A cross domain gateway is used to protect your business when moving files internally and externally. Whilst they have been a trusted solution for years, they are no longer suitable for every scenario.

 For those who may not know, a Cerberus is a multi-headed dog, guarding the entrance to the underworld in Greek mythology, where the three heads were believed to represent past, present, and future or birth, youth, and old age.

 So, I know you’re thinking, what does this have to do with Cross Domain Gateways?  Bear with me.

What are the benefits of a cross domain gateway?

Cross Domain Gateways are very good at doing one thing really well - using a policy to define how data from a particular source is checked for malware, sensitive words, and other security issues, so that only 'clean' data gets to the desired destination. Cross Domain Solutions have been doing this for many years, and have become very good at it.

 However, a little while ago at DSEI, I had a couple of conversations with senior cyber security people who expressed a desire to 'do away with gateways'.  I appreciate that this statement is a little for effect, but I do understand the sentiment, as current Cross Domain Solutions (CDS) can tend to be one dimensional.

What are the weaknesses of a cross domain gateway?

The main weakness of a Cross Domain Gateway is that we’re moving away from that world of simply checking for security issues, to one that requires several additional features and use cases:

• Implement Data Centric Security (DCS) checks before allowing data in or out;

• Identify a point where we check for trust within a Zero Trust (ZT) architecture, such as a certificate, provenance, or trusted source.

• Provide the ability to check code created on the low side and deployed on the high side

 Using the current approach, to do the above, you may need to deploy many standalone approaches that don't talk to each other, and where data coming into a particular gateway needs to have DCS, ZT or other attributes so it can be checked.

 But what if that 'gateway' was a Cerberus, with the ability to oversee multiple security models at the same time, recognising the attributes of each piece of data as it arrives and a dynamic policy applying the right checks based upon the relevant security model on the fly. In effect, a Policy Defined and Software Defined Gateway.

What are the benefits of a Software Defined Gateway?

The biggest benefit of this approach is that it enables the transition from one CDS Security Model to another over a period of time.  An example of this would be transitioning from today’s approach of performing deep content inspection on all content, to utilising trusted certificates or Data Centric Security (DCS) labelling as those approaches are adopted.  So, rather than acquiring standalone appliances or applications for each Security Model, a ‘Cerberus’ would allow your CDS approach to evolve, implementing incremental Security Models, policies, and filter modules to do the relevant checking.

Nexor’s Software Defined Gateway

The Cerberus I describe above is Nexor Protean, our new high assurance Software Defined Gateway. Given it is available now, you can implement a Cross Domain Solution that complies with NCSC Principles today and evolve it as you start to implement Zero Trust, Data Centric Security, and other approaches over time. In effect, a Cross Domain Solution for past, present, and future.

 Why not give us a call, we would be happy to develop your plan with you.