Secure network access is vital for government entities striving to keep their data secure while maintaining its accessibility. Contractors can provide much needed support in subsidizing services, to enhance the systems these government entities have at their disposal.
Forcepoint, formerly Raytheon|Websense, was recently awarded an $8 million contract the Department of Justice, to supply the Federal Bureau of Investigation (FBI) with a means of secure access, using one workstation to access multiple networks. The contract will provide organization-wide support to approximately 55,000 users, mostly members of the FBI.
Currently, the system in place includes two separately functioning infrastructures, which require separate access; however, this can cause delays and the possible compromising of secure access. Instead, one secret piece of IT infrastructure, one workstation, could be used to access both sets of data.
Ward Ponn, Consulting Engineer and Chief Architect for Forcepoint told Homeland Security Today that, “Our Trusted Thin Client solution allows each single endpoint to securely reach back to multiple separate security enclaves such as Unclassified, Secret and Secret REL cloud-based (virtual) desktops which are each hosted in their own infrastructures in the data center.”
Ponn continued, “This architecture removes the need for multiple PCs (and multiple network drops) at the end-user’s workspace, reducing the end-user workstation footprint while inheriting all of the security advantages of VDI desktops (at each connected security enclave).”
This streamlined approach to security will enhance protection by securing the network system and better tracking accessibility. It will also allow the FBI to gain substantial cost savings on hardware, infrastructure—via power and cooling—and system administration, with a shift to a virtual network.
“The Trusted Thin Client endpoint software, a very thin and locked-down SELINUX-based endpoint, communicates with (and through) our Trusted Thin Client Distribution Console, a Red Hat Enterprise Linux 6-based appliance that provides accredited multi-level domain separation, routing, and endpoint management services, over a single high-side network connection/wire,” said Ponn. “This full Trusted Thin Client architecture provides simultaneous access to cloud-based desktops at multiple security enclaves on a single endpoint over a single wire to the desktop.”
This effort is being done in conjunction with theFBI’s Enclave Consolidation Initiative (ECI), the largest enterprise deployment of a multi-level security solution asa full software platform.
Under the direction of the ECI, the FBI is working to diminish their global infrastructure through distribution by reducing unclassified infrastructure on most areas, transferring it to a datacenter. Users will be able to access the new virtual network over an enhanced and secure agency network, enabling functionality without losing security.
“In this environment, users have a VDI desktop for their unclassified computing environment and will not have UNCLASSIFIED network drops in their field offices,” said Ponn. “With this architecture model, they needed a way to print from the Unclassified VDI and have the print jobs come out of a printer that is near them.”
The FBI is not the only organization that has found it necessary to implement such changes. Similar systems have been deployed in other agencies within the intelligence community.
“Trusted Thin Client has been deployed at both the SABI (Secret / Secret Rel / Unclassified) and TSABI (Top Secret + / Secret / Secret Rel) environments by multiple US Intelligence and DOD organizations,” stated Ponn. “Trusted Thin Client has also been deployed within the governments of Australia and Canada.”
This new element of technology being introduced to the FBI complements the other functions of the organization, streamlining technology and further securing data.
“Trusted Thin Client reduces the IT footprint at the end user’s workspace (to include mobile applications), secures and simplifies access to multiple security enclaves and allows each security enclave to benefit from the security and architecture advantages of cloud-based (VDI) computing initiatives,” said Ponn.
