Flattening the Network

The tactical space is forced to accommodate too many networks. As it stands today, totally independent network structures are needed to hold edge resources of differing degrees of sensitivity. A different network structure is required to drive the sharing of resources to different joint and coalition partners: one network for a joint partner, one network for a NATO partner, one network for a Five Eyes partner, one network for a non-NATO partner, another for a joint partner for classified information, etc.

This conundrum produces a mangled and confounded amalgamation of network infrastructures and renders management of these networks (and sharing of their resources) extremely difficult and inefficient. There is a strong desire to move away from this type of operating paradigm, but current policy guidelines unfortunately dictate it. Despite prospective technological resolutions to this solvable problem, these insufficient policies are strangling innovative technology ideas, and culture (the morale and condition of the tactical operators that must trudge through and wrangle these needlessly complex network operations) suffers as a result. 

These observations are not new. Solutions to these issues have been actively discussed by institutions like the Army for decades now. This leaves one to ask: Why hasn’t anything changed? The answer – no technology has been compelling enough to justify this type of change. Until now.

Flatten and optimize the tactical network with ZKX Helix

ZKX Helix offers the concise, direct, and high-impact pathway to achieve any semblance of tactical network-flattening. ZKX Helix accomplishes this through two primary avenues: micro-perimeters and identity attributes. As a software-only platform, ZKX Helix is purpose-built for both the tactical space as it is today and for the strategic goals it is seeking to accomplish tomorrow.

Microperimeters

One key differentiator of the Helix platform is its ability to offer access policy enforcement at the level of the individual resource in question. For example, even if two files reside in the same file server, Helix has the ability to enforce two different access policies for each respective file if their security designations are different.

Identity Attributes

In Helix, access policies are built from specific identity attributes – characteristics or qualities bound to a specific identity. Traditionally, “identity” has had to be considered separately for both the human user and the computer device they’re using. In Helix, the identity of user and device is considered simultaneously as one unit. For example, CPT Rogers on his ATAK device is treated separately and distinctly from the same CPT Rogers on his SIPR terminal.

Microperimeters & access polices

Even when network resources logically live side-by-side, Helix can treat them as totally disparate and separate. Helix isolates individual resources via micro-perimeters. These micro-perimeters serve as triggers to enforce access policies, built from specific identity attributes. For user/device pairs that hold the attributes in question, their identity is challenged by next-gen MFA to ensure only legitimate access to a resource is ever awarded.

To exemplify our file server again, suppose any user/device pair that holds a (NOFORN) attribute can gain access to the server – but only one file is tagged by a policy that allows authenticated access to NOFORN identities. All other files may be tagged with more stringent policies such as (NOFRN, Army, TYPE-1) – satisfiable only by user/device pairs that possess all three attributes and successfully pass an MFA verification check.

No matter the specifications, Helix is granular, flexible, and customizable enough to enforce the requirements needed to successfully flatten the tactical network. Helix initializes, defines, and enforces exact and specific access policies in a rugged, robust, and zero-trust fashion. 

Dynamic policy enforcement

In today’s cyber environment, network conditions and parameters change all the time, especially in contested situations. That’s why Helix has been built with dynamic policy enforcement – the ability to change access policies, specific policy requirements, or resource policy assignments, and see these changes enforced in real time.

As zero-trust becomes less of an idea and more of a reality, it is critical that technologies are made that enable this new framework to be as accessible, feasible, and maximally disruptive as possible.

Helix is the place to begin – with perimeters, policies, policy enforcement, and identities in place, any network anywhere in the world can now get a head start on their zero-trust journey.