IT Brief UK - Technology news for CIOs & IT decision-makers
Story image
Unlocking the complexity of managing classified data at scale
Mon, 25th Mar 2024

One of the biggest challenges for Defence and its supply chain is extracting value from their collective stores of sensitive IP and classified data without compromising security. The proliferation of vast (and often mandatorily siloed) data lakes spread across diverse applications, multi-cloud and hybrid environments, and formats has compounded this challenge. 

How do you find a needle in a haystack when it is broken into many parts and distributed across multiple haystacks? More often than not, the answer is you can’t.

For structured data to be truly useful, it must be collated and enriched, facilitating both operational and analytical workloads (ideally at the speed of a machine). Yet, most organisations struggle with amalgamating data from various sources and presenting it in a manner that is secure, segmented, and compliant. 

The stakes are even higher for the Defence and the industry that supports it. Timely information sharing and the flexibility to alter access levels as situations evolve are critical to maintaining effective and timely delivery of Defence capability. This is one of the key outcomes sought through the Defence Strategic Review (DSR). To add to the challenge, defence suppliers must demonstrate compliance with multiple government security regulations or risk massive fines or, worse, lose defence contracts. Under AUKUS, this now extends beyond sovereign governance through to multi-sovereign governance.

To solve the issue of dealing with inhuman amounts of disparate classified data, Policy Orchestration technology has stepped into the security spotlight. These solutions are designed to centrally manage the complex dynamics of data visibility, access and governance, determining who is authorised to see what, when, and for how long across multiple sources of data at once. Zero Trust is driving the urgency and direction of this access governance.

Policy Orchestration, when combined with attribute-based access control (ABAC) technology, offers something unique: the ability to oversee and manage this complex challenge of who gets to see what data in a way that is dynamic and secure. Built on a zero trust architecture, it delivers true data-centric security (DCS).

By leveraging attributes or characteristics associated with users, data, and environment, ABAC enables fine-grained access control. This means that access decisions can be dynamically tailored to each request based on a comprehensive evaluation of the relevant attributes.  This dynamic, data-centric approach is critical in a capability lifecycle management (CLMC) ecosystem as the information and technology fabric that enables this requires a governed flow of information between systems and across users. 

One challenge that has made its way from the world of science fiction to reality is AI technologies, particularly their ability to become conduits for unauthorised data exposure. The simplicity with which an AI system can dig deep into vast stores of data and potentially divulge sensitive information to an inquirer poses a significant risk. AI and related advanced analytics capabilities are proliferating, as they are a key enabler to realise Industry 4.0 models.

Policy Orchestration technology emerges as a critical safeguard in this context, ensuring that data access and sharing are governed by universal security policies regardless of where the data is stored. Such governance mechanisms are not merely beneficial but may soon become mandatory, serving as a cornerstone of cybersecurity insurance requirements. 

As the volume and complexity of sensitive data continue to grow, so will the need for advanced solutions like Policy Orchestration technology to manage it. By enabling precise, policy-based control over data access, visualisation, and sharing, these technologies hold the key to protecting sensitive information in an ever-evolving digital landscape. 

As Defence and industry look to simplify the complexity of data integration and security to accelerate decision-making processes, the importance of investing in sophisticated, policy-driven data security measures becomes critical. In doing so, Defence organisations can ensure that their sensitive data remains protected, compliant, and, most importantly, actionable.