We feel comfortable that we have met the 152 objectives that the government has given us to meet,’ project lead and Dell Technologies industry CTO of Government Herb Kelsey tells CRN. ‘We feel comfortable about that. But we won’t know truly how close we are until they come and give us the test.’
Dell Technologies’ Project Fort Zero — which promises a step-by-step, vendor-by-vendor validated way to create a security stack that meets all 152 requirements laid down by the U.S. Department of Defense zero trust strategy — is ready for its close up, said project lead and Dell Industry CTO of Government Herb Kelsey.
“We feel comfortable that we have met the 152 objectives that the government has given us to meet,” he told CRN. “We feel comfortable about that. But we won’t know truly how close we are until they come and give us the test.”
The timing of the test, which will grade Fort Zero’s performance across all of those objectives, is up to the Department of Defense.
“We still have the indication that it’s going to be in this calendar year, this fall,” Kelsey said. “We are still at their disposal, for when they want to do the evaluation. So we continue to do our testing. We continue to do our documentation, continue to talk with customers to get them excited and one day we’ll get a knock on the door.”
Fort Zero was introduced this past May at Dell Technologies World. Dell said the project is an ecosystem of more than 30 technology company partners that aims to satisfy the DoD’s zero trust strategy.
Gary McConnell, CEO of VirtuIT Systems, a Nanuet, N.Y.-based Dell platinum partner, said Fort Zero could be a security differentiator. The goals of zero trust, he said, are sophisticated technologically, and require a deep understanding of an ever-evolving security stack. Fort Zero promises to simplify that for partners and customers.
“We’re in the security era, which has brought so many different players to the industry from endpoints all the way to data center and network,” he said. “The challenge with that has been identifying the appropriate solution or partner for each security layer. We see this as a way to mitigate those challenges while being able to integrate well within a customer’s existing tech stack.”
First published in November, the DoD guide supplies technologists with strategies to build zero trust environments, including documenting what is required for concept development, gap analysis, implementation, procurement and deployment of a zero trust system.
“Importantly, this document serves only as a strategy, not a solution architecture,” wrote DoD CIO John B. Sherman in the forward of the document. “Zero Trust Solution Architectures can and should be designed and guided by the details found within this document.”
Kelsey said the Dell team has been working closely with DoD leaders to develop Project Fort Zero, but he doesn’t yet have a date when it will debut. Last year Dell unveiled its Zero Trust Center of Excellence at the U.S. Cyber Command’s cybersecurity innovation center, known as Dreamport. Dell is providing the facility with a secure data center to validate zero-trust use cases before they are deployed into live environments.
“We’re very close. Over the last 18 months we’ve been working hand in hand with the DoD and their CIO’s office and the office that supports the zero-trust platform,” he said. “We meet with them on a regular basis. Our team has been a trusted observer of what the government is doing, and we’ve done our design work and our build work and our testing work at the facility in Dreamport.”
Kelsey also talked with CRN about the role that generative AI will play in future zero-trust environments and why old data is getting a new value and a fresh look in the age of GenAI
You’ve talked about how important automation and AI is going to be to this project, and what an important pillar that is inside zero trust. In what way will that be important?
Automation is what lets you respond faster than your adversary can attack you. Right? If you start looking at some of the statistics in the commercial space around, what’s the mean time to detect a threat? It’s 270 days on average.
Well, that’s probably too long.
How do you compete with that? You compete against that with automation. You say I want to automate the application of my security policy as quickly as possible. I want to respond to a threat as quickly as possible. I want to detect something bad, a threat to my system, as quickly as possible. That’s automation. Keeping humans in the loop in a sprawling enterprise of hundreds of data cetners. Its not feasible. That pillar of automation was added to create the speed.
Now, here’s a baseball metaphor: Doesn’t matter how hard you swing, if you are above or below the ball it’s just not happening. In other words: you can be fast and make a bad decision. So how do we automate in a way that allows us to replicate the skills of my best threat hunters? Of my best network defenders? Oh, we have this thing called AI/ML. Perfect. So that pillar is filled with AI/ML.
Now lets go to the next pillar visibility and telemetry. How do I create AI models? I need data on what’s right. I need data on what’s wrong. I need data on how people make decisions. All of that coming off an infrastructure gives us data and visibility into what’s happening on the system.
How many people are logging in and doing so in a valid way. How many are doing so in an invalid way? What IP address are they on? Can I isolate that? When somebody comes into the system what do they access first?
There’s a pattern of behavior to all of that.
All of that visibility data is what we use to feed and train the machine learning models, along with how experts respond to it, to create the AI to create the automation, to speed up the responses in an intelligent way.
AI is crucial to zero trust. AI is crucial to meeting the objective of defeating the adversary. We’re driving to an outcome. And it’s the fact that the government has been prescriptive about how to go about it that’s been revolutionary for the marketplace.