For the U.S. Army, cloud will provide the firepower to enhance its war-fighting capabilities. The Army’s strategic partnership with cloud service providers such as Amazon Web Services, Microsoft Azure and Google Cloud assures that cloud is inherently more secure than on-premises infrastructure.
But the proliferation of cloud requires the implementation of zero trust principles. Since 2021, the U.S. Army has embarked on a zero trust journey to guard access to sensitive data and create resilience to keep adversaries out.
“One of the ways we are preparing to engage in modern warfare is through a multi-domain operation by integrating data and functions between land, air, sea, space and cyberspace. We call it Joint All-Domain Command and Control (JADC2),” says Dr. Raj Iyer, CIO of the U.S. Army.
The U.S. Army is also augmenting its efforts to prevent software supply chain attacks. A fully accredited DevSecOps platform has been established to safeguard the applications being built by the Army Software Factory in Austin, Texas.
“We have to continuously assess the security challenges emerging from the commercial software, especially the open source. That does not mean we will stop using it,” Iyer says. “Strong risk management principles along with our zero trust network architecture will help us in becoming resilient to sophisticated nation-state attacks.”
In Part 1 of this interview with Information Security Media Group, Iyer explored how organizations of strategic importance are leveraging digital transformation and cloud-native architecture to enhance their war-fighting capabilities. In Part 2, he discusses:
- How the U.S. Army is building a multi-domain operation through JADC2;
- How the application of a zero trust network architecture is safeguarding identity and access management;
- Ways to strengthen policies to thwart software supply chain attacks.
Iyer serves as principal adviser and directs all matters representing the Secretary of the Army for information management and information technology. He sets the strategic direction and oversees the execution of policies and programs for IM/IT, including managing an integrated IT architecture, enterprise data management, cybersecurity and cloud management.