How Identity Serves the Total Army Zero Trust Strategy

In support of the U.S. Department of Defense (DoD) Zero Trust Strategy, the Army is developing a service-specific Zero Trust Strategy, tentatively named “Knights Watch”. To move towards an integrated security architecture, the Army will divest from aging infrastructure, develop trained staff, and lean on industry partners. 

Similar to previous strategies, the Army prioritizes the Total Army (Regular Army, Army Reserve, and Army Civilians) when it explained how it will operationalize its Zero Trust roadmap during a recent Defense One webinar. This includes developing the trained staff, civilian and uniformed, to execute the mission. Therefore, investments in technology should prioritize user experience, the ability to implement solutions quickly, and interoperability with other cybersecurity tools.

With Identity, ease of use and security are two sides of the same coin

Maj. Gen. Jan Norris, the Army’s chief information security officer and deputy CIO, said because of the way its networks are set up, the Army had big hurdles to overcome in moving to Zero Trust. They have traditionally used firewall protection but now need protection from outside and from within the network. This realization is a version of the Zero Trust baseline that assumes any user, device, or network within an organization’s environment is already compromised. Another concept weaved throughout national defense cyber policies is that no single tool or method can accomplish Zero Trust. It will be a collective defense the Army will analyze and rely on. 

At the center of that unified effort is Identity. LTG Morrison, the Army G6, frequently states that ICAM is foundational to Zero Trust. This requires knowing who has access to what and maintaining visibility into that access history. It necessitates continuously assessing users, the unique individuals requesting access to and privileges within systems. Doing this in a way that minimizes human error and removes burdensome processes is challenging enough for any organization. Managing that for a global organization with a federated Identity management system is a monumental task. 

Traditionally, this comes from leveraging phishing-resistant Multi-Factor Authentication (MFA) such as Personal Identity Verification (PIV) and Common Access Card (CAC). But these security tokens sometimes lack the granularity and flexibility needed for the customized experience required to improve the capabilities of the Total Army.

With Okta for US Military, our Impact Level 4 (IL4) conditional Provisional Authorization (PA) that can support DoD-authorized IL5 applications, the Army can build and execute a mature Zero Trust strategy with the user and enterprise technology ecosystem in mind. As a vendor-neutral platform, Okta for US Military supports PIV/CAC, as well as  PIV/CAC alternatives, including existing third-party authenticators deployed within the Army’s extended workforce (e.g., YubiKey and FIDO2). Smart Card Authenticator is a way to use PIV/CAC to safeguard the most critical resources or specific groups while allowing lower assurance factors for less sensitive apps and persons.

MFA is just one of many DoD Zero Trust objectives that Okta for US Military aligns to and streamlines to improve the user experience. Okta’s ability to integrate with existing cloud and legacy infrastructure, as well as best-of-breed DoD apps, centralizes digital trust policies required across the other pillars. Okta has a history of supporting the largest, most complex organizations – ones that need enterprise visibility and shared services delivered at scale – and is here to support Identity and Access Management (IAM) for all DoD components.

If you’d like to learn more about how Okta enhances the DoD’s approach to modern security, download our technical alignment document, How Okta Can Help Meet DoD Zero Trust Capability Execution Roadmap.