Defense companies and Information Security are hot topics on business agenda in Israel and around the world.
There is a lot that is hidden and mysterious, and a little has been revealed. The question is: what will Information Security look like in Defense Companies by 2025? Below is a post by Haim Sternberg – expanding horizons of this important subject.
The issue of information security in defense companies is of the utmost importance. Considerable resources are invested both in terms of systems and products and in terms of the personnel that executes and maintains the entire Information Security system of an organization.
One of the most critical elements of a Defense company’s Information Security strategy is the separation of communication networks. There exists a secured, yet exposed to the world, network; in addition, there are one or more internal networks that are not exposed. The information that passes through these internal networks is more sensitive. There is even a differentiation between the levels of sensitivity and a corresponding division into internal subnetworks: red, black, and so on.
To facilitate the transfer of data across different networks, CDR (Content Disarm and Reconstruction), also known as “content sanitization,” is employed. The purpose of CDR is to prevent malware penetration into more sensitive networks in the process of data migration from less sensitive networks. And in the other direction, any information that passes from a classified network to a less sensitive network is scanned to ensure that no confidential content is leaked.
In case of multi-network configurations, users may only access a specific network from a dedicated workstation that is routed to the required network. A common sight is to see users with more than one workstation on their desk in Defense companies.
During the past few years, organizations have moved their systems to different cloud models. Defense companies are no exception. There is no doubt that in the next couple of years, cloud giants such as Amazon Web Services, Microsoft, and Google Cloud will have servers based in Israel. As a result, the transition of Defense companies to the cloud will be expedited, since it will be possible to ensure that all the data is physically located within the borders of the country. (There are advantages and disadvantages to concentrating all data within the borders of Israel. However, in light of the ongoing war in Ukraine, some concerns have arisen which will be discussed in a separate posting.)
The systems currently running on unclassified networks will be moved to a regular cloud. In the case of more classified networks, it is necessary to find a cloud solution that meets the stringent requirements of information confidentiality. Leading cloud service providers – Microsoft Azure, Google Cloud, AWS – have already developed secure cloud solutions.
Similarly to how information-flows between different networks are secured today through the use of CDR solutions, future cross-cloud data exchange will also be secured by similar mechanisms. Just as there are several workstations today that support connectivity to corresponding classified networks, so there will be several workstations in the future that support connection to different clouds with various data sensitivity levels. The principles of information compartmentalization and classification will remain the same, although the tools and the platforms will change in accordance with the global trends.
Strauss Strategy has extensive experience working with defense companies. We can assist you in analyzing and defining various strategies for transitioning to different cloud models without compromising the level of information security required.
For more information –
Haim Sternberg, Information Security specialist and partner at Strauss Strategy: