Howto secure business critical data? – Build an effective data export control system!

3 July 2014

In post How to secure business critical data? – U.S. Customs and Border Protection shows the direction! I introduced the Core Data Services Network (CDSN) where business critical data is isolated from the company network.

One-Way traffic sign

Source: Wikipedia

The network connection into the CDSN is implemented as a one-way connection. Except of infrastructure services (e.g. Directory Services) the firewall at Atlanta blocks all outgoing traffic, which makes data theft nearly impossible. For advanced security levels even the infrastructure services should be provided from the CDSN.

Unfortunately, we have to exchange data with the CDSN. Again, the U.S. Government shows the direction by the means of export regulations. For details please see Overview of U.S. Export Control System.

In our case a Core Data Exchange Service (CDXS) is set up inside the CDSN on server Miami Beach. Users of the Atlanta Application Services could copy business data to Miami Beach, but are not authorized to intiate the transfer to Frankfurt from inside the CDSN.

The data from Miami Beach are provided to the users in the Company Network exclusively through the Frankfurt data exchange Services.

CDSN-Overview with CDXS

Core Data Services Network Overview

The data transfer is governed by a process with clearly defined roles and responsibilities. It’s this process that makes the difference. The technology used is standard windows technology, no rocket science!

First of all we have to define an new  role Data Exchange Manager (DXMgr). Only DXMgrs are authorized to copy data from the Miami Beach Core Data Exchange Service to the Frankfurt CDXS. The DXMgrs must never have access to the data as a Data Manager (DMgr) and a DXMgr must never initiate a request for data from the CDSN.

Data Exchange Workflow

Data Exchange Workflow

(1) The DXMgr takes the request for data from an authorized employee (Requester), checks whether the request is valid and (2) forwards the request to an employee with role Data Manager (DMgr).

(3) The DMgr validates the request, connects to the Atlanta Application Services, creates the requested data and copies them to the Requesters write-only inbox on the CDXS at Miami Beach. During this process the data is encrypted with the key of the Requester.

(4) Back in the company network the DMgr sends a notification to the DXMgr. The DXMgr connects to the Frankfurt CDXS, copies the data from the Miami Beach CDXS to the write-only inbox of the requester on the Frankfurt CDXS and deletes the data from Miami Beach.

(5) Finally, the DXMgr notifies the requester to check and empty his inbox on the Frankfurt CDXS.

Sound’s easy, doesn’t it?

This home-made solution, based on standard Windows features like shares, mapped network drives and finegrain acl, is somewhat complex to set up and to maintain. I would recommend to use a secure and user-friendly ad hoc file transfer solution which is easier to manage.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s