Handling Classified Data in the Cloud

When working with confidential, secret or top secret data a lot of concepts and principles come into play which are commonly originally developed for on-premise environments related to governmental or military data. While the concepts are commonly developed in an on-premise only era and have been developed for military and governmental data they can be applied in cloud environments and are also applicable for commercial enterprises.

Commercial enterprises and top secret data
A common initial reaction from people is that commercial enterprises do not hold things that can be classified as top secret. This is up till the point that they have a discussion with internal CISO representatives and talk about classification of data. Large enterprises do, in most cases, have classification for data and follow structures such as public, confidential, secret and top secret. Even though it might not be as strict enforced as would be the case with data from intelligence services or the military organisation

Governments and top secret data
As can be expected, governments and the associated branches in the military and intelligence community have strict classification rules which apply not only to the direct governmental data assets however expands to contractors and sub-contractors as well.

Which data in which system
One of the main questions when handling classified data is; which classified data can be entrusted into which system and how do we propagate…