By: Alkarim Amlani, Director of Cyber Programs, General Dynamics Mission Systems–Canada

There has been much discussion recently about migrating the networks of the Department of National Defence (DND) to the cloud. As with any discussion on evolving technologies, cyber security tops the list of concerns.

In a previous blog on the topic, Cybersecurity: Defence and the Cloud, we covered the challenges of migrating government level infrastructure to the cloud. In this post, we will dig a little deeper and articulate how a focus on data-centric security is table stakes for command and control applications that are deployed onto a secret cloud. 

More Than Just Data Protection
There are legitimate security challenges considering how a cloud of this nature will house some of the DND’s most sensitive data. Beyond the built-in complexity of securing this cloud environment, there are a number of other concerns regarding access, usability, and operational relevance. For example, information this critical demands a secret level cloud, which is no easy feat in itself. There is also the challenge of ensuring the cloud is accessible by soldiers of different security levels, in a variety of geographical locations, who are accessing data from numerous types of devices, to be used in a myriad of different ways - in some cases for the same mission goals.

Data-Centric Security: Data Protection Beyond Boundaries
Basic cloud security essentially guards a defined perimeter. The problem with that, is data travels. Particularly in the dynamic environment of defence. There are no tangible boundaries when data is collected from sensors on ships, planes and even satellites. Then sent to analysts and decision makers by various command and control applications, and is eventually disseminated to the dismounted soldier. 

A cloud that will support the Department of National Defence requires a data-centric solution. Unlike the traditional infrastructure-focused security measures employed by many cloud providers, data-centric security protects data wherever it is, in any form, and at any time.

Data Protection Across Security Levels
Data-centric cloud security isn’t new and there are cloud providers that offer out-of-the-box capabilities to address it. The unique nature of a secret level cloud, however, requires an even more robust solution than basic tagging, storing, and access controls. 

First and foremost, The C2 workloads used during missions will operate at different security levels. Multi-level security technology is necessary to continually identify each user’s credentials and determine what data they can access, what they can do with that data, and to what extent they can share it. This is a process that must recur with every user, for every piece of data, every time. Even though there will be tens of thousands of users and an ever-growing amount of data, this process needs to happen almost instantaneously.

Put Artificial Intelligence and Machine Learning to Work
Security needs to operate at the speed of the mission. Data simply cannot be locked down or constrained by the cloud to the point that it slows down operations. Developing automations to allow complex access control in real-time is just the foundation. 

It’s time to harness the power of artificial intelligence (AI) and machine learning (ML) and deploy them into service for the cloud. Cloud security is ever evolving, which makes it work seamlessly with AI. As situations are generated by more users the system is able to learn, evolve, and improve defences autonomously.

Designed for the End Users
Artificial Intelligence and machine learning will be essential for more than just access control. Another major consideration for the cloud is how users actually access the data. Commanders, analysts, and soldiers will use a large number of workloads, or applications on the cloud to complete their portions of the mission. The data used to populate these workloads must be located, accessed, analyzed, and visualized before making its way to be displayed and used within the workload. AI can enable this complex process to take place in near real-time.  

General Dynamics Mission Systems–Canada 
At General Dynamics, we’ve been protecting the nation’s most critical data for over 30 years and are uniquely positioned to help facilitate the migration of the Department of National Defence operations to a secure cloud environment. 

We have developed, fielded, and evolved trusted capabilities for identity access management and multi-level security and are actively investing in AI and ML technologies for future use. We know the importance of developing Canadian sovereign solutions, built in Canada for Canadians, and we’re proud to be a part of the country’s commitment to cyber security and cyber defence advancement and innovation.