• Careers
  • Contact Us

Cyber Security - Next Generation B2B Collaboration in Defence: A New Paradigm

on Wednesday, 28 October 2015.

At VWV we are increasingly asked to consider legal issues relating to IT agreements and cloud computing.

There are plenty of efficiencies and benefits to such software. There are also lots of legal issues, including privacy and data protection issues.

Businesses need to consider the technical requirements for compliance. Our expert guest writer, Robin King from Deep Secure Limited, comments on these in detail below. I just wanted to add an introductory word to emphasise how important this can be.

Not only do businesses need to make sure they are working collaboratively with their suppliers to tackle the technical issues, they also need to consider the legal issues. In particular, we recommend that there are proper indemnities or other risk management wording within the relevant contracts to minimise any potential liabilities.

If you would like more information on the legal issues mentioned in this article, please contact David Worthington.


An expert's view from Robin King at Deep-Secure Limited
Next Generation B2B Collaboration in Defence: A New Paradigm

The entire aerospace and defence industry faces an enormous challenge to reduce cost, accelerate production and deliver more with less. This is forcing a rethink of how platforms are delivered and all major programmes are facing a cost down pressure.

To respond to these challenges the industry as a whole must collaborate more effectively – however the associated risks are considerable. Protecting information assets, ensuring compliance and protecting intellectual property in a multi-supplier environment makes it very difficult to share information quickly and openly.

Organisations such as UKCeB, ADS and TSCP are working hard to address these problems and this is proving a significant challenge.


The Problem

When multiple parties need to share information securely, they invariably do not want to share everything. The prominent difficulty stems from the need to enable sharing in accordance with business rules that dictate what can be shared and to do this in a way that is demonstrably secure and compliant.


Today's Solution

Today there are two common approaches to sharing information:

  • The first approach is to setup a brand new shared environment, typically hosted in a third party environment custom built to the needs of a defence organisation. This can be time consuming, expensive and in itself represents a risk to the information as users have to learn new environments, often new logons and could easily become confused about what data should go where.
  • The second approach is for one of the sharing parties to host an Extranet service – this would typically require identity federation, introduces a security risk for the hosting party and also a support overhead that is less than ideal in a cost down market.

It should be clear that both of these approaches carry cost, complexity and risk for all participating organisations.
 

The New Paradigm – Beyond Federated Identity to Federated Information

Even with a fully federated identity infrastructure, the reality is that there will always be a level of exposure when bringing federated users into a network. The main issues are:

  • Do we trust the source organisation?
  • Do we trust our partner to control their employees?
  • Do we trust our partner to manage leavers and starters?
  • What other services might we inadvertantly expose to these users inadvertently?
  • How does this impact our compliance position?
  • What are the legal implications?

Thus, federated identity is not enough – it is necessary to exert control over the way identity is used to access information. For those organisations that have invested in collaboration platforms, such as Microsoft SharePoint, a new approach is available. It is now possible to implement a federated information connector between distinct SharePoint environments. Information is securely exchanged between SharePoint environments under pre-defined business rules allowing sharing parties to continue to use their own environments independently to share information.

With this approach information can be shared securely and processed in accordance with policies that can provide strict control over the exchange of information, to include the ability to ensure compliance with export control regulations, protect IPR and to ensure adequate management of externally sensitive information.


Deep-Secure

Deep-Secure’s high assurance cyber security products form an integral part of the information federation solution. Delivered through a modular, multi-protocol assured product set, the guards enable the sharing of information securely and efficiently and provide assurance that information is exchanged in confidence and with integrity preserved.

As the adoption of cloud services proliferate, this passes new risks to organisations that need to now protect new security boundaries they had not previously considered. The ability for security architectures to be adapted to, and adopted by, cloud providers is essential and Deep-Secure are working in innovative new ways to map the old ways to the new paradigms.

If you would like more information on this technical area, please contact Robin King, CEO of Deep Secure Limited.

Leave a comment

You are commenting as guest.