Defense Cyber Security Adapts to a World in Which Data is the New Endpoint

The United States Department of Defense (DOD) is the largest employer in the world with approximately 3.4 million employees. Those employees operate more than four million endpoint devices inside more than 500 cloud initiatives currently underway across the department.

That is a long way of saying the DOD is big, and its challenge to secure those endpoints is even bigger.

The Defense Information Systems Agency has begun creating a solution, the simply named Endpoint Security Solutions (ESS) program, which looks to create an integrated set of capabilities that can “detect, deter, protect and report on cyber threats” across all department networks.

For the DOD to make ESS successful, however, it must consider a new approach to data loss prevention and endpoint security. The widespread adoption of cloud and mobility solutions has redefined the network perimeter, forming a much more complex environment than the one that existed even five years ago.

Moving Away from HBSS

The DOD has been using the Host-Based Security System (HBSS) for more than a decade. This is a suite of commercial-off-the-shelf applications used to protect networks. Where this system struggles, and thus the need to replace it, is the lack of integration among the different components.

While each piece performed its individual job, the parts were not made to work with one another. As a result, there are potential security gaps that could result in unnecessary risk. As the network has shifted to include more mobile and cloud solutions, the security challenge has grown.

As ESS takes root, the DOD needs to incorporate an integrated security platform that extends to the data and application layer, a revision to the department’s traditional defense-in-depth strategy. The department must integrate solutions strategically, ensuring they are interoperable and unified, and work together in a comprehensive, orchestrated manner.

A Change of Thought

The DOD is in the middle of a transition that just about every agency either has faced or soon will. The network today is not static anymore. Employees take and use data that the job requires. That could be at home, a branch office, or in the coffee shop down the street. For the DOD, that often includes hostile locations.

The current constellation of endpoints includes far more than the prototypical desktop computers once found tethered to desks in a government building. Endpoints are nowadays everywhere. In fact, we need to think about data as the new endpoint and modern networks must react as such. The focus needs to be on data protection – where and how data is collected, used, stored, transferred and discarded.

An end-to-end solution will provide visibility into this data lifecycle. These security systems are made up of parts that work together with a focus on interoperability, cohesion and visibility. The goal is simply not to purchase whatever is considered the best-of-breed technology, but look at how that technology truly fits together.

A common analogy is to think of a football team. Put together a team of stars and, even if they are the best at their position, they will struggle against an organized opponent without their own cohesive plan in place.

ESS shows an incredible amount of promise. Once completed, the program will serve as the backbone of defense cyber security for years to come. Defense leaders must look at the complete architecture as they build this system. It is a monumental task to secure more than four million endpoints, but it is one that can be successful with the right approach.

If you found this information useful, you may also enjoy:

• The Defense Information Systems Agency
• DOD: Endpoint Security Solutions