Cross Domain Hybrid
A secure, re-usable pattern for
cross domain design
The UK Government collects extensive data from citizens and through its Task Force Data Collection at the OFFICIAL level.
In certain instances, this aggregated data needs to be preserved within higher security or trust boundaries. If such data were to fall into malicious hands, it could pose a risk of reputation damage or significant national security risk. When consolidated, this data can offer invaluable insights to adversarial state entities, necessitating that the aggregated data be housed within SECRET/High Trust domains.
The CDHA Framework offers a solution that not only secures data at the OFFICIAL level but also facilitates controlled transactions, allowing portions of a record to be safely shared within the OFFICIAL domain.
What is the CDHA Framework?
Enabling Performance, Delivery Efficiency & Enhanced Data Security
The challenges and risks associated with data aggregation are not exclusive to the UK HMG but also extend to our collaboration within the Five Eyes (FVEY) intelligence alliance.
Acknowledging this significant challenge and its associated risks, Acubed.IT has collaborated with the NCSC for the past three years. Together, we have developed a framework, established a design pattern, and crafted a product that empowers HMG to create applications spanning multiple security and trust boundaries, all while adhering to the 'Secure by Design' principles.
With CDHA, applications can achieve an optimal balance: superior usability and performance at the OFFICIAL level, while ensuring data storage at the SECRET/Higher Trust tier. CDHA represents a ground-breaking technology that could redefine the way the UK government conceptualises and develops secure applications in the coming years. The potential of CDHA to revolutionise governmental operations is immense.
Using the CDHA Framework to Modernise Government Security
The implementation of Zero Trust architecture has introduced a paradigm shift to government’s approach to network security. In contrast to the perimeter-centric threat model, zero trust architecture focus on the inherent qualities of the data.
As government modernises its approach to security, the Cross Domain Hybrid Application Framework provides an opportunity for a further step change. The CDHA framework is a new application design framework, which employs secure design methods to enable an application to communicate across security boundaries.
With ‘Secure by Design’ being the focus of the framework, we have produced a truly remarkable tool for enabling systems to talk to each other in a secure and safe manner.
The CDHA framework enables applications within a Low Trust setting to gather data from users. By encrypting this data with a user-specific key, only the original creator can access the data even in a Low-Trust domain. This design ensures the data remains secure, preventing it from becoming a vulnerability or an attractive target for malicious actions.
Unique Cross-Domain Cryptographic Key Management
Our approach is unparalleled with no direct market rivals.
Enhanced Data Movement Security
Ensures protected data transition between higher and lower security environments.
Secure Data Housing
Consolidated data is kept within a highly secure domain.
Intuitive Key Management for Users
Our method provides a frictionless key management experience for users.
Minimising Dependency on Secret EUD
Substantially cuts down the reliance on TIER-2 End User Devices and their associated infrastructure.
Advanced Cross-Domain Protection
CDHA offers robust defence against top-tier threats, safeguarding the UK's most critical systems.
When do you use the CDHA Framework?
Users enter information into a form within the OFFICIAL or Low Trust domains, and the data is securely transferred to the High-Trust area, leaving little to no trace behind.
If your application portal operates on a Low-Trust domain and gathers data at the OFFICIAL level, that data must remain encrypted and protected at all times.
If your Low-Trust application portal collects information at the OFFICIAL level and a segment of this data requires processing on a more secure network, then it's imperative to have the right protocols.
While data may reside in the higher security tier, specific portions of records or data should be securely made available to the OFFICIAL level to enhance application accessibility.
Why Trust acubed.it?
Proven track record of providing innovative, tailored cybersecurity solutions.
Prioritising the UK's evolving cybersecurity needs with advanced technology.
Expertise in cross-domain and cloud solutions.