In my role as a Solution Architect regular readers of this blog will know that this year I’ve been heavily involved in Information Exchange Gateways. I was recently over in Brussels at the European Defence Agency (EDA) headquarters to deliver a final presentation on the IEG work we have done for them. Possibly the biggest challenge that came up in the meeting was around the flexibility required in enabling secure information exchange.
Along with my colleague Neville Smikle, Head of Operations at Nexor, and our German partners at CSC, I was presenting to the member nations of the EDA. We were outlining the IEG Demonstrator that had been developed for them and looking at the issues that had been overcome in its development.
From my experience with this project and the others I’ve been working on recently, each scenario where an organisation wants to set up an information exchange gateway to enable secure sharing of information, ends up with specific factors that they require and these vary from project to project.
Some variations we’ve seen are:
- Protocol variations – for example, different protocols used for simple file exchange;
- Content inspection – the level and depth of content inspection expected;
- Node protection – for example, the number of different anti-virus engines or types of Intrusion Detection/Prevention Systems in use;
- Quarantine – how data that does not meet the security policy is to be handled;
- Cost trade-offs – virtualisation can be used to reduce size, weight and power consumption, but for some customers this can introduce unacceptable hypervisor risks into the system;
- Management integration – whether there is a need to integrate the IEG into a wider protective monitoring environment;
- Accreditation – we have seen differences in the accreditation approach and the emphasis, or otherwise, placed on product evaluations (more on this particular aspect another day);
- Through life support – differing approaches to system longevity, scalability, and adoption of newly discovered security vulnerabilities;
- Rapid reconfiguration – to meet different deployment requirements, there is often a need for rapid reconfiguration of the system to adopt different protocols and security policies.
As such it is very hard to define an exhaustive list of exactly what is needed to implement an IEG – every situation is different, so it is vital that when you are looking at how to build a solution that you have flexibility to meet these different needs.
I’ve briefly covered the issue of flexibility here. The other big challenge that we discussed in Brussels was around getting solutions accredited, so I’ll tackle that in my next post.
In the meantime, if you want to find out more about IEGs and what the hot topics are with them at the moment then take a read of the new Nexor white paper “Information Exchange Gateways: The Evolving Story”.
I’d be interested to hear what your experiences have been, so please get in touch.