3 July 2014
In post How to secure business critical data? – U.S. Customs and Border Protection shows the direction! I introduced the Core Data Services Network (CDSN) where business critical data is isolated from the company network.
The network connection into the CDSN is implemented as a one-way connection. Except of infrastructure services (e.g. Directory Services) the firewall at Atlanta blocks all outgoing traffic, which makes data theft nearly impossible. For advanced security levels even the infrastructure services should be provided from the CDSN.
Unfortunately, we have to exchange data with the CDSN. Again, the U.S. Government shows the direction by the means of export regulations. For details please see Overview of U.S. Export Control System.
In our case a Core Data Exchange Service (CDXS) is set up inside the CDSN on server Miami Beach. Users of the Atlanta Application Services could copy business data to Miami Beach, but are not authorized to intiate the transfer to Frankfurt from inside the CDSN.
The data from Miami Beach are provided to the users in the Company Network exclusively through the Frankfurt data exchange Services.
The data transfer is governed by a process with clearly defined roles and responsibilities. It’s this process that makes the difference. The technology used is standard windows technology, no rocket science!
First of all we have to define an new role Data Exchange Manager (DXMgr). Only DXMgrs are authorized to copy data from the Miami Beach Core Data Exchange Service to the Frankfurt CDXS. The DXMgrs must never have access to the data as a Data Manager (DMgr) and a DXMgr must never initiate a request for data from the CDSN.
(1) The DXMgr takes the request for data from an authorized employee (Requester), checks whether the request is valid and (2) forwards the request to an employee with role Data Manager (DMgr).
(3) The DMgr validates the request, connects to the Atlanta Application Services, creates the requested data and copies them to the Requesters write-only inbox on the CDXS at Miami Beach. During this process the data is encrypted with the key of the Requester.
(4) Back in the company network the DMgr sends a notification to the DXMgr. The DXMgr connects to the Frankfurt CDXS, copies the data from the Miami Beach CDXS to the write-only inbox of the requester on the Frankfurt CDXS and deletes the data from Miami Beach.
(5) Finally, the DXMgr notifies the requester to check and empty his inbox on the Frankfurt CDXS.
Sound’s easy, doesn’t it?
This home-made solution, based on standard Windows features like shares, mapped network drives and finegrain acl, is somewhat complex to set up and to maintain. I would recommend to use a secure and user-friendly ad hoc file transfer solution which is easier to manage.