For the Department of Defense and the U.S. Army, how to secure precious, mission-critical military data is the name of the game. With high-profile data leaks and cyberattacks happening almost continuously, the traditional battlefield has extended into the internet.

The time-honored way of protecting data was at the hardware level, making sure that the hard drives or disks containing sensitive information were locked up in a secure area. That method is no longer adequate in today’s hyperconnected world, where data is much more likely to be stored in the cloud.

“Adversaries are not stealing our networks; they’re stealing the data on the network,” said Thomas Sasala (pictured), director of the Army Architecture Integration Center and chief data officer at the U.S. Army. “So if the data isn’t protected at the data level [instead of] at the perimeter level … then we’re not going to survive moving into the future.”

To discuss the ways the DoD and Army are fighting back against cyberwarfare and how they are securing data, Sasala spoke with and Rebecca Knight (@knightrm) and Peter Burris (@plburris), hosts of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the MIT CDOIQ Symposium held in Cambridge, Massachusetts.

The challenges of electronic chains of custody

When attacks occur against systems, such as phishing, it’s possible to steal terabytes of information in a matter of minutes with just one click on a link in a compromised email. Since the U.S. DoD has about 4 million employees and the Army has about 1.2 million, the odds of one person making a bad click on any given day are exceedingly high. It’s up to Sasala and his team to protect that data in the most effective way possible.

One of the primary issues around data security is how to deal with “who gets what permissions” to what information. After the attacks on September 11, 2001, the DoD created an information-sharing strategy that moved from a “need-to-know” to the “responsibility to provide.”

Right after whistleblower Edward Snowden stole data, that pendulum swung back the other way, with the thought that too much data sharing was the issue. Snowden happened not because information-sharing policies were too lax; rather, it happened because Snowden walked in with a flash drive and plugged into a server, according to Sasala. Since he had unfettered access, from a permissions perspective, there was no reason for him to be denied access.

“It comes down to identity access control and controlling the data,” Sasala stated.

While the DoD was an exceptionally early adopter of two-factor authentication back in the 1990s, there still needs to be a leap from identity management into access management and tying “who gets access to what” back to the digital and physical identity, according to Sasala. Then after that step is making the entire ecosphere data and applications persona aware so that the data can be accessed by the users who have permissions — and protected from those who do not.

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of the MIT CDOIQ Symposium.

 Photo: SiliconANGLE