Services (AWS) for Worldwide Public Sector. He enables AWS Partners and customers to run their end-mission solutions on AWS. He enjoys building and has found ways to connect with his three daughters through building with Lego, Minecraft, and coding.

Philip Jones

Philip Jones

Philip is a senior executive security advisor for US Federal at Amazon Web Services (AWS), where he focuses on removing security and compliance blockers for cloud adoption. He guides AWS Partners and customers across commercial, GovCloud, and ADC environments. Philip specializes in artificial intelligence (AI) and large language model (LLM) implementation for secure operations, zero trust maturity models, and global ITAR and CUI data compliance.