Secure data is superior data: A security-first approach to the DoD Data Strategy

The DoD has taken a holistic approach to modernizing its data strategy by defining guiding principles intended to guardrail data collection, stewardship, and ethics. To realize this data strategy, the DoD has defined seven goals, collectively known as VAULTIS. These goals state that data should be: 

Visible – Data can be located and visualized holistically

Accessible – Data can be accessed by those that need it

Understandable – Data content, context, and applicability are easily identifiable

Linked – Data can be explored through innate relationships

Trustworthy – Data can be trusted for all aspects of decision-making

Interoperable – Data is represented in a way that makes it commonly understood

Secure – Data is protected from unauthorized use and manipulation

At Elastic®, we believe that security is the foundational tenet on which any technology solution should be built and the common thread through the subsequent goals of VAULTIS. In other words, a comprehensive, data-centric DoD strategy is best achieved by working backward from the VAULTIS goals, starting with the “S,” for security.

From a technical standpoint, starting with secure data is a strategic way to map your architecture and decide on technology investments. If data is not secure, then it is impossible to effectively achieve any other guiding principle of the DoD Data Strategy. Security should serve as the essential foundation for meeting all the other goals, of data being interoperable, trustworthy, linked, understandable, accessible, and visible. 

A trusted partner to all of the DoD’s military branches, Elastic is a search powered analytics platform that serves as a secure and flexible data mesh, unifying disparate, geographically dispersed data at scale with speed. With Elastic, data becomes a force multiplier, making intelligence actionable for military forces in delayed/disconnected, intermittently connected, low-bandwidth (DDIL) environments. 

Protecting and securing DoD data while at rest, in motion, and in use is paramount to the principles stated in the DoD Data Strategy — and a disciplined, Zero Trust approach to data security must span the entire data lifecycle.

Data platforms should provide users with the confidence that data is being protected from attack and misuse, whether that data is being collected at the tactical edge, in flight, or being used for analysis and strategic decision-making. One of the best ways to provide this assurance is by using Federal Information Processing Standards (FIPS) 140-2 approved and validated modules for encryption, hashing, and signing. The Elasticsearch® Platform fully supports encryption using FIPS 140-2 standards throughout the data lifecycle, from data collection and indexing to cross-functional sharing and collaboration at every point along the way.

Only users with the appropriate security credentials should be able to access data, whether it’s coming from local or distributed data sources. The Elasticsearch Platform supports both role-based access controls (RBAC) and attribute-based access controls (ABAC), keeping data searchable to only those with the appropriate permissions. RBAC security permissions are applied locally where the data resides, and administrators can create secure, dynamic data access policies that span domains and cross-functional areas to ensure each role has its own view of only the data that’s relevant and permissible to them. 

In some cases, it is imperative to secure data down to the field and document level in order to protect specific data fields with varying classification levels. This kind of cross-sectioning can be used to support ad hoc or task-oriented teams. When that mission is complete, you should have the ability to change the RBAC roles, subsequently removing access to the protected data sets.

Protective mechanisms must be in place for credentialed users to access, share, and export data across the enterprise. The Elasticsearch Platform includes Kibana®, a frontend web UI, that makes searching, building, and displaying dashboards simple and intuitive for non-technical users by point-and-click, drag-and-drop functionalities. Kibana provides a workspacing mechanism, called Spaces, that allows access to data and UI elements (like Security, Observability, and analytics) to be defined by RBAC/ABAC. Visualizations, dashboards, and reports built on only permissible data can be exported and shared via PDF, images, or via an external permalink for Joint All Domain Operations.

Data underpins digital modernization, and operationalizing security is principal as the DoD works to achieve full-scale data centricity aligned to the goals of VAULTIS and the DoD Data Strategy. For data to be interoperable, trustworthy, linked, understandable, accessible, and visible, it must above all, be secured. When properly collected and managed, data provides an operational advantage regardless of the mission. Whether in use on a battlefield or in a boardroom, Elastic serves as a trusted partner enabling data stewards, analysts, and senior leaders to maximize the mission value of data at speed and at scale. 

In the next blog post in this series, we will continue exploring the goals of achieving the DoD Data Strategy and VAULTIS, working backward: making sure data is linked, trustworthy, and interoperable, and how Elastic can help.