Wikipedia defines cross domain solutions (CDS’s) as a ‘necessary evil’. An unflattering comment on an important part of the security fabric, if I ever heard one.
To state the obvious, information isn’t worth much unless it can be shared and acted on. But most meaningful exchanges of information require data to transit domains, and in doing so bring a host of security concerns into play. So any exchange of information involves a measure of risk management. Where the risk is high, like in government models, rigid, format specific cross domain solutions (CDS) are typically used as gatekeepers to let the good stuff pass and stop bad things from happening.
There is certainly an enduring role for this traditional CDS approach. However, given the pace of emerging threats, it’s a good time to rethink the process of building and deploying CDS’s with an eye toward dramatically reducing development costs and time to market. …see Tresys’ new XD Solutions series as an example. It’s also a good time to rethink the approach to cross domain in general…what it means to both government and commercial organizations (especially critical infrastructure) and how the fundamental requirements to protect data can be met in a stronger, more effective manner.
More to come…