As the Defense Department continues to move toward a world in which it is operating enterprisewide commercial cloud services, and as it plans to launch a collaboration platform called DOD365 that will support secure remote work for DOD users, the need for cross-domain enterprise services has become more apparent than ever.
Cross-domain enterprise services, which the Defense Information Systems Agency provides to the DOD, enable communication and data transfers between networks and domains at different classification levels that would otherwise be kept apart.
These solutions leverage the National Security Agency’s Commercial Solutions for Classified program and offer a variety of capabilities for DOD users. For example, they offer the ability for DOD components to deploy trusted thin clients that users can work on remotely and which don’t actually have any data on them.
The devices remotely connect back to a classified environment, giving users at home the ability to securely access the Secret Internet Protocol Router Network (SIPRNet), which enables the transfer of classified information on DOD networks. Previously, users could not do so. Cross-domain enterprise services also enable users to scale up and down networks and domains with different classification levels, using zero-trust technologies to always protect data at the highest level.
DISA just issued an initial zero-trust reference architecture for the DOD, and the Pentagon has been ahead of the curve on zero-trust adoption compared with most civilian agencies.
“We’ve put many of the key foundational mechanisms in place and have actively leveraged the tools at our disposal,” Acting DOD CIO John Sherman said in April, according to FedScoop. “But we must build on the progress by updating our overarching strategy to ensure our workforce is prepared to implement zero trust and the other latest approaches to defending our enterprise.”
That is where the DOD and the wider federal government are trending, so it makes sense for agencies to consider cross-domain enterprise services, mainly because of the flexibility they bring.
MORE FROM FEDTECH: What does it mean to deploy zero-trust security?
Cross-Domain Enterprise Services in Practice
How do cross-domain enterprise services work? Let’s say a user has a file on an unclassified network and feels the need to get it onto a classified network. He or she can perform a one-way transfer, with the appropriate safeguards in place to inspect the file during the transfer to make sure it has the protections it needs to be put into a classified environment.
One such system is Forcepoint’s High Speed Guard, which, as the company notes, is a DOD-accredited software solution that “enables highly complex, uni-directional or bi-directional, automated data transfers between multiple physically segregated networks.”
The data is thoroughly inspected and sanitized before it is placed into a classified system. Cross-domain enterprise services eliminate the “sneakernet” risk of users surreptitiously transferring classified data via physical media such as USB drives. They also eliminate the air gap risks with removing portable media. Now, the data transfer process is streamlined.
CDW•G is tackling this area with a solution known as Security Management Infrastructure, which allows agencies to detect suspicious activity from both outside and inside the network before they become real threats, and to prevent malicious or accidental data removal through real-time monitoring of user behavior.
SMI can be deployed as an on-premises solution covering everything from behavioral monitoring to maintaining zero trust and whitelisting and backlisting. It can also be rolled out on an Impact Level-related cloud service, including IL-6 or IL-7, or it can be a hybrid combination. SMI helps ensure cross-domain enterprise services are protected both at a single-user capability level and an enterprise capability level.