Expanding cloud use requires cross-domain security

Featured eBooks
Whole-of-State Cybersecurity
The State of Trust in Government
Cybersecurity in State and Local Government
By George Kamis
 

Connecting state and local government leaders

By George Kamis

|

The Defense Department must ensure that cloud-based data can be transferred across classification levels and accessed by only the right people, with the right authorization at the right times.

As the Department of Defense begins to aggressively move forward with the Joint Enterprise Defense Infrastructure program, the need for cross-domain security solutions has never been more apparent. The JEDI enterprise-grade cloud solution will house large repositories of data at the Secret level and communicate with clouds and networks at other classification levels. DOD must ensure that data can be transferred between these levels and accessed by the individuals that need the information -- but that only the right people, with the right authorization and classification, are sharing and accessing the right data at the right times.

That’s no easy task, particularly with so many people accessing to so much information. Warfighters hunting terrorists must be able to know a terrorist's location, but they may not have the clearance for anything beyond a surface level of data pertaining to that operation. Meanwhile, classified information may need to be pushed further up the command chain to those who may not have immediate access to that data, so they can effectively plan their missions.

It’s a highly complicated process that’s fraught with all manner of security questions. What if the wrong information is accessed by the wrong people? What if data becomes compromised while in transit? How can DOD protect its information while giving employees a seamlessly way to access the data they need to complete their missions?

Crossing the security chasm

Cross-domain solutions permit communication between networks and classification levels that would otherwise be kept separate. From the perimeter, they closely monitor data transfers to ensure that only correct and authorized information crosses a boundary. For instance, a cross-domain solution will carefully assess data in transit to ensure that only properly declassified information is released from a classified network.

Cross-domain technologies can also be highly beneficial for managing data transfers between multiple classification levels. DOD’s three clearance levels -- Top Secret, Secret and Unclassified -- each have their own clearance sub-compartments housing different kinds of data. Individuals with “need to know” access must be able to get information from those different compartments, and data must be transmitted and shared between various levels. Cross-domain solutions can facilitate this transfer of information in a secure manner.

Critical in helping to support the mission, cross-domain technologies use the right level of rigor to protect critical networks and data without sacrificing the ability for employees and systems to obtain the information they need. Data can only be shared when necessary, and that sharing comes with specific credential and redaction requirements. This safeguards networks by putting in place strict validation rules and policies and automating manual transfer processes. The best cross-domain solutions undergo significant security testing and meet stringent guidelines set out by the National Security Agency's  Raise-the-Bar initiative to ensure the highest levels of security.

No need for “all or nothing”

The key is balancing security policies with the ability to provide people with fast access to information. Data must be protected without handcuffing employees.

Indeed, security should not be an all-or-nothing affair. Just because a threat exists doesn’t mean access and information flows should be completely shut off. Doing so would blind DOD to its own threat landscape and cause employees to simply create workarounds, leaving the agency just as vulnerable as before, if not more.

Employees should be able to seamlessly do their jobs aided by secure systems -- not hampered by them. Meanwhile, security administrators should be able to focus on addressing real threats, as opposed to spending time rectifying false alarms or implementing unnecessary blanket security policies that adversely impact everyone.

Humans as the last line of defense

Securing data as it passes from one network to another is only the beginning. Once data is shared, it ends up in the hands of government employees. Those employees can be an ideal complement to cross-domain security by serving as DOD’s final line of defense.

Some employees may be more susceptible to a security breach than others simply because of their role and proximity to sensitive information. For example, a senior officer might be more of a target than someone who does not routinely access classified data. Therefore, DOD should take into account users’ proximity to sensitive data and daily behavioral patterns and passively monitor for any anomalies in these patterns. Establishing a baseline of a user’s regular patterns -- the type of files they access, where they log in from, etc. -- can help identify spikes and anomalies later on.

Continuous monitoring of these patterns allows DOD IT professionals to detect whether or not a user’s credentials may have been compromised and flag any other unusual activity. Leveraging CM data allows cybersecurity teams to effectively inform a reliable risk-adaptive security approach that automatically responds to abnormalities in a number of ways, including blocking irregular access or enforcing other security countermeasures without penalizing the entire workforce or rewriting security policies wholesale. That is a better and more effective approach than “all or nothing,” as it supports the information flow that cross-domain solutions provide while ensuring that the DOD’s proprietary data remains secure even after it crosses borders.

No network is impenetrable, and security breaches are not a matter of “if,” but “when.” But information can remain protected, even in transit. Employees can stay productive and have access to the data they need. And networks and clouds can be better fortified. Adopting cross-domain and risk-adaptive security can mitigate threats and keep missions on track.

NEXT STORY: Making the Case Against Bigger and Longer Trucks on Capitol Hill

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.