Cloud burst: securing data cross domains

Interoperability & Secure Solutions Sales Lead in Defence, BAE Systems Applied Intelligence Read time: 4 mins
Cloud computing is now a fact of life for organisations in both the public and private sectors – but how can their data be shared securely? The solution, says Sam Neath, lies in secure cross domain.
Cloud burst: securing data cross domains blog imageIt’s quite unusual for me to be writing about anything “technical”, despite having spent my life working in IT and Technology.
 
That’s because I have quite a few hats at work, one of which being the Co-Chair of the BAE Systems LGBTQ+ network, OutLinkUK. As a result, I often find myself speaking and writing a lot about diversity and inclusion in the workplace, specifically around LGBTQ+ matters. But this is just part of what I do. 
 
I’m also an account manager working in secure cross domain, a new suite of technologies which enable data transfer between networks of different security classifications, as well as other cyber security products. I know – it’s quite the contrast.
 

Counting on cloud

More and more organisations – some 42 per cent in the UK – are adopting cloud computing for services such as email and file storage. It’s easy to see why. Cloud saves on cost, time and effort to set up infrastructure of their own. It also allows more flexibility and agility for staff, and saves physical space with reduced reliance on on-premises servers. It’s inevitable that the majority of UK organisations – in the public and private sectors alike – will rely on cloud computing in the not-too-distant future.
 
But while cloud computing is increasingly being adopted across the UK government, how does this work for those departments and agencies which work on secure networks? After all, the use of a public or community cloud for sensitive data introduces a huge amount of risk. 
 
Faced with this conundrum, policymakers have opted to use private cloud services, which still require very strict separation controls and operate at a single security domain (whether for unclassified networks, or those of a higher security level).
 
But this creates another challenge, namely what if information needs to be viewed or transferred from one network of a certain trust level, to another network, without any risk of contamination? This is a problem that government departments face every single day. 
 
In the past, they have relied on the time-consuming and manual process for transfer or data, or have been faced with multiple screens, desktops and phones in order to work on different networks – potentially even across different rooms or buildings. Anyone can imagine the difficulties and impracticalities of working like this; we even face the same issue here at BAE Systems.
 
So, what’s to be done?
 

Introducing secure cross domain

The good news is that help is on the way in the form of secure cross domain. These technologies allow organisations to connect easily and efficiently to lower-trust networks, both in the office and remotely – something that is rapidly becoming more essential for government. 
 
To help accelerate this progress, the National Cyber Security Centre (NCSC) has been conducting a pilot with some key industry partners – including ourselves –in two test labs to test and modify their security principles for cross domain. When complete, NCSC will be issuing their principles and import and export patterns.
 
Across the pond, the National Security Agency, is also making strides. Its recent “Raise the Bar” paper for cross domain solutions (CDS) stipulates that all Department of Defence CDS will be compliant by the end of 2020. 
 
In the paper, there is a clear shift away from using software running on commercial off the shelf servers and instead pivoting towards hardware (FPGA) based CDS. This is because vulnerabilities have shown commodity operating systems and hardware are too complex to be fully trusted. And so the NSA specifically states that for all CDS connecting to the internet, or to high threat classification networks, a hardware-enforced one-way transfer mechanism must be deployed.
 

Raising the guard

The progress of recent years is certainly to be welcomed. This is because with interconnectivity comes greater risk. Hackers are more organised and well-funded than ever before, and in some cases they are even state sponsored. Theirs is a constant circling presence and one we should always be wary of. 
And that’s exactly why this is no time to rest on our laurels. Secure cross domain represents a new way to secure the data that organisations rely on day in, day out. Its potential and importance is clear – but it remains a work in progress.
 
In this business, there is always more to do.
 
 

Discover the latest trends, topics and technologies; explore more Government Insights from our experts.

 
 
About the author
Sam Neath is Interoperability & Secure Solutions Sales Lead in Defence, BAE Systems Applied Intelligence
sam.neath@baesystems.com
 
 
 
 
top
Sam Neath Interoperability & Secure Solutions Sales Lead in Defence, BAE Systems Applied Intelligence 20 November 2019