From a technical standpoint, starting with secure data is a strategic way to map your architecture and decide on technology investments. If data is not secure, then it is impossible to effectively achieve any other guiding principle of the DoD Data Strategy. Security should serve as the essential foundation for meeting all the other goals, of data being interoperable, trustworthy, linked, understandable, accessible, and visible.
A trusted partner to all of the DoD’s military branches, Elastic is a search powered analytics platform that serves as a secure and flexible data mesh, unifying disparate, geographically dispersed data at scale with speed. With Elastic, data becomes a force multiplier, making intelligence actionable for military forces in delayed/disconnected, intermittently connected, low-bandwidth (DDIL) environments.
Protecting and securing DoD data while at rest, in motion, and in use is paramount to the principles stated in the DoD Data Strategy — and a disciplined, Zero Trust approach to data security must span the entire data lifecycle.
Data platforms should provide users with the confidence that data is being protected from attack and misuse, whether that data is being collected at the tactical edge, in flight, or being used for analysis and strategic decision-making. One of the best ways to provide this assurance is by using Federal Information Processing Standards (FIPS) 140-2 approved and validated modules for encryption, hashing, and signing. The Elasticsearch® Platform fully supports encryption using FIPS 140-2 standards throughout the data lifecycle, from data collection and indexing to cross-functional sharing and collaboration at every point along the way.
Only users with the appropriate security credentials should be able to access data, whether it’s coming from local or distributed data sources. The Elasticsearch Platform supports both role-based access controls (RBAC) and attribute-based access controls (ABAC), keeping data searchable to only those with the appropriate permissions. RBAC security permissions are applied locally where the data resides, and administrators can create secure, dynamic data access policies that span domains and cross-functional areas to ensure each role has its own view of only the data that’s relevant and permissible to them.
In some cases, it is imperative to secure data down to the field and document level in order to protect specific data fields with varying classification levels. This kind of cross-sectioning can be used to support ad hoc or task-oriented teams. When that mission is complete, you should have the ability to change the RBAC roles, subsequently removing access to the protected data sets.
Protective mechanisms must be in place for credentialed users to access, share, and export data across the enterprise. The Elasticsearch Platform includes Kibana®, a frontend web UI, that makes searching, building, and displaying dashboards simple and intuitive for non-technical users by point-and-click, drag-and-drop functionalities. Kibana provides a workspacing mechanism, called Spaces, that allows access to data and UI elements (like Security, Observability, and analytics) to be defined by RBAC/ABAC. Visualizations, dashboards, and reports built on only permissible data can be exported and shared via PDF, images, or via an external permalink for Joint All Domain Operations.
Leave a Reply