What is a cross domain workflow and why does it matter?
The world we live in today is very different from when we started to design the large computer systems that now comprise our legacy estate.
Government agencies, while certainly not alone since the advent of big tech and social media, accumulate vast amounts of information. These are often stored at different security levels depending on the sensitivity and classification. This stratification has created a fundamental challenge: ensuring that data remains secure while keeping it accessible at the business end for legitimate and necessary use.
This is where the Cross Domain Workflow comes in, providing a sophisticated (but not too costly or complex to implement) mechanism to balance these competing needs.
Understanding cross domain workflows
A Cross Domain Workflow is an architectural solution that allows data to move securely between different security domains, such as from a less secure “low side” to a more secure “high side,” and vice versa. This mechanism is obviously beneficial for government operations where data integrity and security are paramount, while still facilitating necessary access for various users and systems.
At the core of a cross domain workflow are cryptography technologies – tools that encrypt data, preventing attackers from being able to read it. These tools facilitate secure key exchange mechanisms and encryption/decryption functions. This ensures that sensitive data can be securely transmitted and stored, even between different security levels.
The key factor which makes cross domain workflows, however, is employing cryptography in a sensible and modular way. This means making sure current algorithms can be substituted for post-quantum components with minimal future cost and disruption.
Why cross domain workflows matter
In public sector contexts, data at the low side is typically at the “Official” level — accessible to a broad range of personnel and systems. However, the sophistication of cyber threats today means that low side defences are increasingly vulnerable to attacks. Adversaries with advanced capabilities find it easier to breach these lower defences, posing significant risks to the integrity and confidentiality of the data stored there.
To mitigate these risks, critical and sensitive data is often stored on the high side. The high side is a more secure environment with stringent access controls, different hosting configurations, and more robust device profiles. These measures make it significantly harder for attackers to penetrate. However, the high side’s enhanced security also introduces a challenge; not all users or systems can operate within this environment, especially those that need to interact with the public or other less secure systems.
READ: Balancing act: The art of modernising secure legacy systems
A cross domain workflow bridges the gap between high and low side operations. It allows data to be collected from less secure devices, encrypted, and securely transmitted to high side storage. This process ensures that even data originating from untrusted sources can be safeguarded effectively.
But security isn’t the only concern. For data to be useful, it must be practically accessible to those who need it. Cross domain workflows enable this by allowing encrypted data to be processed and, when necessary, securely transmitted back to the low side. This selective accessibility ensures that while the bulk of the data remains better protected, parts or slices of it can be safely worked on in less secure environments.
For instance, consider a scenario where government agencies need to collect data from the public. The devices used by the public are generally insecure and can’t meet the high side’s stringent requirements. Through a cross domain workflow, this data can be encrypted immediately upon collection, sent to the high side for secure storage, and later accessed or processed by high and low side applications as needed while maintaining strict security.
The benefits case
The adoption of cross domain workflows offers several key benefits, namely:
- Enhanced security:
- By encrypting data at the point of collection and maintaining its security throughout its lifecycle, cross domain workflows protect more effectively against unauthorised access and breaches.
- Operational efficiency:
- Cross domain workflows enable seamless interaction with data across different security levels, allowing agencies to operate more effectively and respond to needs without compromising security.
- Cost-effectiveness:
- By enabling secure interaction with data at lower security levels, cross domain workflows reduce the need for extensive high-side or twin infrastructure, offering a more cost-effective solution.
Cyber threats and vast data accumulation have created a dangerous environment and cross domain workflows will be indispensable for government agencies. They provide a secure, efficient, and practical solution for managing data across different security levels.
For senior public sector leaders and budget holders, investing in cross domain workflows is not just a matter of enhancing security — it’s about enabling departments and business units to function effectively in a complex and evolving digital landscape.
By adopting these advanced workflows, you can safeguard critical data, ensure operational continuity, and maintain the trust and confidence of the public you serve.
Digital government is hard, together we’ll succeed.
We will be publishing a video walk-through of a Cross Domain Workflow application to help bring this to life, using vetting as a hypothetical use case. A second blog will also cover some of the technical concepts and themes, aimed at the architects, service designers, and technology professionals leading innovation and transformation across government.
If you’d like to discuss any of the points covered in this blog, please get in touch.
-
How to kickstart AI projects in government — lessons from Border Force, HMRC and GIAA
-
My first Regional Scrum Gathering in Stockholm – key takeaways
-
Transformation Day – How do you fit a square peg in a round hole?
-
How product management improves public sector digital services
-
How a business analyst brings value to agile delivery in the public sector
-
Zaizi named in several Most Loved Workplaces® lists for 2024