Building Trust: Zero Trust Architecture and Mission Partners

Ensuring that the right people have access to the right resources at the right time is a challenge for any organization. This is a simple way of describing the paradigm of Zero Trust. For the modern warfighter, when you add the complexities of the battlefield and partner collaboration requirements, the task begins to feel insurmountable.

The work being done between Fornetix and our partners at General Dynamics Information Technology (GDIT) is breaking down the barriers to timely and accurate information sharing among coalition forces. In a recent article from GDIT entitled “ICAM/Zero Trust: At the Core of Interoperability in Mission Partner Environments”, Eric Tapp lays out how Identity, Credential, and Access Management (ICAM) is at the core of a successful Zero Trust collaboration environment. Eric does a fantastic job “drawing the box” around the challenges (and possibilities) of Mission Partner Environments (MPE) and Combined Joint All-Domain Command and Control (CJADC2).

Given the Fornetix/GDIT Team’s efforts at Talisman Sabre 2023 (TS23), I’d like to bring attention to several excerpts from the GDIT article and highlight the the value in delivering ICAM solutions to Mission Partner Environments (MPEs):

“MPEs are environments where mission partners can coordinate and collaborate, and ICAM speeds decision making and makes them more secure, thus advancing the vision set forth by the Combined Joint All-Domain Command and Control (CJADC2) initiative.”

Consider the value of simplifying the process of bringing multiple countries together  — previously this was accomplished with multiple independent networks. Now with a consistent view of identity through ICAM individuals, technologies, and services from multiple countries can be identified, authenticated, and authorized — allowing for collapsing of networks and more efficient use of communications. All of this enhances command and control and ultimately, lethality.

“ICAM plays an important role in aligning credentials with data, ensuring need-to-know and need-to-access is achieved in a secure manner in an environment where most, if not all, information is Secret or higher in classification.” 

Simply put, having a secure communication (COMSEC) is fantastic. However, it is of far greater importance knowing which users (people, services, and things) are on the network and protecting the data that is being securely transmitted. In practical terms, ICAM helps reduce the number of individual controls that need to be applied because there is consistent source of “truth” through ICAM. The practical implications include single sign-on, transparent authorization, and limited interruptions for multi-factor authentication. These benefits might appear simple, but the impact is extraordinary as properly deployed ICAM allows operators to focus on mission, versus disconnected.

 “At the end of the day, MPEs and CJADC2 are close analogs. CJADC2 was created to connect the entire Department of Defense ecosystem and MPE is about ensuring we can connect with mission partners in a secure and seamless way across applications, services. and mission-connected capabilities. ICAM is central to both efforts.”

During TS23, a key part of our approach was enabling data-centric security in the coalition environment. We started working with integration of existing identity providers and tying those together into our ICAM solution.

“Zero Trust and its constant validation of access means we can enable partner access in the same way as internal users. That is to say, when everyone is untrusted, we can treat everyone the same way.” 

Our Team has put into practice that ICAM is the foundation of Zero Trust. With that, ABAC is the “lingua franca” between ICAM and Zero Trust controls. Trust becomes something that is fine-grained, additive, and adaptable. Our approach allows us to employ consistent controls for US and our coalition partners so that we have a consistent, modular approach for brining Zero Trust to where mission happens.

“We have a tremendous cadre of global mission partners with different rules governing their data and information assets; but we’re still going to need to communicate with them and share information, securely, at machine speeds. A commitment to ICAM and Zero Trust principles enables that.” 

If you have dozens of networks and can’t talk to two of your buddies at the same time – you have a problem. Working with GDIT, our Team and our partners in the Department of Defense are showing a path forward to fewer networks and more time to talk to your buddies. Suffice to say the Fornetix and GDIT Teams’ collective efforts are just the beginning.

To read the full article and gain a deeper understanding of the importance of ICAM and Zero Trust for mission partners, please follow this link:

Fortenix dark background

Hardening Systems Against Attacks Like SolarWinds

How Key Management, PKI Controls, and Zero Trust Principles are Applied to Thwart Advanced Persistent Threats (APTs)

For years, cybersecurity professionals argued the importance of “zero trust networks” and their concerns have been fully validated in the wake of the SolarWinds incident. Hacking techniques likely used in the SolarWinds Sunburst attack include mapping of sIDHistory, Primary Group ID, as well as AdminSDHolder to help identify and obtain cached Active Directory credentials. The compromised SAML keys and cryptographic materials were then likely used to execute administrative control and exfiltrate data over an extended duration.Picture1-1

Read more


PRESS RELEASE: Fornetix to Partner with ThinkOn to Create Key Management as a Service Solution

FREDERICK, MARYLANDFornetix, LLC. today announced their technology partnership with ThinkOn Inc., Canada’s largest wholesale provider of cloud storage, compute, and networking resources. The VaultCore™ Key Management Solution will be deployed as an integral part of the ThinkOn suite of Infrastructure as a Service Offerings (IaaS), and will provide a critical layer of encryption management to ensure that sensitive data will remain secure wherever it resides.

“We are excited to partner with ThinkOn and introduce the VaultCore KMaaS Cloud solution to their ecosystem. We look forward to massive opportunities to work together providing the most secure solution on the market for encryption key management in the cloud,” said Mark Gilroy, CEO of Fornetix.

VaultCore will be providing encryption key management for ThinkOn’s cloud data storage environments enabling IT administrators and security professionals to manage encryption across their entire enterprise with precision, speed, and without impacting performance. ThinkOn will be utilizing VaultCore for cloud-based data management solutions where subscriber information is siloed and requires compliance with stringent laws and regulations involving privacy and protection of classified and sensitive data. VaultCore’s ability to delegate key user privileges for management via cloud services plays a pivotal role in the development of this partnership.

“At ThinkOn, we care about security and efficiency of cloud data management. We are very excited to align and partner with the best in industry innovators like Fornetix to deliver an enterprise level security framework to our subscribers,” said Craig McLellan, Founder of ThinkOn.

A key feature of VaultCore is its Policy Engine. VaultCore provides fine-grained inherited access controls for encryption, thus enabling organizations to define encryption key management use in line with their corporate policy. In addition to this, users can easily schedule and automate the full encryption key lifecycle process and manage over one hundred million keys across their entire infrastructure. VaultCore is certified as VMware Ready for Platform and Compute, providing seamless integration for datacenter environments that require KMIP.

About Fornetix

At Fornetix we understand that managing encryption in today’s complex environment can seem an impossible task. That is why we created VaultCore, a simplified, automated, and secure encryption key management solution designed to address security challenges arising from the proliferation of IoT, big distributed networks, and rapid cloud adoption. Our commitment to standards and interoperability enable us to join forces with leading technologies around the globe to provide smart and unified security solutions that bring order to the chaos of encryption management. For more about Fornetix, please follow us on LinkedIn and Twitter.

About ThinkOn

ThinkOn is an exclusive wholesale provider of cloud infrastructure and data management services with over 150 partners and over 1,100 end subscribers in the commercial and public sector. ThinkOn’s cloud is engineered for high availability, reliability, and scalability to meet the requirements of all kinds of critical workload. Headquartered in Toronto, the company delivers true data availability, protection, and privacy with 20+ operating regions compliant to critical industry level certifications across the globe. For more information visit

For press inquiries and more information contact:

C Wolniewicz
SVP Global Marketing
Fornetix, LLC


CISO SCENARIO: Your Subcontractor Has Been Breached | Fornetix

Let us consider a scenario in which an organization, a general contractor utilizing at least one subcontractor, implements a production chain security strategy powered by encryption, but NEGLECTS the addition of a key management system. You’re the CISO, responsible for the cybersecurity strategy that ensures your organization’s information assets and technologies are adequately protected.

Your team implemented standards-based encryption across the board and provided a common software platform to your supply chain partners, allowing for data to be transferred securely between your organizations…or so you thought.

Suddenly, your organization gets word from a subcontractor that they’re experiencing unusual network activity. The cybersecurity strategy you spent months creating is clear; cut off your partner’s network, lock down your data, and as CISO, stay up all night hoping the bad actor wasn’t able to permeate your network’s exterior defenses. In the interim, your IT department heads begin the grievous task of pulling reports from various locations and mulling them over to better understand any potential impact.

In the early morning hours, you find out that there was indeed a breach, courtesy of your subcontractor’s less-than-robust “secure network.” A bad actor was able to breach your defenses through your subcontractor’s weaker network, grabbed your data, and basically left unnoticed until your subcontractor alerted you to a “possible problem.” You’ve already spent a good portion of the night calculating the estimated costs of just such a breach, and you’re now faced with explaining what happened to your CEO.

Now, rewind, and imagine that you are the CISO who went beyond just “checking the box” for data encryption

The CISO who went beyond just “checking the box” for data encryption when planning their security strategy slept like a baby while his IT department went home in time for dinner with their families. The subcontractor did experience a breach, but your organization was left unscathed. Thanks to the encryption key management system you integrated with your legacy system earlier in the year, the company’s data remained secure. With the automated, short-life periodic key rotations, and the system’s robust identity capabilities, applications, and storage services, the necessary insight and controls needed to thwart this sort of next generation attack were in place and all data remained secure.

Addressing the overall security of not only your enterprise, but also those in your supply or distribution chains, in a protection-centric approach, is the most cost-effective and simple solution you can add to your current security strategy to protect your data. Learn how one encryption key management solution like Fornetix® VaultCore™ can extend the reach and power of your encryption and better protect your data from attack.

For a deeper dive into understanding encryption key management and how CISOs, CTOs, and others tasked with implementing enterprise security strategy and securing data across multiple environments can utilize a key management system to better protect their data, click here to read The CISO’s Guide to Understanding Encryption Key Management.

RackTop Teams with Fornetix to Create FIPS 140-2 Level 2 Compliant Encrypted Data Storage Solution

FULTON, Maryland, July 25, 2017 Today, RackTop Systems announced the immediate availability of its advanced secure encryption service with support for external cryptographic key management powered by Fornetix® Key Orchestration™. The enhancement enables organizations to meet strict data-at-rest encryption requirements while providing effortless, unified management of encryption keys. RackTop’s advanced encryption service maintains the highest level of protection by eliminating any human interaction or knowledge of keys, pins, or passwords. Read more