Three Domain Separation was originally developed by Advenica in connection to a high assurance project for the Swedish armed forces. The need to separate administrative and ordinary data flow in encryption products was identified, and the solution took worst-case scenarios such as malicious administrators into consideration.
In short, Advenica’s ground-breaking VPN technology means that an administrator domain complements the traditional two-domain separation, enabling central control without the administrator accessing mission-critical information.
Insider threats are a larger threat in most IT environments than many think.
According to the annual Insider Threat Report from Crowd Research Partners, administrators account for 55% of insider threats.
Encryption products with Three Domain Separation means that unauthorised users cannot access user information transferred to unprotected networks or stored inside a secure network. An administrator only has access to the information required for the VPN administration. This not only reduces the risk of malicious administrators but also the exposure of staff being pressured into espionage.
Three Domain Separation adds value to both businesses with in-house administrators and those with Managed Security Service Providers. You simply have a technical guarantee for secure management.
This is an advantage not least within critical infrastructure and other operations of national interest. The NIS Directive, introduced this year, significantly raises information security requirements, making it important to show concrete preventive measures to supervisory authorities. With installed products based on Three Domain Separation, you are well-equipped and just as secure today as in the future.