Most government agencies and private companies are charged with protecting data and mission critical to national security utilize a physically separated network architecture. Typically referred to as network segmentation, this architecture is built for security first and grew out of the data classification paradigm with a separate network for each classification level. While this segmentation is highly secure it has not always been the most usable, requiring duplication of hardware and infrastructure and additional personnel to administer and maintain.
Current technology trend - Cross domain solutions
Cross domain solutions were developed to address this usability and hardware duplication challenge. Divided into two buckets, access and transfer, cross domain solutions work to streamline how users work with the data they need to execute their missions – addressing the human point of interaction between people, sensitive data and security requirements.
Solutions such as Trusted Thin Client fall into the Access bucket and focus on making the user’s desktop more functional and manageable. No longer do users require a separate computer for each network – which can be 10 or more different networks – thus making their work environment more comfortable, quieter and more efficient.
By leveraging industry-standard virtual desktop infrastructure (VDI) technologies that move desktop operating systems and their data from the desk to the datacenter, Trusted Thin Client connects users to this environment through a small, inexpensive, read-only endpoint device.
Required access networks and data separation
All of the required network and data separation is maintained but the user is able to view multiple networks and classification levels simultaneously. Eliminating the cumbersome hardware and inability to view multiple desktop sessions at one time not only reduces costs and increases usability but also serves to greatly improve the overall security posture of the organization.
The Transfer bucket
The Transfer bucket contains solutions such as Trusted Gateway System and High Speed Guard that enable rapid and secure movement of files and data. Trusted Gateway System specializes in the movement of files – Microsoft Office documents, PDFs, images, etc. – and enforces a two-person reliable human review construct.
High Speed Guard specializes in the movement of structured data – sensor data, streaming video, etc. – from machine to machine. All movements in both solutions are scanned for viruses, malware and conformance to security policy with robust auditing. By automating data transfer the highest degree of security can be achieved.
Eliminating the need for manual tactics like– using removable media to move files between secure networks – provides security procedures that work with and for the user so that they can focus on the mission – getting files and data to the right people at the right time.
No matter how much automation we add into our environments we have yet to eliminate the need to print physical documents. As a continuation with its quest to help customers reduce extraneous hardware, we propose a solution, which is developed a means to streamline the cross domain printing environment, which like the desktop environment discussed earlier, has required a separate printer for each differently classified network.
Solution leverages the Trusted Gateway System for the secure transfer of print jobs from a lower classified network to a higher classified network. Much like Trusted Thin Client eliminates the need for multiple desktop computers, Trusted Print Delivery eliminates the need for printers that correspond to each network. Removing those extra printers also reduces the costs associated with maintaining that equipment.
• Cross Domain solutions with built-in security can help to support people fulfilling some of the most complex and crucial national security missions.
• Cross domain solutions increase data and network security and also support requests to reduce and repurpose budget and personnel.
Business case and general solution requirements for HTS KA band rollouts :
Any organization security’s needs to share data but such service must be balanced against the need to protect both the data itself and organization security as a whole.
Cloud services, rural access and mergers require secure cross domain access to all required networks and the associated data, all such services must be delivered with the highest degrees of security.
For HTS VSAT KA-band networks rollouts IPCOM is using RAYTHEON FORCEPOINT CROSS DOMAIN technologies based on Cross Domain suite. Cross Domain suite is securing data efficiently and effectively while providing a high degree of usability without compromising security. Most of our customers require CYBER security balanced with high usability for more efficient and effective missions across intelligence, defense, and civilian agencies networks.
Customers are looking for the unified network, which has to bring together separate networks to open up communications channels that are now either closed or severely restricted.
The main limitation is that for segmented networks various security technologies are deployed by each network or even by networking branches: The inability to integrate security solution for dedicated secure information sharing becomes a serious challenge to address.
User will access IT networks connected out to the tactical edge with a single security architecture (SSA) as supported by a cloud based, global identity management system. It will unify countless, individual networks. Cross domain solution is the way for users to securely access and transfer information when and where it is needed. Through these solutions, authorized members of various clearance levels readily and securely communicate and exchange documents, images, streaming video and other files.They can connect to all authorized networks from a single system, meaning they do not require a different computer or device for every level of security to which they are cleared. It will reduce the amount of hardware and power expenses.
By using virtualization and secure redisplay technologies, secure information sharing solutions focus on protecting the data first as opposed to the device. That is because these secure access and transfer solutions allow users to work with redisplayed data on their device, while the actual data itself is stored in the cloud or data is moved to the level at which it is needed. Thus, it remains protected, regardless of any device compromises, and security is strengthened through a trusted operating platform, strict controls and detailed auditing and logging. Cross Domain participating Agencies will exchange protected data from any source to push actionable information to users who need it, anywhere and anytime to secure transfer enterprise-wide, so the right data gets to the right people at the right time.
Protection will not only be sought from outside adversaries, but those within the enterprise – in response to escalating concerns over “insider threats.” These are vulnerabilities created by trusted employees and contractors whose behaviors (intentional or not) lead to the exposure or leakage of classified, sensitive data and information. To address the issue, solution will monitor network activity using identity access management and “no notice” inspections to ensure agencies are in compliance with security standards.
Brief overview of major solution components:
1. Trusted Thin Client®. Ensures secure, simultaneous access to single or multiple networks from one end point (thin client, laptop, virtual machine, ruggedized hardware).
2. Trusted Access: Mobile. Enabling secure access to data from tablets and smartphones. Virtualization and secure redisplay protects data at the source, eliminating the need to store data and applications on the device.
3. High Speed Guard. Provides rapid, flexible and secure transfer of structured and unstructured data, including Voice over IP (VoIP) and streaming video.
4. Trusted Gateway System™. Introduces a workflow tool to securely transfer files and directories.
5. Trusted Print Delivery™. Streamlines printing across domain boundaries while reducing hardware, maintenance and consumables.
6. Trusted Mail System™. Enables the sending and receiving of email from multiple sensitivity levels within a “single inbox.”
7. Web Shield. Allows users to leave data on any given network for secure search and retrieval of data regardless of its resident network security level.
AVAILABLE TRANSFER TYPES
• Service-Oriented Architecture (SOA) Web Services
• Real-Time Streaming Video
• High Performance File Streaming
• Adaptable Lightweight Messaging
• Cross Domain Simple Network Management Protocol (SNMP)
• Ultra-High Data Rate User Datagram Protocol (UDP)
• General Purpose File Transfer – Automated Secure Transfer (AST)
• Voice over IP (VoIP)
• Forcepoint High Speed Guard is an approved transfer cross domain solution on the Unified Cross Domain Services Management Office (UCDSMO) Cross Domain Baseline
• Top Secret/SCI and Below Interoperability (TSABI)
• Secret and Below Interoperability (SABI)
• Accredited and evaluated by authorities in the United States and Five Eyes nations
• Sustains the industry’s fastest transfer rates of more than 9 Gb/s
• Completes optimized virus inspections within milliseconds using an advanced virus scanner
• Offers the same assurances and algorithms as traditional, slower virus scanners — but at much higher performance
• Allows customer configuration for simplified management and maintenance
• Enables real-time video streaming while providing unparalleled control and auditing
• Supports multiple application protocols and adaptability for custom interfaces
• Provides highly customizable data validation rules for maximum flexibility
• Supports complex Web services
• Enables low-latency messaging
Please contact email@example.com to get more detailed documentation for each industry sector and solution options.