The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Department of Defense Looking to Better Label, Control Access to Data

by Chris Brook on Friday July 13, 2018

Contact Us
Free Demo
Chat

The DoD said recently it was "investigating the use of commercial solutions for labeling and controlling access to sensitive information."

The Department of Defense is looking for a little help when it comes to labeling and controlling access to sensitive data on its systems.

Specifically the DoD is looking for a solution that can help the department make "real-time decisions about the classification level of the information and an individual's ability to access, change, delete, receive or forward the information based on the credentials of the sending and/or receiving individual, facility, and system."

A solicitation acknowledging that Dana Deasey, the Department of Defense's Chief Information Officer (DoD CIO) was looking into commercial solutions was added to FedBizOpps.gov, a site that maintains federal procurement solicitations to the public, in late May.

Ars Technica, a technology blog, came across the request for information (RFI) this week and noted it was updated in June with additional answers from the DoD around what exactly its looking for.

 

whitepaper

A Data-Centric Approach to Federal Government Security

In particular the DoD says it’s looking for a “predominantly automated” solution with role-based privileges capabilities to protect information on Microsoft operating systems as it interacts with collaborative software like SharePoint, Outlook, Exchange, and Lync.

It sounds as if the DoD is looking for an organic tool that prevents marking mistakes, inadvertent disclosure or sharing, while preventing unauthorized access. The department stresses the solution adhere to DoD National Security Agency and National Institute of Standards and Technology and have the ability to support up to 25,000+ concurrent users.

“The tool will require the user to ultimately define a security classification marking but might offer suggestions based upon dirty words or internal classification markings. The tool will perform all enforcement functions to prevent unauthorized access,” reads a .PDF, posted June 21.

According to the .PDF, the DoD wants to be able to apply what it calls "security attributes" to non-human readable formats, like binary and machine data, as well, in order for the system to be able to dictate which user can access what.

It makes sense the DoD is floating the idea of better classifying its data. The DoD already has a data classification program to conform to national security needs but it, along with other agencies in the federal space are always looking for new ways to efficiently analyze and safeguard data. An organization's ability to classify its data can be the cornerstone to a successful data security program.

The Pentagon has had issues protecting sensitive data in the past as well. Last fall a researcher discovered a treasure trove of web-monitoring data - 1.8 billion internet posts scraped from social media - belonging to both U.S. Central Command (Centcom) and U.S. Pacific Command (Pacom) on an exposed Amazon server.

Photo via U.S. Army's Flickr photostream, Creative Commons

Tags: Government

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.