Cross Domain Solutions
The infodas approach for data centric security in cross domain scenarios follows the zero-trust model
Network segmentation is an important element of IT security concepts. Organizational networks are divided into segments based on criticality and sensitivity requirements of data and systems. Network segments that hold particularly sensitive data (e.g. national RESTRICTED or SECRET classification) are many times isolated (“air gapped”) or available through limited enforced communication patterns and data flows.
Similarly, the zero-trust model distrusts all endpoints, applications and users. All internal and external communication must be checked. Any user or service must authenticate itself. Many IT security concepts only focus on minimizing external threats which is a weakness exploited for Cyberattacks.
Accordingly, a distinction is made between
- Cross domain transitions between internal networks
- Cross domain transitions between internal networks and DMZ
- Cross domain transitions between internal networks and the Internet
- Cross domain transitions between DMZ under internal/external control and the Internet
However, isolation of network segments presents a real challenge for public and private organizations. Government agencies, the military and companies (e.g. banks, power stations, oil platforms) increasingly have to exchange, merge or analyze data in order to be able to fulfil their respective mission in real time as they go digital. In many cases it is only computer systems that have to communicate with each other. The labor and time intensive task of exchanging data between isolated and connected domains (“swivel chair interface” or “sneaker network”) is a show stopper to digitization.
This is where Cross Domain Solutions (CDS) come in. These are highly-trusted, government-accredited network security components (e.g. Security Gateways, Data diodes) that control and, if necessary, block the flow of data between two security domains at all layers.
In combination with the OPSWAT MetaDefender Kiosk and MetaDefender Vault, it also ensures that no malware can be transmitted via external data or portable media.
Our offering to you
Cross Domain Solutions Explained