Most government agencies charged with protecting data and missions critical to national security utilize a physically separated network architecture. Typically referred to as network segmentation, this architecture is built for security first and grew out of the data classification paradigm with a separate network for each classification level.
While this segmentation is highly secure it has not always been the most usable, requiring duplication of hardware and infrastructure and additional personnel to administer and maintain.
Cross domain solutions were developed to address this usability and hardware duplication challenge. Divided into two buckets, access and transfer, cross domain solutions work to streamline how users work with the data they need to execute their missions – addressing the human point of interaction between people, sensitive data and security requirements.
Solutions such as Forcepoint Trusted Thin Client fall into the Access bucket and focus on making the user’s desktop more functional and manageable. No longer do users require a separate computer for each network – which can be 10 or more different networks – thus making their work environment more comfortable, quieter and more efficient. By leveraging industry-standard virtual desktop infrastructure (VDI) technologies that move desktop operating systems and their data from the desk to the datacenter, Trusted Thin Client connects users to this environment through a small, inexpensive, read-only endpoint device. All of the required network and data separation is maintained but the user is able to view multiple networks and classification levels simultaneously. Eliminating the cumbersome hardware and inability to view multiple desktop sessions at one time not only reduces costs and increases usability but also serves to greatly improve the overall security posture of the organization.
The Transfer bucket contains solutions such as Forcepoint Trusted Gateway System and Forcepoint High Speed Guard that enable rapid and secure movement of files and data. Trusted Gateway System specializes in the movement of files – Microsoft Office documents, PDFs, images, etc. – and enforces a two-person reliable human review construct. High Speed Guard specializes in the movement of structured data – sensor data, streaming video, etc. – from machine to machine. All movements in both solutions are scanned for viruses, malware and conformance to security policy with robust auditing. By automating data transfer the highest degree of security can be achieved. Eliminating the need for manual tactics like “sneaker net” – using removable media to move files between secure networks – provides security procedures that work with and for the user so that they can focus on the mission – getting files and data to the right people at the right time.
No matter how much automation we add into our environments we have yet to eliminate the need to print physical documents. As a continuation with its quest to help customers reduce extraneous hardware, Forcepoint developed a means to streamline the cross domain printing environment, which like the desktop environment discussed earlier, has required a separate printer for each differently classified network. Forcepoint Trusted Print Delivery leverages the Trusted Gateway System for the secure transfer of print jobs from a lower classified network to a higher classified network. Much like Trusted Thin Client eliminates the need for multiple desktop computers, Trusted Print Delivery eliminates the need for printers that correspond to each network. Removing those extra printers also reduces the costs associated with maintaining that equipment.
With built-in security to support people fulfilling some of the most complex and crucial national security missions, cross domain solutions increase data and network security with highly usable systems that also support our customers’ on-going quests to reduce and repurpose budget and personnel.
Learn about how a Department of Defense intelligence agency customer is realizing these increases in security and decreases in costs in the July 12th 2017 webcast: “Usability without Compromising Security: A Cross Domain Case Study” with Forrester Consulting and Forcepoint. Please register here.