2. NOT PROTECTIVELY MARKED
Our User...
(let's call him / her Hilary...)
• Deals with multiple protective markings
• could be sensitivities, could be caveats / codewords
• Lives in a Government or List X facility approved for
all the markings involved
• Occasionally needs to distribute data from a marked
input source to one or more differently marked output
destinations
• Occasionally needs to attend meetings in a room
approved for a subset of markings
• Has at least one Security Controller looking after a
codeword who's “a bit of a Jobsworth”...
NOT PROTECTIVELY MARKED
4. NOT PROTECTIVELY MARKED
First thing in the morning...
Traditional Sun Ray
Get Flagstone drives Power on
from safe (1 or 2 drives Insert smartcard
per marking) Enter Sun Ray password
Load into desktops Double-click remote
Power on desktop at each marking
Wait
Unlock drives with
iButtons, passwds
Boot desktops
Wait
Log in to each desktop
Log in to each remote
infrastructure
NOT PROTECTIVELY MARKED
5. NOT PROTECTIVELY MARKED
Moving data...
Traditional Sun Ray
Go to appropriate app Go to appropriate app in
on appropriate desktop window at appropriate
Highlight marking
Save to file Highlight
Cryptographically sign Copy
Copy to media (CD Go to appropriate app in
ROM, <wince> USB stick window at appropriate
</wince>) marking
Mount media on Paste
destination desktop No media to mishandle!
Copy file to destination
Extract data and paste
accordingly
Wipe / destroy media
NOT PROTECTIVELY MARKED
6. NOT PROTECTIVELY MARKED
Going to a meeting...
Traditional Sun Ray
Log out of appropriate Remove smartcard
desktop(s) Go to meeting room
Go to meeting room Insert smartcard
Log into desktops Log into Sun Ray
Re-launch apps etc Resume available
desktop sessions
NOT PROTECTIVELY MARKED
7. NOT PROTECTIVELY MARKED
Before going home...
Traditional Sun Ray
Log out of remote Remove smartcard
sessions on desktops
Shut desktops down
Wait
Remove drives
Put drives back in safe
NOT PROTECTIVELY MARKED
8. NOT PROTECTIVELY MARKED
Interesting?
These scenarios add up to a saving of maybe 20
minutes per day, per user.
Add up all those users.
Add up all those desktops that won't be needed,
too.
Also, consider that any cross-domain data transfer
stays firmly in the system; there's no media, at any
point, to mishandle.
Talk to us.
contact@labelledsecurity.co.uk
NOT PROTECTIVELY MARKED