Overhauling Cyber Architecture to Align with ZTA

The work included a transition from on-premises VPN to a cloud-based security services edge (SSE) approach. The organization also needed to implement east-to-west protection, container security, and API security into its cloud security stacks. In addition, they needed to decentralize perimeter protection by moving security as close to the edge as possible. Further, they needed to implement a modern, multicloud defensive cyber operations (DCO) environment.

We provided vendor-agnostic ZTA architectures and design patterns along with an original equipment manufacturer analysis of alternatives (AOA) that Booz Allen developed. We selected and implemented an SSE vendor based on unique DOD and client requirements (e.g., route-based vs. proxy, impact level 5 certified). Also, we selected and implemented application security products based on unique DOD and client requirements—for instance, bring your own IP, infrastructure as a service (IaaS) vs. software as a service (SaaS), and hybrid-multicloud. In addition, we collaborated with a previously commercial-focused vendor to adapt their unique solution to support DOD requirements, and deploy a multivendor, distributed secure access service edge (SASE) solution. Further, we integrated multiple commercial-off-the-shelf and government-off-the-shelf productions to provide a modern, multicloud DCO.

We completely transformed their security architecture from a centralized security solution to a distributed, conditional-based access ZTA. This improved performance while applying security to the edge. We moved from a pilot to full production. We expanded the scope from one network classification to two. And we increased visibility and analytics capabilities to more quickly detect events.