Promoted by archTIS
archTIS zero trust approach to information protection enforces secure collaboration to mitigate information access, collaboration and sharing risks
The Australian Defence Industry is a significant target for foreign and domestic threat actors, who go after high value sovereign capabilities and supply chains. These threats impact not only the large global military integrators, but also Australian Defence Industry SMEs. Additionally, insider threats, those originating from employee and contractor negligence and malicious insiders, are becoming just as big a concern with digital collaboration creating new information security gaps.
There is a critical and urgent need to secure Defence classified information throughout the supply chain to protect Australia’s Sovereign Security, reputation with its partners, and protect the Australian Government’s $200bn investment in Defence capability.
archTIS, a provider of secure information access, collaboration and sharing solutions for government, defence and intelligence agencies and supply chains, is solving this difficult challenge.
Defence information access and collaboration challenges solved
Secure information access, sharing, integration and interoperability are critical for delivering a decision-making advantage to our fighting force, and to enable and strengthen cooperation with our allies and partners. As the Australian Defence Force has limited resources, it must ‘fight smarter’ to obtain and maintain the advantage over its potential adversaries. To fight effectively, Defence needs to excel in how it uses information.
Defence must be able to share sensitive project and tender information with contractors, subcontractors, offshore employees and Defence personnel—all while meeting compliance requirements from multiple jurisdictions and ensuring the information remains secure. However, siloed systems and information assets limit Defence’s ability to share high-value information between platforms and across business functions, thus diminishing its ability to deliver the expected information-driven outcomes. The operational and financial costs of not having the required information sharing capabilities in place are significant.
archTIS’ solves this challenge with Kojensi, a secure by design collaboration platform that enables defence clients to share information and collaborate securely with all stakeholders in the defence process so they are better able to produce new insights into complex issues, improve decision making, generate more accurate forecasts, reduce inefficiencies, and innovate. The platform uses an attribute-based access and control (ABAC) methodology to apply granular access and sharing controls that afford the highest level of data protection, which has earned Kojensi government accreditation to store and share sensitive and PROTECTED information.
“Our mission is to safeguard the world's most sensitive information by providing secure, policy-controlled access to data. Our defence clients rely on us to make sure the terms and conditions they place on who can access, edit and share their information are never breached,” explains archTIS CEO Daniel Lai.
It is no longer just nation-state and external threats that Defence needs to protect against, but insider threats as well. The OAIC reported that data breaches in Australia resulting from human error accounted for 38% of notifications from July-December 2020 alone, up 18% from the previous 6 months. Globally, careless or negligent employees and contractors account for 62% of insider security incidents, costing organizations an average $3.6M AUD annually. Incidents relating to a criminal insider stealing information for reasons such as personal gain and espionage were reported at 23% (2020 Cost of Insider Threats Global Report).
“Insider threats are a key challenge for Defence. archTIS addresses them by implementing policy enforced data access and sharing controls to prevent data theft and misuse. Our methodology has earned us the highest levels of government certification in Australia to safeguard PROTECTED information,” Lai explains.
Moreover, archTIS’ recent acquisition of US-based data security firm Nucleus Cyber provides advanced information protection capabilities across the Microsoft 365 software suite, including Microsoft Exchange, SharePoint, Teams, Yammer and OneDrive, as well as Nutanix Files, Dropbox and Windows file shares. The solution uses the same attribute and policy-based methodology as archTIS to control information access and sharing of sensitive data within Microsoft’s collaboration platforms and other leading file sharing applications.
“Together the archTIS and Nucleus Cyber technologies provide a complete solution to solve our Defence client’s secure collaboration challenges for all levels of data sensitivity no matter where the data is stored,” says Lai.
archTIS uses a zero trust approach to safeguard Defence information
Traditionally, IT security uses an ‘inside out’ methodology, akin to having a hard shell with a soft centre riddled with holes that can be exploited. To get access to information, users have to meet security protocols from their device, through the internet into the business’s network, server, applications and into databases. One of the drawbacks of this approach is each layer has different security controls at different levels, all managed independently, with no relationship or correlation to the other.
“That creates vulnerabilities, because data security might not be the same level as the web security or the device security, and that produces weak points, which is why organizations get hacked,” Lai explains.
By contrast, archTIS has developed attribute-based access control (ABAC) information security protocols. This methodology enforces principles of zero trust architecture at the data layer. It removes the notion of trust from a network so that all users, even those inside the system need to be authenticated to access information.
archTIS evaluates attributes (or characteristics of data and users), rather than roles, to determine access. It uses a data-centric security approach that evaluates each file’s attributes including security classification and permissions, as well as user attributes such as security clearance, time of day, location and device. Users can only get access to the information they are seeking if they can display all the required attributes. These policies also control how and if users can share, edit and/or download files. It helps to ensure that Defence remains compliant with required Australian and International regulations such as the Information Security Manual (ISM) and the International Traffic in Arms Regulations (ITAR).
Lai explains. “Normally users get access to information based on their roles and the group to which they belong. Our way is quite different. It’s based on the attributes that are important about a user, such as their name, nationality, security clearance or the organisation for which they work. We can evaluate attributes about geographic locations, the type of device used, the network, the firewall, router, server and database to determine access rights. By using all of these attributes we ensure only trusted pathways for any digital asset.”
archTIS’ innovative data-centric approach to information security has earned their customers’ trust to safeguard their most sensitive defence information.