The NCSC Guidelines on Safely Importing Data: A 4Secure Overview

All Organisations Should Be Meeting NCSC Requirements

Many organisations desire to adhere to National Cybersecurity Solutions Centre (NCSC) guidelines for safely importing data.

These guidelines essentially apply to any organisation in any industry, both public and private sector, who has environments operating at varying security levels and a desire automate the movement of data between those environments.

So what are the guidelines and how can 4Secure help implement them within your organisation?

 

What are the NCSC Guidelines?

The NCSC guidelines detail at length various human approaches that should be considered when developing secure data import into high-risk or high-security environments.

The wider scope of the guidance also covers supply chain security, access controls, and having processes in place for what actions to take in the event malicious data is found to be imported.

As part of the guidance the NCSC has provided an extended set of defensive techniques and step-by-step instructions on how these solutions might work in practice – which you can read on the NCSC website.

Whilst reading the guidance is an ideal place to start for anyone seeking to find out how to go about making their system more secure – 4Secure have put together this simple guide to the keys to meeting the NCSC standards. 

 

Does Your Security Use These Mitigation Techniques?

The NCSC guidelines detail a number of mitigation techniques organisations should seek to implement to protect against the types of attacks commonly seen when importing data into secure systems. 

To understand how compliant your organisation is, consider whether these mitigation techniques are employed by your business.

Recommended Import Pattern

As part of their guidance, the NCSC provide a simple to understand import pattern detailing the recommended sequential pattern for importing data safely. 

Many organisations will seek to use this pattern as the starting point on their journey to ensuring their endpoints are securely importing data. 

When seeking to meet the guidance you must consider both hardware and software aspects of the import pattern. For experts with detailed security knowledge this is no problem, but many solutions architects, systems engineers, CTOs and technical engineers with a specialist focus will require experts to provide a cross-domain solution.

 

An Innovative Solution to a Complex Problem: Cross-Domain Solutions

The comprehensive of NCSC guidance means that a combination of hardware and software is necessitated to adhere to many of the defence techniques outlined within and create a secure environment.

To develop solutions for these techniques we require what are called cross-domain solutions.

In simple terms, a cross-domain solution is one that provides a solution that comprehensively covers both software and hardware layers of the system to facilitate the import and export of data from non-secure to secure networks.

Cross-domain solutions are secure-by-design, meaning they follow a secure methodology throughout the entire product lifecycle from hardware design to software implementation.  

 

4Secure's Cross Domain Solutions

Hardware

As the guidance suggests, hardware must have flow control mechanisms that facilitate unidirectional data transport.

An example of this hardware is a data diode – a device that only allows for data to passed through in a single direction.

Data diodes are an example of hardware utilised extensively in cross-domain solutions as they cannot allow data to be passed back by their physical design and provide a physical barrier between two endpoints.

4Secure supplies data diodes as part of cross-domain solution packages which are designed to provide full-spectrum proection for your organisaiton. 

Software

Software is key to ensuring that the data sent and received is in secure formats and filtered so that any data with the potential to open security holes can be blocked, or removed and reconstructed.

One such method is adopting a verification engine to perform Syntactic and Semantic Verification. Commonly this will involve utilising pre-defined schemas inspect data payloads such as XML & JSON payloads.

Where more-structural and higher-level techniques are with HTTP packets, where the validation engine may make a number of iterative checks on common verification types.

4Secure’s TrustedFilter Software has been developed by security experts over the last 15 years to provide a suite of modules that allow the filtering, verification and validation of commonly used, open-standard data types.

Your Solution to NCSC Compliance:
4Secure Cross-Domain Solutions

4Secure works with solutions architects, engineers and developers to design cross-domain solutions following a secure by design methodology – ensuring the developed solution is built with security in mind at every step of the process. 

Cross domain solutions engineered by 4Secure are enhanced using the TrustedFilter software, a suite of software modules developed by security experts over 15 years – providing a level of data filtering verification and validation unrivaled by the competition. 

An Insight into 4Secure’s Approach

While the NCSC guidelines provide valuable insights into secure data import and export, certain use-cases demand functionalities and capabilities that extend beyond the prescribed defensive techniques. 

Technical Delivery Manager, Sam Black, details how 4Secure’s approach to cross-domain solutions goes above-and-beyond the scope the NCSC Guidelines.

 

Take Your Security to the Next Level

Contact the Experts

Reach out to 4Secure’s expert solution architects to develop a cross-domain solution fit for your organisation.