Zero Trust Data: A New Capability From The DoD To Enable Secure Information Sharing
Summary
The Department of Defense published a Zero Trust Strategy paper on November 7, 2022, with the stated objective of making data available to warfighters wherever and whenever needed. To protect data located anywhere, the DoD has defined a new Zero Trust Data capability composed of seven components that live at the edge of the network. XQ is the first company to have a commercial product that follows the DoD’s Zero Trust Data framework. XQ has created the industry’s first cost effective CMMC and CUI compliance solution for small businesses using Microsoft 365 Business Premium and AWS S3.
DoD Zero Trust Capabilities
The DoD’s Zero Trust Strategy: A “Warfighter First” Approach To Information Security
The Department of Defense published a Zero Trust Strategy paper on November 7, 2022, with the stated objective of making data available to warfighters wherever and whenever needed. DoD’s new strategy represents a significant change in the approach to protecting classified data, which is typically stored in a secure facility (such as a military base or warship) and only accessed via a secure network. The problem with the current approach to data protection is the volume of data has grown so large due to new high-definition imaging and sensor systems that moving the data from intelligence systems to secure facilities and then out to the warfighter is impossible. Unfortunately, sending raw data directly from intelligence systems to warfighters without any protection is an unacceptable security risk for the DoD.
To protect data that could be located anywhere, the DoD has defined a new Zero Trust Data (ZTD) capability composed of seven features that live at the edge of the network. Unlike secure file sharing where the encrypted data and the encryption key are shared, with ZTD, the encrypted data, the rules to allow access, and the software to enforce policy control live can be executed at any location. Conceptually the DoD has taken the well-proven concept of classified data protection and virtualized it so warfighters can access data wherever and whenever needed. Thus while individual components of ZTD are not new, their packaging as a fully portable capability is a breakthrough in secure information sharing.
XQ Message Is the First Company To Implement DoD’s Zero Trust Data
XQ is the first company to have a Zero Trust Data (ZTD) solution that has all seven components as defined by the DoD as a commercial product. XQ is able to meet the DoD’s ZTD framework via a patented solution that wraps encrypted data (conceptually a secure envelope). A key feature of XQ’s implementation of ZTD is that it is transparent to authorized users and software applications while appearing as an unreadable encrypted file to everyone else. In addition to XQ technical implementation of ZTD another key feature is its usability; all of the mandated ZTD management and monitoring components are visible from a single dashboard.
The following chart lists the Zero Trust Data components and XQ’s implementation:
DoD Zero Trust Data Rules
Zero Trust Data (ZTD) Enables CMMC and CUI Compliance For Small Business
Compliance is a financial burden for all DoD and Federal enterprises however for small vendors it can be especially difficult who often don’t have an IT staff or the budget to create one. XQ has created the industry’s first cost-effective CMMC and CUI compliance solution for small businesses using Microsoft Office Premium and AWS S3 services.
XQ ZTD Based CMMC Level 2 Compliance For Microsoft 365 Business Premium
Email and Files is the primary operational mode for many small businesses and Microsoft 365 Business Premium is already the market leader. XQ’s Zero Trust Data (ZTD) can be added to a small business account within an hour to provide 94 of the 110 requirements to meet Level 2 CMMC compliance.
One of the unique security benefits of XQ’s ZTD implementation is that protected data never leaves the Microsoft Office Premium application; thus, a cyberattacker would have to simultaneously break MS’s Multi-Factor Authentication and XQ’s ZTD to read data. Additionally, small businesses benefit from managing and monitoring regulated emails and files from a single web interface.
XQ ZTD Controlled Unclassified Information (CUI) For AWS S3
XQ has developed the Secure Vault product for small businesses processing data for national security applications where strict Controlled Unclassified Information (CUI) is required. XQ’s Secure Vault is entirely transparent to AWS applications. As data travels from the client's AWS instance into S3 it is transparently encrypted using a key that is only accessible to the client's authorized software applications. Should a cyberattacker gain access to administrative credentials and then exfiltrate data from the customer’s S3 instance, it will appear as an unreadable encrypted file.
One of the unique security benefits of XQ’s ZTD implementation is that protected data can be moved between S3 instances for global load balancing and redundancy while staying in its encrypted state. Subsequently, customers benefit from an extra layer of security in addition to VPN security. Also, the geofencing enables clients to enforce strict CUI so that only AWS instances within the US can access protected data.
XQ enables small businesses to benefit from DoD’s Zero Trust Data (ZTD) security model to help meet the compliance requirements to sell to the DoD at a far lower cost than alternative solutions. Small businesses also benefit by having a CMMC compliance solution that utilizes a security architecture defined by DoD; thus future proofing the solution.
Contact XQ Message to schedule a briefing on its Microsoft 365 Business Premium and AWS S3 ZTD offerings today.
