Managing Risk in Air-Gapped Environments

As IT and security deployments migrate to the cloud, security gaps in air-gapped systems can be created unless attention focuses on threats such as data transfer from external storage media – for example, USB devices. Paradoxically, many agencies continue to maintain critical systems and data on air-gapped servers or on systems running end-of-life operating systems.

The U.S. Department of War maintains critical air-gapped systems even as it transfers more of its systems and activities to the cloud. Using a positive security model, which identifies software with a known degree of trust, only allowing access to trusted resources, assumes that unknown software is not to be trusted and requires that trust be assigned before granting access and usage.

Learning Objectives:

• Identify the types of security holes that free tools do not address
• Walk through scenarios where a trust-based approach to content approval provides protections that address those gaps
• Outline best practices and methodologies for all DoW agencies, including designating trusted publishers, and custom rules that provide more granular control, allowing files to be approved by path, process and users