What are cross domain solutions and why use them for data protection?
TAGS
SHARE
Data is the most valuable untapped resource in most organisations. It can help uncover insights that accelerate decision-making when tackling complex challenges like sustainability or changing consumer needs. And that means it can unlock significant new growth opportunities.
Considering this opportunity, data security has never been more important.
Yet, while access to data is improving, it’s becoming ever harder to protect. Historically, ringfencing a network was the norm. But today’s world requires bidirectional communication to, for example, enable remote working or take advantage of cloud services hosted externally. And that opens a greater attack surface, with new routes for malicious actors to reach sensitive information.
To answer this challenge, organisations that hold particularly sensitive information, such as government departments, recognise ‘high’ and ‘low’ trust domains depending on the security classification of the data within. For example, a police force will have databases on witnesses and suspects contained in a high domain, but the officers with access to that data will likely also need access to services like email housed on the low domain.
High domains contain strict security controls for data transfer, so a cross domain solution (CDS) manages the movement of data to or from a low domain to ensure sensitive information can’t leak out or be stolen.
What are cross domain solutions?
The UK’s National Cyber Security Centre defines CDSs as holistic solutions that incorporate “architectural techniques and supporting technologies to build secure end-to-end connectivity between IT systems that you trust differently.” The goal is to connect different domains to each other to enable information flow while mitigating cyber attacks and data loss.
This philosophy isn’t new – much of the focus on information security today involves implementing the principle of zero trust to mitigate risks of cyber attacks and data loss, and many companies already use firewalls to segregate their networks. What makes CDSs more secure is that they expand security principles to the hardware level to deliver network protocol attack protection, content-based attack protection, and unauthorised export protection.
Should you implement a cross domain solution?
CDSs aren’t simple. Implementing these philosophies can require an extensive understanding and honest assessment of your IT infrastructure. Yet cyber threats are increasing and the cost of data breaches is rising – fines from regulators are getting larger and the reputational damage can be devastating.
Starting small by implementing CDS principles incrementally and incorporating existing technology helps spread the investment while improving data security. For example, you can start by defining the most critical components of your infrastructure as the most highly trusted domain and implement a CDS there before expanding as necessary. Or you could apply principles such as semantic and syntactic validation at a software level on your firewall.
The important thing is to get started. With the increasing importance of data, it will become ever more important to ensure its security. Highly sensitive organisations have already proven how CDSs provide that assurance, so now’s the time for more data-driven businesses to join them.