Multidomain Architecture Strategic Definitions: Part One of Multidomain Architectures, the IT Manhattan Project, and Delivering the “Real” Zero Trust

March 23, 2022 | 194 views

Federal IT environments
“Belonging to the essential nature of a thing; originating and included wholly within an organ or part.” That is the definition of “Intrinsic.” When we were developing the “IT Manhattan Project” framework, we were doing so in direct response to some of the most significant hacks in U.S. Federal history, which piled on to the already unprecedented push to expedite the modernizing of federal IT because of the COVID-19 response. The COVID-19 response shifted the way that the U.S. federal government operated, where our workforce worked from, the immediate need for mobile ‘available from anywhere’ workloads, and how to both secure and support that new way of doing federal business. A new, vigorous push towards rapidly modernizing federal IT environments was underway. Ultimately, it laid the groundwork for producing transformational federal memos and oversight by way of some of the following:

  • Executive Order 14028: “Improving The Nation’s Cybersecurity”
  • M-22-09: OMB’s Zero Trust Strategy M-22-09
  • NIST 800-53rev5: Fulfilling an expedited realization of the overall intent of NIST 800-53r5 through the emphasis on things like conditional access, TIC 3.0 frameworks, Secure Orchestration/Automation/Remediation, and modernized, agile approaches to secure micro-segmentation from Hybrid Environments up to Federal Cloud instances

Overall mandates like these carry with them a consistent anthem driving at rapid IT modernization with rigorous proof of performance schedules attached. Piling on top of those Herculean efforts, the urgency was drastically increased by several of the highest profile cyber compromises in U.S. federal history. Rapid modernization had to happen right away. The time for IT transformation was here, backed by promises of significant funding and a high level of political visibility.


The Shift to Zero Trust

At their core intent, Zero Trust architectures are expected to provide a centralized policy structure that dictates how every individual flow in our IT environments are permitted to talk.  No user, host, or flow is permitted without being subjected to rigorous authentication and authorization policy. This shifts our previous understanding of North-South, East-West traffic and how we police it. The foundational intent of Zero Trust architectures centers around applying unified policy to every transaction that occurs between enterprise resources, and doing so in ways that are agnostic to the IT Silo that they reside in.

Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location.”

NIST 800-207 aptly

They go on to explain that the scope of this posture includes all assets, workflows, network accounts, and the like. In summary, police everything, abstract production traffic intent from the underlying infrastructure that supports it, and institute a unified security posture to execute the policing at every network entry point. Regardless of the domain. We all know that this is a tectonic but much-needed shift in our industry. I’d go so far as to say that the successful instantiation of this approach across Federal IT environments is critical to our national security going forward.

Management Complexities

Enterprise IT domains contain varied mixtures of OEM solutions, home-grown tools, and utilize a wide variety of protocols to intercommunicate that aren’t necessarily standardize. Each of these domains is normally managed by separate IT teams who specialize in maintaining those environments. In the federal landscape, each of these domains aren’t just managed by separate enterprise IT teams, but are commonly managed by different contractors. Therefore, IT security organizations have a difficult time achieving and maintaining the necessary operational awareness required to enforce centralized policy. These cultural complexities exacerbated by budgeting concerns have created a fatalistic mentality when it comes to far-reaching mandates. This is where the tectonic shift in architectural and administrative approach is so necessary. This is where multidomain architectures shine.

Let’s define a common baseline of enterprise domains seen across traditional IT environments:

  • Cloud
  • Data Center
  • Enterprise Networking
  • Extended Enterprise (IoT, OT/ICS)
  • Remote Access

But to deliver a successful Zero Trust across the enterprise, it is first necessary to understand some foundational building blocks on which to construct our architectural approach:

  • We can’t have MULTIDOMAIN POLICY without first achieving fuller
  • We can’t deliver macro and micro-segmentation without first having robust MULTIDOMAIN
  • We can’t have multi-vendor MULTIDOMAIN Zero Trust POLICY without sensical INTEGRATIONS to stitch each enterprise domain together.

Let’s face it, enterprise IT environments don’t simply include infrastructure from a single manufacturer, or even a few key manufacturers. Rather, our Enterprise IT environments are represented by a plethora of IT manufacturers specializing in different niches of IT and the domains they are commonly found in. These environments are managed by different Federal IT organizations, different contractors who support these Federal IT organizations, and many different teams that support each common IT silo. Different teams that support oft-compartmentalized areas like Network Security Operations, Network Operations, Data Center Operations, Institutional Services, Wide Area Networking contracts, Operational Technologies, and dotted lines to different leadership oversight like CIO Programs, CTO Architecture, the Cyber Security Office, and the audit oversight bodies that they are subjected to. Each of these make up a complex support structure that isn’t necessarily streamlined for efficiency.

Summary and Overarching Goals

In articles to follow, you’ll see us referencing the IT Manhattan Project framework several times. Though many details of the framework can’t be discussed due to their sensitivity, the foundational principles are relevant across the board when pursuing intrinsic multidomain Zero Trust.

  • Establish Visibility (Administration, Telemetry, Assurance)
  • Define Straightforward Policy Structure and Hierarchy (Auth Chains)
  • Perform Multidomain Integrations (API Integrations)
  • Deploy Software-Defined Framework (Day-0, Programmable Fabrics, Multi-OEM Fabric Integrations)
  • Establish Sensical Automation Runbooks (Day-2 Operations)

We will also explore some areas that deliver unexpected value to the agency business in immediate ways. All of this will help create a cohesive story that helps CIOs, CISOs, and enterprise architects alike communicate the criticality of this multidomain Zero Trust approach to agency leaders across the federal spectrum.

Spotlight

Multnomah County Drainage District

MCDD's mission is to enhance community safety and support the region’s vitality by reducing flood risk, maintaining our levee system, managing drainage, and responding to emergencies.

OTHER ARTICLES

How Can State and Local Agencies Better Collaborate on Cybersecurity?

Article | May 26, 2021

Some state governments, such as Massachusetts, have established formal plans to work with localities within their states on cybersecurity. However, as ransomware attacks proliferate across the country and strike big cities and small towns alike, state-level organizations say there needs to be greater IT security coordination between states and municipalities. Last month, the National Governors Association and the National Association of State Chief Information Officers released a report, “Stronger Together: State and Local Cybersecurity Collaboration,” designed to showcase best practices for such collaboration.

Read More

Bill Offers $400M for State, Local Government Cybersecurity

Article | April 14, 2021

With state and local governments beset by a precipitous rise in cyberattacks, new federal legislation might provide some necessary cover where needed. The State and Local Cybersecurity Improvement Act would create a grant program worth $400 million to finance cybersecurity efforts in communities across the country, according to a release. Eligible communities would be able to apply for funds, provided through the Department of Homeland Security, which would be allocated to assist in areas like vulnerability scanning and testing, cyberworkforce development and intelligence sharing, according to the bill text.

Read More

U.S. Air Force and Microsoft partner to empower airmen with modern IT

Article | May 27, 2021

The U.S. Air Force is breaking the glass as a leader in harnessing the power of cloud, rapidly rolling out modern services to enable airmen to advance the mission through more effective collaboration. As part of their digital transformation journey to achieve global access, persistence, and awareness for the 21st century, the U.S. Air Force is deploying targeted workloads that allow airmen to focus on their missions rather than spending time managing IT infrastructure.

Read More

How 3 U.S. government agencies use Smartsheet to achieve their missions

Article | February 10, 2020

Federal government agencies use Smartsheet Gov, a work execution platform designed especially for government agencies, to make work processes more speedy and effective, empower their workers to have higher visibility into information and metrics, and ultimately achieve more. Federal agencies are looking for ways to drive efficiencies, break down silos, reduce costs, and ultimately to achieve their missions. Read on to learn from three organizations about how the Smartsheet Gov platform helps them manage information, projects, programs, and processes.

Read More

Spotlight

Multnomah County Drainage District

MCDD's mission is to enhance community safety and support the region’s vitality by reducing flood risk, maintaining our levee system, managing drainage, and responding to emergencies.

Related News

EMERGING TECHNOLOGY,CYBERSECURITY

FedRAMP Data Security Authorization for InfoBlox’s BloxOne Threat Defense Federal Cloud

Infoblox | January 30, 2023

Leading cloud-first DNS management and security provider, Infoblox Inc., recently announced the U.S. Government FedRAMP Moderate Authorization for its BloxOne® Threat Defense Federal Cloud offering. This authorization allows organizations to operate their SaaS platforms with greater confidentiality, operational security, availability and integrity. The Infoblox BloxOne Threat Defense Federal Cloud is a part of BloxOne Threat Defense, which combines Cloud Services Portal (CSP), Dossier threat investigation platform, and Infoblox's Threat Intel Data Exchange (TIDE) to help public sector organizations scale and simplify security from the network core to the edge. Security analysts can investigate, and contextually rank threat events 3X faster with Infoblox's technology. Additionally, it gives them access to carefully curated and thorough threat intelligence, which they can incorporate into their current security technologies for network-wide protection. The U.S. Census Bureau sponsored the authorization. Infoblox team closely worked with FedRAMP Program Management Office to meet FedRAMP’s stringent guidelines for data security. The BloxOne Threat Defense Federal Cloud is compliant with FedRAMP’s security standards above the NIST SP 800-53 framework; this allows Infoblox to obtain digital transformation projects of federal agencies. Ralph Havens, President of Infloblox Federal, said, "Achieving FedRAMP authorization shows Infoblox's commitment to helping federal agencies digitally transform and secure cloud-first environments." He further added, "In reaching this significant milestone, we are delighted to now offer our federal customers a robust network security platform to augment our nation's cyber defenses against unrelenting security attacks from adversaries who wish to do us harm." (Source – CISION) About Infoblox Infoblox is a cloud-first networking and cybersecurity services provider. Its solutions enable businesses to make the most of their existing infrastructure investments and fully utilize the cloud to provide universally simple, scalable, and dependable network experiences. The Infoblox BloxOne® and NIOS systems are available on-premises and via SaaS, it lets operations teams standardize, accelerate and automate the delivery of cloud-native and data center network and security services from a single location.

Read More

EMERGING TECHNOLOGY,CYBERSECURITY

Avenu Completes Acquisition of Government Payment Solutions Provider, Interware

Avenu Insights & Analytics | January 20, 2023

In a recent announcement, Avenu Insights & Analytics, a firm specializing in administration and revenue enhancement solutions for governments, has acquired Interware Development Company Inc, a cloud-based payment solutions provider for local governments. Interware's industry-leading payment processing solutions offer Avenu's existing customers a new, centralized payment platform. Avenu and Interware will jointly deliver software and services that boost government capabilities and enhance the overall citizen experience. The state and local governments will be able to collect permitting and licensing, utilities and tax revenue more efficiently through this integrated platform. Interware's dynamic payment solutions, combined with Avenu's advanced sales & marketing framework helps bring together existing third-party payment processing providers. This results in an optimized and uniform level of service which transforms the government's ability to tackle the rapid rise in workflow processes that restricts staff productivity and resources, ultimately affecting efficiency. With shared resources and an integrated strategy, the combined company will be able to offer its customers more services and greater technical expertise. Paul Colangelo, CEO of Avenu, said, "Governments are seeing an increasing need for an integrated payment solution software offering to streamline their administrative and budget activities and automate workflow processes." He adds, "The combination of Avenu and Interware will provide governments with a centralized solution to maximize their efficiency while shaping a more robust citizen experience." (Source – Business Wire) About Avenu Insights & Analytics Founded in 1978 and headquartered in Centreville (Virginia), Avenu Insights & Analytics offers a broad range of solutions and services to more than 3,000 local and state government clients across the country. The company's services include Clearview Pension Administration Solution (CPAS) - the first ISO 9001 registered pension software, IT project management, compliance auditing, tax administration, and much more. Avenu delivers software solutions that digitally transform government customers by providing online access to records, modernizing processes, and lowering costs.

Read More

CYBERSECURITY

NASPO Adds Fidelis Cybersecurity Platforms to Its ValuePoint Contracts

Fidelis Cybersecurity | February 02, 2023

National Association of State Procurement Officials (NASPO), has recently added Fidelis Cybersecurity platforms to its existing ValuePoint contracts with Carahsoft Technology Corporation, providing cyber defense solutions to associated Education institutions, States, and Local Governments. Its integrated cloud security platform helps customers delve deeper into their digital environments, detect, and respond to threats faster, improve threat detection, enable continuous risk assessment, and ensure compliance and security. Alex Whitworth, Sales Director leading the Fidelis team at Carahsoft, said, “The addition of Fidelis’ platforms to this contract creates new opportunities for NASPO members to protect their critical operations and safeguard sensitive Government data. “Fidelis’ cybersecurity solutions exceed standard threat protection by enabling proactive cyber defense across cloud environments and on-premises. We look forward to working with Fidelis and our reseller partners to make it easier for our joint customers to acquire this advanced technology.” (Source – Business Wire) Dale McCloskey, Senior Vice President, Federal Sales at Fidelis Cybersecurity, said, “Universities and State and Local agencies are under a continuous barrage of attacks. We are excited to expand our partnership with Carahsoft and enable NASPO’s State and Local agency and higher education customers to shift to proactive cyber defense with integrated Deception, XDR and cloud security and compliance platforms to better protect their hybrid environments from advanced threat actors.” (Source – Business Wire) About Fidelis Cybersecurity Fidelis Cybersecurity is a cyber defense provider for modern IT, serving cyber threat detection, withdrawal, response, compliance, and cloud security. It offers dynamic cyber terrain mapping, multi-facet context, and risk assessment. It reduces attackable surfaces, threat detection, incident response, and automated exposure prevention, providing professionals with context, speed, accuracy, and portability security to the top government agencies, enterprises and commercials that trust it globally. In addition, it secures production assets from adversaries with decoys, countering ongoing attacks and gathering intelligence to prepare for future attacks.

Read More

EMERGING TECHNOLOGY,CYBERSECURITY

FedRAMP Data Security Authorization for InfoBlox’s BloxOne Threat Defense Federal Cloud

Infoblox | January 30, 2023

Leading cloud-first DNS management and security provider, Infoblox Inc., recently announced the U.S. Government FedRAMP Moderate Authorization for its BloxOne® Threat Defense Federal Cloud offering. This authorization allows organizations to operate their SaaS platforms with greater confidentiality, operational security, availability and integrity. The Infoblox BloxOne Threat Defense Federal Cloud is a part of BloxOne Threat Defense, which combines Cloud Services Portal (CSP), Dossier threat investigation platform, and Infoblox's Threat Intel Data Exchange (TIDE) to help public sector organizations scale and simplify security from the network core to the edge. Security analysts can investigate, and contextually rank threat events 3X faster with Infoblox's technology. Additionally, it gives them access to carefully curated and thorough threat intelligence, which they can incorporate into their current security technologies for network-wide protection. The U.S. Census Bureau sponsored the authorization. Infoblox team closely worked with FedRAMP Program Management Office to meet FedRAMP’s stringent guidelines for data security. The BloxOne Threat Defense Federal Cloud is compliant with FedRAMP’s security standards above the NIST SP 800-53 framework; this allows Infoblox to obtain digital transformation projects of federal agencies. Ralph Havens, President of Infloblox Federal, said, "Achieving FedRAMP authorization shows Infoblox's commitment to helping federal agencies digitally transform and secure cloud-first environments." He further added, "In reaching this significant milestone, we are delighted to now offer our federal customers a robust network security platform to augment our nation's cyber defenses against unrelenting security attacks from adversaries who wish to do us harm." (Source – CISION) About Infoblox Infoblox is a cloud-first networking and cybersecurity services provider. Its solutions enable businesses to make the most of their existing infrastructure investments and fully utilize the cloud to provide universally simple, scalable, and dependable network experiences. The Infoblox BloxOne® and NIOS systems are available on-premises and via SaaS, it lets operations teams standardize, accelerate and automate the delivery of cloud-native and data center network and security services from a single location.

Read More

EMERGING TECHNOLOGY,CYBERSECURITY

Avenu Completes Acquisition of Government Payment Solutions Provider, Interware

Avenu Insights & Analytics | January 20, 2023

In a recent announcement, Avenu Insights & Analytics, a firm specializing in administration and revenue enhancement solutions for governments, has acquired Interware Development Company Inc, a cloud-based payment solutions provider for local governments. Interware's industry-leading payment processing solutions offer Avenu's existing customers a new, centralized payment platform. Avenu and Interware will jointly deliver software and services that boost government capabilities and enhance the overall citizen experience. The state and local governments will be able to collect permitting and licensing, utilities and tax revenue more efficiently through this integrated platform. Interware's dynamic payment solutions, combined with Avenu's advanced sales & marketing framework helps bring together existing third-party payment processing providers. This results in an optimized and uniform level of service which transforms the government's ability to tackle the rapid rise in workflow processes that restricts staff productivity and resources, ultimately affecting efficiency. With shared resources and an integrated strategy, the combined company will be able to offer its customers more services and greater technical expertise. Paul Colangelo, CEO of Avenu, said, "Governments are seeing an increasing need for an integrated payment solution software offering to streamline their administrative and budget activities and automate workflow processes." He adds, "The combination of Avenu and Interware will provide governments with a centralized solution to maximize their efficiency while shaping a more robust citizen experience." (Source – Business Wire) About Avenu Insights & Analytics Founded in 1978 and headquartered in Centreville (Virginia), Avenu Insights & Analytics offers a broad range of solutions and services to more than 3,000 local and state government clients across the country. The company's services include Clearview Pension Administration Solution (CPAS) - the first ISO 9001 registered pension software, IT project management, compliance auditing, tax administration, and much more. Avenu delivers software solutions that digitally transform government customers by providing online access to records, modernizing processes, and lowering costs.

Read More

CYBERSECURITY

NASPO Adds Fidelis Cybersecurity Platforms to Its ValuePoint Contracts

Fidelis Cybersecurity | February 02, 2023

National Association of State Procurement Officials (NASPO), has recently added Fidelis Cybersecurity platforms to its existing ValuePoint contracts with Carahsoft Technology Corporation, providing cyber defense solutions to associated Education institutions, States, and Local Governments. Its integrated cloud security platform helps customers delve deeper into their digital environments, detect, and respond to threats faster, improve threat detection, enable continuous risk assessment, and ensure compliance and security. Alex Whitworth, Sales Director leading the Fidelis team at Carahsoft, said, “The addition of Fidelis’ platforms to this contract creates new opportunities for NASPO members to protect their critical operations and safeguard sensitive Government data. “Fidelis’ cybersecurity solutions exceed standard threat protection by enabling proactive cyber defense across cloud environments and on-premises. We look forward to working with Fidelis and our reseller partners to make it easier for our joint customers to acquire this advanced technology.” (Source – Business Wire) Dale McCloskey, Senior Vice President, Federal Sales at Fidelis Cybersecurity, said, “Universities and State and Local agencies are under a continuous barrage of attacks. We are excited to expand our partnership with Carahsoft and enable NASPO’s State and Local agency and higher education customers to shift to proactive cyber defense with integrated Deception, XDR and cloud security and compliance platforms to better protect their hybrid environments from advanced threat actors.” (Source – Business Wire) About Fidelis Cybersecurity Fidelis Cybersecurity is a cyber defense provider for modern IT, serving cyber threat detection, withdrawal, response, compliance, and cloud security. It offers dynamic cyber terrain mapping, multi-facet context, and risk assessment. It reduces attackable surfaces, threat detection, incident response, and automated exposure prevention, providing professionals with context, speed, accuracy, and portability security to the top government agencies, enterprises and commercials that trust it globally. In addition, it secures production assets from adversaries with decoys, countering ongoing attacks and gathering intelligence to prepare for future attacks.

Read More

Events