With data breaches and financial losses from identity theft at record levels perhaps it is time that governments and large organisations around the world adopted a trusted systems approach to data security. Sophisticated military and intelligence agencies use labels or markings on data (row or label level security) to protect it from winding up in the wrong hands. This is done because the consequences of data breaches in these types of organisations are so profound. In fact if you read the operational guidelines for these types of organisations they have little choice but to do so.
So why don’t large corporations and regular government departments employ this type of “military strength” data security?
Well, the answer is twofold.
Firstly, a trusted system as we know it is very inflexible because of what is known as the “no write down rule”. What this means is that any document that an individual with for example a top secret security clearance level touches is given a security level of top secret. This makes it difficult for people with a top secret clearance to communicate with people with a lower level security clearance.
Secondly, there has been a very significant performance overhead associated with the implementation of row or label level security, particularly as the security model or regime starts to become complex.
We have managed to resolve these two key problems and have a solution whereby row or label level security in conjunction with a trusted systems approach can be implemented with great flexibility and with negligible performance loss. We have a way of giving a process a “context” to allow people with different security clearances the ability to share information whilst maintaing the dogma of a trusted system. This is the mechanism by which flexibility is created. We have also invented and patented algorithms implementing mandatory access controls that allow row or label level security to be implemented across extremely large databases and complex security regimes with a negligible performance loss. We do this by encoding meaning into the labels so they don’t have to be decoded at the point of execution. What we have is highly performant row level security with great flexibility that is now commercially available to give large organisations the ultimate data security preventative control.
Designing IT Solutions