The recent blog post from the Defense Information Systems Agency (DISA) announcing the launch of Defense 365-Sec (DOD365-Sec) proclaims "The 'Secret Is Out" regarding the importance of data-centric security. However, for the vast majority of modern defense organizations, this rising trend is anything but secret. Indeed, defense agencies across the world are actively embracing data-centric security and attribute based access controls (ABAC) to enable zero trust environments and foster secure collaboration across domain boundaries.
DOD365-Sec specifically provides Microsoft 365 capabilities like Outlook, OneDrive and Teams on the classified SIPRNet network. Developed through a partnership between DISA, General Dynamics Information Technology (GDIT) and Microsoft, it allows warfighters to seamlessly communicate, collaborate and share classified data. While Microsoft-centric, it is an important step forward in empowering the modern warfighter with the tools needed to securely share information and complete their mission.
However, DOD365-Sec is just one example of mounting data-centric security innovation. Forward-thinking IT leaders across the U.S. Department of Defense, NATO and allied nations are also working to adopt data-centric security and ABAC controls powered by the Trusted Data Format (TDF). These efforts are aimed at enabling sensitive data sharing across multiple clouds, multiple domains, and multiple country borders without compromising security or privacy controls.
Virtru, for example, is partnering with various U.S. and multi-national defense organizations to bring modern data-centric security to their operations, beyond the scope of just Microsoft products, to include COTS and GOTS mission applications. Virtru's solutions integrate with existing IT infrastructure and enforce granular policy controls based on various attributes tagged to data objects (things like Top Secret, Releasable To, etc) and attributes tagged to authenticated identities (things like security clearance, geography, domain etc).
While DISA should be applauded for their success in deploying DOD365-Sec's classified cloud capabilities, the reality is that data-centric security represents a well known rising tide of innovation for the entire national defense ecosystem, including allied nations, that are not Microsoft-centric.
As adversaries become more sophisticated, data-centric security is imperative to the modern warfighter. Initiatives like DOD365-Sec and Virtru's attribute-based solutions are bringing these capabilities to reality. While early on the journey, the requirements are very clear: national defense organizations demand innovative data protection capabilities that break down barriers and allow warfighters to access and share intelligence seamlessly across all domains. Data-centric security delivers on the promise of enabling teams to collaborate freely to complete their mission, without technology or IT security teams getting in their way.
