The rollout of Symmetrium ensures the highly confidential data reserve members access remotely never leaves the security of the agency’s network and therefore never resides on external devices.
Allowing access to confidential information to empower collaboration and data sharing forced a major rethink by a defense agency in Israel. This was not a problem for its full-time staff, who were only authorized to view this data securely from within the organizational IT network through approved and authorized devices. The big concern was how it could guarantee the same levels of security when giving access to its reserve members, which numbered in the tens of thousands and used their own private devices.
These reserves are in essence third-party contractors that routinely require access to confidential data and systems within the defense agency’s IT network. Third-party vendors are known as the weakest link in enterprise security, and these reserve members were identified as a significant vulnerability.
Vulnerability Due to Use of Non-Secure Instant Messaging Apps
While most of the agency’s communication is already digital, access to confidential data for reserves was restricted to physical access. This is because it had no solution to maintain its security posture when dealing with reserve members accessing network data using their own devices. Each reserve member is a private individual who from time to time is called to be a part of the agency’s activities. They have their own private device and these are often managed by their employer. Supplying each reservist with a secure and approved device was not practical from a logistical perspective.
The result was that reserve commanders were communicating with their peers and soldiers over open instant messaging apps without taking into account the confidentiality and security requirements of the defense agency.
A solution was required that allowed the defense agency to seamlessly manage third-party access in a Bring Your Own Device environment allowing reservists to:
- Access a secured data sharing system
- Seamlessly comply with all confidential data requirements
- Collaborate in a zero-trust digital environment
- Create a total separation between their virtual workspace and their personal device
Creating a Minimum-Resources Mobile Management Environment
Symmetrium was the ideal solution as it does not rely on the user profile, device, network or hardware to make sure that the confidentiality of military data is maintained in line with national security requirements.
It sits protected within the perimeter of an organization’s network, adhering to all existing enterprise network security protocols. It can be fully on-prem or in the cloud — the organization decides where. The Symmetrium server is managed from here via a control panel that creates virtual mobile devices (VMDs) as needed.
These VMDs are hosted on a second Symmetrium server, again deployed inside the organization’s network, which uses P2P encrypted streaming to allow authorized external devices to view data via a portal. This view-only data never leaves the protected organizational network and therefore is never transferred to an external device. This ensures the data at all times remains secure. This helps to reduce and minimize the attack surface, because the assets are not publicly accessible over the internet.
A Fast, Secure Solution for Data Access for Reserve Units
The defense agency has begun the rollout with high ranking reserve soldiers in one platoon with the setup of 100 VMDs, which will quickly grow up to 10,000 devices as the project expands. It took just three days to set up the entire infrastructure within the agency’s IT network to allow the data to be shared through one portal, with all access managed through the Symmetrium app.
The defense agency’s IT team is now able to create a single virtual device in less than five minutes without any support from the Symmetrium team. This includes assigning it to reserve unit members during their specific service period.
Reservists use a username and password to access the virtual device via a secure portal using their personal phone. While at present they have their two-factor authentication if needed in the future they could also activate biometric authentication (using an eye scan) for an extra layer of authentication.
If an authorized user (for example, one whose reserve duty has ended) tries to use his phone’s native browser and not using the Symmetrium app installed on their device to access the reserve portal, the data will not be visible.
The Result: An Easy-to-Manage Zero-Trust Environment
The defense agency now benefits from the creation of an easy-to-manage zero-trust environment, which automatically adheres to all existing network security protocols, reducing the headache for its CIO and IT department, saving time, money and resources.
If there are any violations, such as a reservist or adversary capturing the screen of data, an alert will pop up in the Symmetrium management console. This console also allows administrators to block or allow specific requests for specific users, and change the information they are approved to access. It can also limit access to specific locations or specific networks. This is achieved regardless of the hardware being used to access the data.
Symmetrium’s minimum-resources mobile management solution has very light operational requirements and allows for the quick onboarding and offboarding of reserve users with one single app. This allows productive collaboration with reserves when they are serving with the defense agency, while dramatically minimizing the risk of data breaches.
Ultimately the complete roll out of Symmetrium will empower secure data sharing and collaboration among the agency’s tens of thousands of reservists.