AFRL: Building A Zero Trust, Multi-Governance Research Platform In Google Cloud

Description

A Secure, Multi-Faceted Approach Addressing the Requirements of NIST 800-207 and 800-218 in Service of Research Collaboration Workloads

The United States Air Force Research Laboratory (AFRL), with its nearly 14,000 personnel and vast network of research partners spanning the Department of Defense, the defense industrial base, academia, and our allied nations, demands a robust platform to facilitate seamless research collaboration. 

When the COVID pandemic threatened to disrupt progress, two innovative AFRL researchers, in partnership with Mile Two LLC, embarked on the development of a secure, multi-governance platform in Google Cloud to address the evolving collaboration requirement.

This initiative has since grown into a robust ecosystem, built upon modern Site Reliability Engineering practices and Zero Trust security architecture. Today, the platform supports over 4,500 active collaborators across 250+ independent, segmented environments, and continues to expand. Researchers using the platform report saving over 500,000 hours annually through streamlined collaboration, secure information sharing, and accelerated innovation with peers globally.

This platform is a force multiplier, enabling AFRL to securely accelerate the delivery of critical capabilities to the warfighter – essential in today's dynamic and challenging battlespace. Furthermore, it propels advancements in vital research areas such as artificial intelligence, all while ensuring strict adherence to all applicable governance and policy.

To further enhance this digital research ecosystem, AFRL employs a multi-faceted approach to security and operations. This includes leveraging Site Reliability Engineering principles, implementing a comprehensive "as code" philosophy for infrastructure, security, and policy, and adopting a GitOps-based model developed in partnership with GitLab.

This strategy prioritizes software supply chain security, dependency management, and secure software delivery in accordance with NIST 800-218. It provides robust protection against evolving threats and facilitates continuous infrastructure updates through a streamlined and self-documenting change management process. Comprehensive observability and fully integrated security operations, powered by Google SecOps, ensure continuous monitoring and rapid response capabilities.

Furthermore, this platform serves as a valuable proving ground for new Zero Trust capabilities, often in a pre-accreditation context (AFRL is, after all, a research organization). This fosters collaboration with broader DoD Zero Trust initiatives, such as the OSD's ZT PfMO, promoting interoperability and strengthening our collective defense posture.

Watch video

Tracks:

• 
  Excellence in Warfighting at the DISA Pavilion