George Kamis, chief technology officer for global governments and critical infrastructure at Forcepoint, recently took part in a Q&A session with GovConWire regarding government telework and the importance of multilevel cross domain security.
GoConWire: "Many government agencies are adopting telework, but there are significant challenges associated with secure access to classified networks from a remote location. Cross domain technology is often used in this type of environment along with Commercial Solutions for Classified (CSfC). Can you provide a quick overview of these two enabling technologies?"
"In simplest terms, cross domain solutions enable high assurance connectivity to networks and classification levels that would otherwise be kept separate. They furnish the ability to simultaneously access information and transfer data between these networks or domains. However, users also need to be able to access those domains from anywhere—especially now. Several years ago, the National Security Agency debuted a program called Commercial Solutions for Classified, or CSfC, which approved the use of commercial encryption technology to protect classified information in transit and at rest. Initially, adoption was slow, but CSfC has gained momentum in recent months with social distancing and remote work.
Without this program, accessing multiple domains would require multiple expensive encryption devices. Now, it can be achieved with software, meaning government employees can access classified resources from a single mobile device or laptop. That’s a game changer. In addition, by coupling it with cross domain solutions, like our Trusted Thin Client: Remote, we can afford users the ability to access not just one classified environment but multiple. We also have the widest deployed multilevel device, with over 160,000 terminals positioned worldwide."
GoConWire: Does secure telework become more complicated if users are trying to access multiple domains from a single device?
"No, it actually becomes much easier. This solution is based on a thin client compute model, and all of IT is still maintained at the client location in a server room. No data sits on the endpoint machine, limiting data exposure, as it’s all resident at headquarters. Similar solutions exist, but they require multiple virtual machines to operate, which adds complexity in storing and processing data on the endpoint device. We deploy a very small package in a minimal footprint that can be run on a wide range of devices. All IT resources can be easily managed on the department or agency side as well. There is no need to manage endpoints at people’s remote locations; that would be an IT nightmare."
GoConWire: How do IT pros centrally manage thousands of remote workers in a classified environment?
"Many organizations across the DoD, IC, and DoJ employ the Trusted Thin Client solution. The Remote extension simply secures workers when they are not on their local or wide area network. Some agencies and departments are permitting employees to work one week on, and one week off rotating in two different teams. When employees have their week off, they don’t work at all because they can’t securely access the information they need from home. Our technology changes that. Users can work remotely, and they aren’t required to switch from multiple hardware systems to access the information necessary to perform their jobs."
GoConWire: Can you describe the typical user experience?
"The user experience is first-rate because users can see classified and unclassified domains at the same time; they simply move their mouse to get remote access to sensitive information. They can also see all of their desktops at each classification level. For instance, if someone receives an email message on one of their classified desktops, they just need to move their mouse into the window.
Without a multilevel cross domain solution, the same access would require separate PCs for the classified and unclassified networks. You would have to boot both systems up, log into each, unlock each screen for access, and so on. The ability to utilize a single device for multiple domains is significantly less complicated—especially since remote work appears to be the new normal for the foreseeable future. It’s impractical for every user to have multiple computers and connections. We can also provide this solution for single level access. It is a great solution at the outset, since you can easily expand to a multilevel access solution later."
GoConWire: What is Raise the Bar certification and why is it important to your customers?
"Raise the Bar (RTB) was released by the National Cross Domain Strategy Management Office as a means to increase the security robustness of all cross domain solutions used by the U.S. government. It includes a number of new requirements to strengthen the security posture of cross domain solutions. RTB is imperative because you need a compliant solution to be able to access information at multiple classification levels. Our Trusted Thin Client and Trusted Thin Client: Remote are both RTB-compliant and on the NCDSMO’s CDS reuse or baseline list."
GoConWire: Can you provide a quick overview of Forcepoint's Trusted Thin Client product?
"Forcepoint Trusted Thin Client: Remote and Trusted Thin Client are secure multi-network access solutions. They keep users secure while allowing them to work, regardless of physical location. Trusted Thin Client supports Department of Defense, Intelligence Community, and Department of Justice VDI initiatives by providing robust centralized management for multiple form factors, globally dispersed sites, and thousands of users.
These solutions allow agencies to work with reduced infrastructure, office space, power consumption, and administration—leading to millions of dollars in reduced costs and overhead. Meanwhile, employees can access mission critical resources from anywhere in the world with no trace of data or evidence on the laptop, which is especially important in today’s remote environment.
We have several customers utilizing this technology today, and it is amazing to see it in action. There also many who don’t know that this is currently possible. Once they see it in action, they will immediately recognize the many benefits that it has to offer."