Public sector organizations are faced with a significant

challenge managing risk in an environment replete

with sophisticated cyber threats, cost constraints, and

compliance demands. Cost reduction remains top of mind,

but there is little tolerance for any compromise involving IT

security. Meanwhile, with the adoption of mobile devices,

and the increasing velocity of data breach attempts, the

challenge to reduce costs while strengthening security can

seem daunting.

It’s only daunting because public sector leaders have come

to equate increased security with increased cost. For years,

security involved layering perimeter defenses and physical

technology infrastructure that drove up operations and IT

costs. But advanced, innovative technologies are driving

public sector leaders to step outside the conventional

Band-Aid approach. A new breed of public sector security

Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security AND Decrease Costs

By Unisys Corporation

opportunities around software-defined networking has

emerged – one that strengthens security and cuts costs.

The key – hide all endpoints completely from attackers so

there’s no vector to target.

5 Ways to Increase Security and Reduce Costs

1. Cloak Your Endpoints and Go UndetectableHackers attempt to locate devices on a network by broadcasting

network messages, where even a negative reply can tell

them what they want to know: the IP addresses of systems

they can further probe for vulnerabilities. A cloaking strategy

is based on the idea that by hiding all endpoints completely

from attackers, there’s no vector to target. In order to

accomplish this, a combination of cryptography, VPN

technologies and segmentation tactics are used.

2

2. Segment Your Data Center by Using Communities of InterestOver the past several years, public sector organizations

have reduced infrastructure costs through consolidation and

virtualization strategies. Likewise, data center segmentation

offers an opportunity to reduce security costs. This new

approach allows a simplified, flatter network design, but

provides highly segmented access and visibility permissions.

Best practices in data segmentation involve establishing

communities of interest (COIs), in which the users and

devices within each community have finite and predetermined

visibility and access to different servers and applications.

The COI capability, combined with executing very low in

the protocol stack, darkens endpoints on the network, as

if they were undetectable. Agencies can confidently share

mission-critical information with citizens and stakeholders

who need to know by creating secure communities of

interest, allowing them to apply varying levels of security

to specific users. COI access is defined by device or user

identity rather than physical topology. Groups can therefore

share the same physical or virtual network without fear

of another group accessing their data or workstations

and servers.

3. Isolate Disparate NetworksConfiguring and maintaining separate physical networks is

prohibitively expensive and difficult to support, and relying

upon telecommunications provider networks cannot assure

security. Public sector organizations must protect local

assets within designated regions while controlling access to

assets from users in geographically dispersed regions. To

do so, agencies need an ability to create a communications

tunnel cloaked from those who are not part of a COI, and

regional isolation creates the effect of cryptographically

isolating each COI member.

4. Move Mission-Critical Workloads to a More Secure Cloud Mission-critical workloads require both high availability

and high security, and if either one is in question, a new

approach might be required. With today’s solutions, private

clouds can deliver the same availability attributes as a

public cloud except it does so from within your data center,

providing “just in time” resources that can be shared

between COIs but remain secure and isolated from each

other. IT resources are converted into a flexible, metered,

self-provisioned service delivery. By cloaking public cloud

provider servers, public sector organizations can get more

leverage from the cloud while maintaining complete control

of their workloads. Virtual machines should be cloaked

from other tenants in the public cloud and from hackers

attempting to infiltrate the cloud. This enables agencies to

confidently deploy mission-critical workloads in the public

cloud and take advantage of the associated cost savings.

5. Convert Existing Computing Devices Into Secure Communications ToolsComprehensive security features can protect data and

information across any network that employees and

partners choose - LAN, WAN, wireless, 3G, 4G and satellite

networks, public or private. Whether for tactical defense

and intelligence purposes, first responder services, or to

empower any small team with specific and more privileged

access, public sector organizations need a way to quickly

and securely establish secure network connectivity which

can assure continuity of operations. Similarly, to respond

to emergencies, public sector organizations often need to

be able to establish ad-hoc networks quickly, efficiently and

securely. They can adopt an approach akin to COI in a one

that leverages existing COI information to create a secure

tunnel. A customized, dedicated and portable device can

then enable a remote user to boot up and establish a

“clean and secure session” linking back to the public sector

organization’s own network.

3

A Path Forward

Unsurpassed, Cost-effective Security - Without Network and Application ChangesThe Unisys StealthTM Solution Suite offers a unique opportunity

for public sector executives to leverage software-defined

networks for cost control and better security. By rejecting

the past practice of allowing perimeter solution sprawl

and moving on to the best practices described here,

public sector executives can offer both new services and

new layers of security, all while cutting costs. The Unisys

Stealth Solution Suite provides a high level of security

and assurance AES-245 encryption, FIPS 140-2 certified

cryptographic engine, EAL-4+, DoD, NSA Common Criteria

certifications.

The benefits of stronger security are met with equally

attractive cost-and time-saving benefits:

• Deployable on top of existing infrastructure and tools,

integration does not require any network or application

changes in tiered or flat networks.

• Integrates with identity management systems like

Microsoft Active Directory, speeding the creation of COIs

and the ongoing maintenance of their privileges.

• Helps eliminate the need for separate physical networks

for each COI, leased lines, equipment and associated

point solution licenses.

About UnisysFor more than 130 years, Unisys has led technology

innovations that transform the way governments deliver on

their missions. Through our robust portfolio of security, data

center, end user, and application modernization services,

we deliver a safer and more secure connected world. Our

approach integrates resource and infrastructure security,

creating a highly effective and efficient security environment

and freeing our government client to focus on best serving

citizens. Unisys security solutions are trusted worldwide, in

100+ airports, 1,500 government agencies, 100+ banks,

and countless other organizations that have zero tolerance

for breach.

For more information visit www.unisys.com

© 2014 Unisys Corporation. All rights reserved.

Unisys, the Unisys logo, ClearPath, Unisys Stealth and Forward! by Unisys and the Forward! by Unisys logo are registered trademarks or trademarks of Unisys Corporation.

All other brands and products referenced herein are acknowledged to be trademarks or registered trademarks of their respective holders.

Printed in the United States of America 01/14 14-0048