The Pentagon plans to implement a zero trust architecture across its entire enterprise by 2027, according to DoD CIO John Sherman.

“What we’re aiming for is by 2027 to have zero trust deployed across the majority of our enterprise systems in the Department of Defense in five years,” Sherman said at a recent FedTalks keynote presentation. “That’s an ambitious goal for those of you familiar with zero trust, but the adversary capability we’re facing leaves us no choice but to move at that level of pace.”

Here’s a look at what the Pentagon’s zero trust initiative will entail and how the U.S. government plans to face the new reality of perimeter-less security.

Implementing Zero Trust for Millions

The Pentagon plans to roll out zero trust at scale for their enterprise of over four million people by 2027. This ambitious plan is based upon the continued rising threat of attacks from individuals, cyber gangs and state actors.

Meanwhile, Commander Gen. Jackie Van Ovost of the U.S. Transportation Command announced that her organization is already at work. “Last month, we completed our implementation of our core zero trust capabilities on our classified network, reaching the baseline maturity level,” said Van Ovost.

Explore Zero Trust Solutions  

Zero Trust for the Entire U.S. Government

The DoD announcement is far from unique. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to embrace it as soon as possible.

“In the current threat environment, the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data,” the memo states. “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”

The White House states that transitioning to a zero trust approach will provide a defensible architecture for new environments. In addition, the government says it will require agencies to meet specific zero trust objectives within the next few years.

The Current Threat Environment “Leaves Us No Choice”

In today’s reality, remote work and connected devices are commonplace. A company’s tech stack regularly expands with new tools and applications. Even if they tried, enterprises can no longer define a perimeter to protect.

Now security must be verified for every app, user, software and device. With zero trust, all requests are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust uses multiple strategies, such as multi-factor authentication, micro-segmentation and AI-driven contextual analytics.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. In fact, companies with zero trust deployed saved nearly $1 million in average breach costs compared to those without it.

DoD CIO Sherman said the current threat environment “leaves us no choice.” The answer that many are turning to is zero trust.

More from News

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read

Zombie APIs are a Top Security Concern as API Attacks Surge 400%

4 min read - Organizations of all sizes rely on application programming interfaces (APIs). The API explosion has been driven by several factors, including cloud computing, demand for mobile/web applications, microservices architecture and the API economy as a business model. APIs enable developers to access data remotely, integrate with other services, build modular applications and monetize their data/services. For enterprises that participated in a recent research study, the average number of APIs per organization was 15,564. Large enterprises (over 10,000 employees) had an average…

4 min read

Google’s Bug Bounty Hits $12 Million: What About the Risks?

4 min read - Bug bounty numbers have never been better. In 2022, Google rewarded the efforts of over 700 researchers from 68 different countries who helped improve the security of the company’s products and services. The total amount of awards grew from $8.7 million paid in 2021 to $12 million in 2022, a nearly 38% increase. Over the past few years, bug bounty programs have gained significant traction. Companies have been lured in by the potential to identify vulnerabilities quickly, enhance product security…

4 min read

Swiss Army Knife Malware Slices Through Systems In so Many Ways

4 min read - What if one single malware strain could cut through any security that tried to stop it? In a new study of more than 550,000 live malware strains, the Picus Red Report 2023 has unveiled a trove of over 5 million malicious activities. In the report, researchers identified the top tactics utilized by cyber criminals in 2022. Picus' findings also highlighted the growing prevalence of "Swiss Army knife malware". This type of malicious software is capable of executing a range of…

4 min read