To learn more visit: http://www.unisys.com/stealth
For years, security involved layering perimeter defenses and physical technology infrastructure that drove up operations and IT costs. But advanced, innovative technologies are driving public sector leaders to step outside the conventional Band-Aid approach. A new breed of public sector security opportunities around software-defined networking has emerged – one that strengthens security and cuts costs. The key – hide all endpoints completely from attackers so there’s no vector to target. There are five ways public sector leaders can increase security and decrease costs:
Cloak your endpoints and go undetectable;
Segment your data center by using communities of interest;
Isolate disparate networks;
Move mission-critical workloads to a more secure cloud;
Convert existing computing devices into secure communications tools.
Powerful Google developer tools for immediate impact! (2023-24 C)
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security AND Decrease Costs
1. Never Compromise Your Mission:
5 Ways to Strengthen Data and Network Security AND Decrease Costs
By Unisys Corporation
Public sector organizations are faced with a significant
challenge managing risk in an environment replete
with sophisticated cyber threats, cost constraints, and
compliance demands. Cost reduction remains top of mind,
but there is little tolerance for any compromise involving IT
security. Meanwhile, with the adoption of mobile devices,
and the increasing velocity of data breach attempts, the
challenge to reduce costs while strengthening security can
seem daunting.
It’s only daunting because public sector leaders have come
to equate increased security with increased cost. For years,
security involved layering perimeter defenses and physical
technology infrastructure that drove up operations and IT
costs. But advanced, innovative technologies are driving
public sector leaders to step outside the conventional
Band-Aid approach. A new breed of public sector security
opportunities around software-defined networking has
emerged – one that strengthens security and cuts costs.
The key – hide all endpoints completely from attackers so
there’s no vector to target.
5 Ways to Increase Security and
Reduce Costs
1. Cloak Your Endpoints and Go Undetectable
Hackers attempt to locate devices on a network by broadcasting
network messages, where even a negative reply can tell
them what they want to know: the IP addresses of systems
they can further probe for vulnerabilities. A cloaking strategy
is based on the idea that by hiding all endpoints completely
from attackers, there’s no vector to target. In order to
accomplish this, a combination of cryptography, VPN
technologies and segmentation tactics are used.
2. 2. Segment Your Data Center by Using
Communities of Interest
4. Move Mission-Critical Workloads to a More
Secure Cloud
Over the past several years, public sector organizations
have reduced infrastructure costs through consolidation and
virtualization strategies. Likewise, data center segmentation
offers an opportunity to reduce security costs. This new
approach allows a simplified, flatter network design, but
provides highly segmented access and visibility permissions.
Mission-critical workloads require both high availability
and high security, and if either one is in question, a new
approach might be required. With today’s solutions, private
clouds can deliver the same availability attributes as a
public cloud except it does so from within your data center,
providing “just in time” resources that can be shared
between COIs but remain secure and isolated from each
other. IT resources are converted into a flexible, metered,
self-provisioned service delivery. By cloaking public cloud
provider servers, public sector organizations can get more
leverage from the cloud while maintaining complete control
of their workloads. Virtual machines should be cloaked
from other tenants in the public cloud and from hackers
attempting to infiltrate the cloud. This enables agencies to
confidently deploy mission-critical workloads in the public
cloud and take advantage of the associated cost savings.
Best practices in data segmentation involve establishing
communities of interest (COIs), in which the users and
devices within each community have finite and predetermined
visibility and access to different servers and applications.
The COI capability, combined with executing very low in
the protocol stack, darkens endpoints on the network, as
if they were undetectable. Agencies can confidently share
mission-critical information with citizens and stakeholders
who need to know by creating secure communities of
interest, allowing them to apply varying levels of security
to specific users. COI access is defined by device or user
identity rather than physical topology. Groups can therefore
share the same physical or virtual network without fear
of another group accessing their data or workstations
and servers.
3. Isolate Disparate Networks
Configuring and maintaining separate physical networks is
prohibitively expensive and difficult to support, and relying
upon telecommunications provider networks cannot assure
security. Public sector organizations must protect local
assets within designated regions while controlling access to
assets from users in geographically dispersed regions. To
do so, agencies need an ability to create a communications
tunnel cloaked from those who are not part of a COI, and
regional isolation creates the effect of cryptographically
isolating each COI member.
2
5. Convert Existing Computing Devices Into
Secure Communications Tools
Comprehensive security features can protect data and
information across any network that employees and
partners choose - LAN, WAN, wireless, 3G, 4G and satellite
networks, public or private. Whether for tactical defense
and intelligence purposes, first responder services, or to
empower any small team with specific and more privileged
access, public sector organizations need a way to quickly
and securely establish secure network connectivity which
can assure continuity of operations. Similarly, to respond
to emergencies, public sector organizations often need to
be able to establish ad-hoc networks quickly, efficiently and
securely. They can adopt an approach akin to COI in a one
that leverages existing COI information to create a secure
tunnel. A customized, dedicated and portable device can
then enable a remote user to boot up and establish a
“clean and secure session” linking back to the public sector
organization’s own network.
3. A Path Forward
About Unisys
Unsurpassed, Cost-effective Security - Without
Network and Application Changes
For more than 130 years, Unisys has led technology
innovations that transform the way governments deliver on
their missions. Through our robust portfolio of security, data
center, end user, and application modernization services,
we deliver a safer and more secure connected world. Our
approach integrates resource and infrastructure security,
creating a highly effective and efficient security environment
and freeing our government client to focus on best serving
citizens. Unisys security solutions are trusted worldwide, in
100+ airports, 1,500 government agencies, 100+ banks,
and countless other organizations that have zero tolerance
for breach.
The Unisys StealthTM Solution Suite offers a unique opportunity
for public sector executives to leverage software-defined
networks for cost control and better security. By rejecting
the past practice of allowing perimeter solution sprawl
and moving on to the best practices described here,
public sector executives can offer both new services and
new layers of security, all while cutting costs. The Unisys
Stealth Solution Suite provides a high level of security
and assurance AES-245 encryption, FIPS 140-2 certified
cryptographic engine, EAL-4+, DoD, NSA Common Criteria
certifications.
The benefits of stronger security are met with equally
attractive cost-and time-saving benefits:
• Deployable on top of existing infrastructure and tools,
integration does not require any network or application
changes in tiered or flat networks.
• Integrates with identity management systems like
Microsoft Active Directory, speeding the creation of COIs
and the ongoing maintenance of their privileges.
• Helps eliminate the need for separate physical networks
for each COI, leased lines, equipment and associated
point solution licenses.
3