John Stevenson by John Stevenson | | Blog

Organisations increasingly need to exchange information between trusted and untrusted systems (or domains), to seamlessly support key business processes. Unfortunately, criminals are becoming ever more skilled at penetrating trusted systems from untrusted ones by exploiting the flaws in detection-based defences to implant Malware, and covertly exfiltrate sensitive information.

At the same time, the global pandemic has created unprecedented levels of home working. “Home” cannot be fully trusted and yet the VPN technologies and the detection-based defences we traditionally rely on to ‘connect and protect’ between home and the office are overly complex, error prone and do not scale.

All of which means now is the time to prioritise a cross domain security solution.

What is a Cross Domain Solution?

Some systems handle sensitive information or control highly critical functions (trusted). Others are used by people who either can’t be trusted to handle that information or aren’t qualified to operate those functions (untrusted). That’s no problem if those systems don’t interact, but sometimes business processes need to flow between those two systems. Keeping them separate is good for security but stops business getting done.

A cross domain solution solves the problem of allowing business to flow efficiently between separate systems, while giving the same level of protection as if those systems were kept entirely separate.

Key Characteristics

A cross domain solution needs to provide two main security functions. The first is to stop malware getting into a system. The second is to ensure information which must remain within the system does not escape from it. Often one system is handling highly sensitive information and the other is used by people who cannot be trusted to see it. In such cases, the low trust users must be stopped from introducing malware into the sensitive system and sensitive information must not be passed out to them, even if something malfunctions.

So how does a cross domain solution differ from a firewall or web proxy? Firewalls and web proxies are concerned with controlling the use of protocols to access services on one network from the other, but they do little to control what the protocols are carrying. A cross domain solution needs to control the information that flows in and out of the services using those protocols ensuring the information does not carry malware in, or valuable data out of the trusted system.

Another key characteristic of a cross domain solution is that, simply put, it must not fail. Often it must be subject to third party scrutiny to assure a sceptical system owner, accreditor or regulator that it will protect the trusted system at all costs. So, with the above in mind, where do you turn for advice on how to build a cross domain solution?

Best Practice Guidance

In the UK, the National Cyber Security Centre (NCSC) provides best practice advice and support for the country – public and private sector – on how to mitigate computer security threats. The NCSC’s key guidance is published in patterns and the two patterns that deal with securely moving data across domains are the NCSC Guidance Pattern for Data Import and Data Export.

The patterns describe a series of controls that should be applied to data to provide a high level of assurance that malware can’t be imported into the trusted system and valuable data cannot be exported out of the trusted system, either accidentally or deliberately using concealment.

The patterns are a great starting point for anyone looking to deploy a high assurance cross domain solution, but they do not specify a practical implementation. For that, you need specialist expertise.

Practical Implementation

Deep Secure has been providing cross domain solutions to protect systems for over ten years. It augments and enhances the NCSCs data import and export guidance with a practical implementation that is both comprehensive and cost-effective.


These solutions combine three key technologies that have been developed to mitigate the threats encountered when importing and exporting data. They are Threat Removal, Hardsec Verification, and Policy Enforcement.

Threat Removal

Threat Removal is a technology that uses a three-stage extract-verify-build process to ensure malware cannot get into a system. Firstly, it extracts the business information from the source data and transforms it into simple data structures that can be safely verified. The verified simple data structures are then built into new data for delivery. Threat Removal is a bi-directional solution so has the added benefit of also preventing any covert exfiltration of information.

Hardsec Verification

Verification of data is key to the NCSC import pattern. Deep Secure perform the verification process in hardware devices using Field Programmable Gate Arrays (FPGAs). This approach gives high assurance that the process cannot be modified by an attacker and allows separation of the extract and build stages of Threat Removal, protecting the Build stage with impenetrable hardware and enforcing a one-way flow.

Policy Enforcement

Wrapping the hardware enforced Threat Removal process in Policy Enforcement ensures data can be safely exported using deep content inspection and the most granular policy engine in the world to automate release checks.

Safely Exchanging Information

Taken together, these technologies enable organisations to safely exchange information between untrusted and trusted domains, importing malware-free data and preventing the unwanted export of sensitive information. By deploying them organisations can reduce IT operational costs (the SOC costs associated with trying to identify false positives and negatives). They can increase team productivity as less time and resource is spent on remediation. Finally, by demonstrating adherence to the published NCSC guidance, they can reduce potential impacts in regulated environments.

View all posts