Building Trust: Zero Trust Architecture and Mission Partners

Ensuring that the right people have access to the right resources at the right time is a challenge for any organization. This is a simple way of describing the paradigm of Zero Trust. For the modern warfighter, when you add the complexities of the battlefield and partner collaboration requirements, the task begins to feel insurmountable.

The work being done between Fornetix and our partners at General Dynamics Information Technology (GDIT) is breaking down the barriers to timely and accurate information sharing among coalition forces. In a recent article from GDIT entitled “ICAM/Zero Trust: At the Core of Interoperability in Mission Partner Environments”, Eric Tapp lays out how Identity, Credential, and Access Management (ICAM) is at the core of a successful Zero Trust collaboration environment. Eric does a fantastic job “drawing the box” around the challenges (and possibilities) of Mission Partner Environments (MPE) and Combined Joint All-Domain Command and Control (CJADC2).

Given the Fornetix/GDIT Team’s efforts at Talisman Sabre 2023 (TS23), I’d like to bring attention to several excerpts from the GDIT article and highlight the the value in delivering ICAM solutions to Mission Partner Environments (MPEs):

“MPEs are environments where mission partners can coordinate and collaborate, and ICAM speeds decision making and makes them more secure, thus advancing the vision set forth by the Combined Joint All-Domain Command and Control (CJADC2) initiative.”

Consider the value of simplifying the process of bringing multiple countries together  — previously this was accomplished with multiple independent networks. Now with a consistent view of identity through ICAM individuals, technologies, and services from multiple countries can be identified, authenticated, and authorized — allowing for collapsing of networks and more efficient use of communications. All of this enhances command and control and ultimately, lethality.

“ICAM plays an important role in aligning credentials with data, ensuring need-to-know and need-to-access is achieved in a secure manner in an environment where most, if not all, information is Secret or higher in classification.” 

Simply put, having a secure communication (COMSEC) is fantastic. However, it is of far greater importance knowing which users (people, services, and things) are on the network and protecting the data that is being securely transmitted. In practical terms, ICAM helps reduce the number of individual controls that need to be applied because there is consistent source of “truth” through ICAM. The practical implications include single sign-on, transparent authorization, and limited interruptions for multi-factor authentication. These benefits might appear simple, but the impact is extraordinary as properly deployed ICAM allows operators to focus on mission, versus disconnected.

 “At the end of the day, MPEs and CJADC2 are close analogs. CJADC2 was created to connect the entire Department of Defense ecosystem and MPE is about ensuring we can connect with mission partners in a secure and seamless way across applications, services. and mission-connected capabilities. ICAM is central to both efforts.”

During TS23, a key part of our approach was enabling data-centric security in the coalition environment. We started working with integration of existing identity providers and tying those together into our ICAM solution.

“Zero Trust and its constant validation of access means we can enable partner access in the same way as internal users. That is to say, when everyone is untrusted, we can treat everyone the same way.” 

Our Team has put into practice that ICAM is the foundation of Zero Trust. With that, ABAC is the “lingua franca” between ICAM and Zero Trust controls. Trust becomes something that is fine-grained, additive, and adaptable. Our approach allows us to employ consistent controls for US and our coalition partners so that we have a consistent, modular approach for brining Zero Trust to where mission happens.

“We have a tremendous cadre of global mission partners with different rules governing their data and information assets; but we’re still going to need to communicate with them and share information, securely, at machine speeds. A commitment to ICAM and Zero Trust principles enables that.” 

If you have dozens of networks and can’t talk to two of your buddies at the same time – you have a problem. Working with GDIT, our Team and our partners in the Department of Defense are showing a path forward to fewer networks and more time to talk to your buddies. Suffice to say the Fornetix and GDIT Teams’ collective efforts are just the beginning.

To read the full article and gain a deeper understanding of the importance of ICAM and Zero Trust for mission partners, please follow this link: https://www.gdit.com/perspectives/latest/icam-zero-trust-at-the-core-of-interoperability-in-mission-partner/

iPhone

End-to-End Social Media Encryption Strategies

Would you consider giving up personal data in exchange for a third-party app to show you what your ninety-year-old self will look like? The rise of social media brought lots of joy to consumers’ lives, allowing users to get glimpses of their future selves, to find out their horoscopes, and to communicate with others across the globe. Read more

blog-km-afterthought

Why Encryption Key Management Can’t Be an Afterthought

The latest best practices in enterprise data security include utilizing KMIP AND an encryption key management solution. While most security conscious companies are mindful of the latest advancements in storage encryption, there is a lack of attention to the requirements necessary to managing the thousands of keys generated from multiple data centers, storage devices, and software — specifically, enterprise level encryption key management systems have been overlooked, leaving companies vulnerable. Read more

Caution in the Factory

Safeguarding Manufacturing: Data Security Control

 

The Vulnerabilities.

Manufacturing involves multiple tiers of suppliers providing components that come together to create the end product. Each tier is an exercise in unique processes to the manufacturer and their third-party suppliers’ raw materials, production, inventory, and distribution. This complicated convergence of players, processes, and data creates a wicked infrastructure security problem.

Read more

Neural network 3D illustration.

Guide to Enterprise Key Management (Why Companies Need Key Management)

With large-scale data breaches on the rise in the last few years, affecting millions of people, making sure your company’s sensitive information is safely encrypted and thus secure should be one of your top priorities. Encryption across your organization scales quickly — from securing file-servers to protecting user data — meaning that you could be looking at hundreds if not thousands of encryption keys. This is a lot of information for your team to handle, especially considering the importance of secure and properly managed keys. That’s where enterprise key management comes in.

Read more

Peanut butter and jelly sandwich

Some Things Just Go Better Together, Like VMware and VaultCore

Portability, versatility, efficiency, and cost-effectiveness are just a few of the advantages of moving to virtualized environments. Instead of requiring a data center full of equipment, virtualization lets organizations rely on just a few servers. A smaller footprint equals less power consumption, lowered cost of ownership, and less overhead. However, too often, enterprises neglect security when it comes to implementing virtualization. Now, VMware makes it possible to easily encrypt and manage virtual machines (VMs) in minutes. Read more

Fortenix dark background

Hardening Systems Against Attacks Like SolarWinds

How Key Management, PKI Controls, and Zero Trust Principles are Applied to Thwart Advanced Persistent Threats (APTs)

For years, cybersecurity professionals argued the importance of “zero trust networks” and their concerns have been fully validated in the wake of the SolarWinds incident. Hacking techniques likely used in the SolarWinds Sunburst attack include mapping of sIDHistory, Primary Group ID, as well as AdminSDHolder to help identify and obtain cached Active Directory credentials. The compromised SAML keys and cryptographic materials were then likely used to execute administrative control and exfiltrate data over an extended duration.Picture1-1

Read more

The Good, the Bad and the Ugly of 5G for Business

The Good, the Bad, and the Ugly of 5G for Business

The Good.

The advent of 5G is an exciting development in connectivity for most businesses. From the farmer who can now remotely monitor field conditions to the global manufacturing leader dependent upon a digital supply chain, to mom-and-pop shops offering real-time-customer service, 5G is changing the way business gets done. And both owners and consumers are enjoying the benefits!

For most, 5G still lacks the true “100 times faster” connection that service providers touted it would bring in 2019. But still, its improvements to speed and lower latency over 4G LTE for business connectivity have already established it as a game changer.

Although 5G is one of the fastest growing technologies in history with adoption 4x as fast as LTE, it will be years before 5G networks blanket the globe. However, explosive adoption is already well underway in the automotive, manufacturing, utilities, and healthcare industries, all of which have been catalysts for a rush on new IoT devices for business efficiencies, enhanced customer service, the movement of large amounts of data, and more.

As 5G network availability grows, the potential for 5G IoT business devices has grown exponentially. Unfortunately, the security risks have grown with it

Read more

The Pentagon

NIST 800-171 Requirements & The Cost Of Not Meeting Them

The Department of Defense (DOD) put out a deadline mandating that specific controls for Covered Defense Information (CDI) and Controlled Unclassified Information (CUI) residing in nonfederal information systems be in place. Many DOD contractors and subcontractors have missed the deadline and are scrambling to update their cybersecurity standards.

Read more

Fortenix and Micron partnership

PRESS RELEASE: Fornetix and Micron Collaborate to Simplify the Deployment of IoT Services

FREDERICK, MARYLANDFornetix, LLC. today announced it has joined forces with Micron to offer a solution that provides secure and simple trusted Internet of Things (IoT) service delivery. The new solution combines Fornetix’s advanced encryption key management platform, VaultCore with Micron’s Authenta™ Key Management Service (KMS) to accelerate the massive deployment of IoT services, a global market predicted by ABI Research to reach $410 billion in revenue annually by 2026. VaultCore is expected to extend Authenta KMS’ reach through its highly scalable, high-performance and secure platform that supports the operational technology lifecycle from manufacture through deployment, and ultimately until device end-of-life. Read more