Hybrid Cloud & Cross Domain Solutions

To produce a shorter response time at a lower cost while managing risk, entities that work with sensitive information like the Department of Defense (DoD) often seek that middle ground between the use of cloud and on-premises (on-prem) resources. Employing a hybrid cloud approach requires critical alignment when combining cloud and on-prem edge computing. In environments that process sensitive data, such as classified information, striking that balance can lead to challenges. 

Effective use of data involves sharing it with others. Information exchanges often need to occur across varying security domains or classification levels. For example, dissemination of Secret data to users on a Top-Secret network or the sharing of data across programs at the same classification level each involves inherent risks. Thankfully, solutions that support sharing while reducing the associated risk already exist today in cross domain solutions (CDSs).  

CDSs have long been available for on-premises, edge, and even tactical environments. Over the past few years, the same technology has entered the cloud arena, offering an opportunity to address complex sharing requirements via cloud-based cross domain services. Additionally, CDSs offer new ways to interact with the cloud itself. 

Driving hybrid cloud architectures 

CDSs have long been available for on-premises, edge, and even tactical environments. Over the past few years, the same technology has entered the cloud arena.

So, what are some factors to consider when deciding upon a hybrid cloud approach? For one, the source and size of your data can play a pivotal role. Sometimes the size of locally generated data sets arriving from sensor environments could exceed one trillion bytes. Your sensor data may also need to be processed quickly to take actions based on information derived through analysis. Uploading your data to the cloud prior to processing may incur an unacceptable delay when rapid preliminary analysis of the data set is required. Or, if your data sets need to be generated several times a day, your costs could skyrocket thanks to pricey data transfers associated with repeated ingest of large data sets. In this scenario, on-premises data processing may be the way to go; it can rapidly ingest and process large data sets with minimal impact on day-to-day costs while producing artifacts to support your mission needs. 

At the same time, artifacts derived from this data may require additional processing that can be performed with minimum delay and without negative impact to your mission. Offloading this processing to a cloud environment will likely save you costs associated with scaling the on-prem environment to handle any subsequent processing needed. 

What if you’d like to preserve your artifacts for extended periods of time, say 25-50 years? The logistics of creating long-term archival storage are complex. You may opt for the cloud as an appropriate alternative to developing an in-house capability when needing to store data for decades. This approach aligns with the traditional model of tiering storage, meaning hot and warm access tiers versus cold archival storage. On-prem storage resources and technologies, such as high-speed parallel filesystems are supported by the long-term cold storage features available in cloud environments. 

As mentioned, the scalability of workloads within the cloud is an undeniable differentiator when comparing it to on-prem. But what happens when on-prem resources are fully utilized? While high utilization is often desirable as it reflects an accurate anticipation of resources needed for the mission, what do you do when your system hits 100%? Suddenly, shifting your compute workload into the cloud becomes very appealing. You can also tailor this shift of workload based on risk tolerance. Certain mission data sets can remain local while others can move into cloud environments.   

Cross domain: on-premises, at the edge, or in the cloud 

You can tailor a workload based on risk tolerance. Certain mission data sets can remain local while others can move into cloud environments.

While security boundaries exist between on-premises and cloud resources, pre-existing boundaries within those environments also emerge. Boundaries arise between systems and networks at different classification levels in both cloud and on-prem environments. Some cloud environments available to the DoD and affiliated organizations offer secure information sharing capabilities across classification levels by integrating CDSs into the architecture and accompanying service offerings. 

CDSs enable the controlled exchange of data across security boundaries within these environments. Cloud providers offer you a variety of existing cross domain transfer capabilities using evaluated third-party solutions that are also available outside of cloud environments. In addition to transfer capabilities, e.g. file transfers, access solutions can provide a unified, single pane of glass for accessing cloud environment at disparate levels via virtual desktop sessions. 

Cross domain solutions as a service 

If your organization operates in an on-prem environment at a single level and needs to share results with other entities across the DoD at different classifications, it can now employ cloud-based CDSs to transfer data with their counterparts without the need to deploy and maintain local CDSs in their environment. 

If your organization already has a CDS, it can use it to perform cross domain activities locally, uploading the transferred data to the cloud once it passes through the necessary security boundary. For example, a CDS with a purpose-built filtering capability is necessary for securely analyzing data for releasability. Perhaps unsurprisingly, the use of that CDS can be complemented with external, cloud-aware capabilities. Upon egress from the CDS, those capabilities will then route the sanitized data to its correct cloud environment. 

SealingTech develops technology to help you manage the secure movement of single level data between locations using standard protocols such as S3 and traditional file-backed storage. We facilitate a cohesive transfer of data from on-prem to cloud. Combined with on-prem or cloud CDSs, our approach presents the opportunity to create feature parity in environments that have mission needs for on-prem resources with the possibility to reach into the cloud for extending local resources.  

Providing secure information sharing in a hybrid cloud 

SealingTech works with customers facing diverse and unique needs as we continue to advance capabilities in cloud, on-premises, and edge environments. Our Security Enhanced Information Sharing (SEIS) team develops and analyzes solutions within the high-performance computing space. Our team’s high-level expertise in accredited cross domain solutions allows us to create integrated environments for our customers to support complex information sharing across all security boundaries. 

Interested in learning more? Contact our team today.