Solutions Showcase - Shared Services Canada

© 2011 FrontLine Security (Vol 6, No 4)

In her keynote address at Ottawa’s GTEC conference last October, Corinne Charette, the Government of Canada’s CIO, commented that “Our ability to harness and leverage information effectively, within government, across jurisdictions and with our citizens will be the key to our success, not only in modernizing government, but in improving the well-being of society as well.” She went on to say, more specifically, that modernization of government can only be achieved through an IT environment that “connects people, information and knowledge, quickly and securely, across departments and ­jurisdictions, and [also] links in our citizens.”

Such connection brings a new level of responsibility to the Government of Canada and its newly established Shared Services Canada. Data now crosses departments, geographies, and the global community via the internet. This brings a significant risk of network breach, and requires secure solutions with levels of assurance that would have been deemed unecessary as recently as a few years ago. As Shared Services Canada seeks to consolidate and remove redundancy in data centers, streamline email providers, and pare down the thousands of government networks, it will need to ­protect Data Sovereignty to ensure only authorized access for both viewing and use. Goals for a modernized government that provides exceptional service and access to its citizens, the privacy of citizen data and data sovereignty remain critical requirements.

In just five years, we’ve seen malware attacks jump from less than six thousand reported cases to over 56 million. Thus, to achieve Data Sovereignty, we must acknowledge all risk categories, understand new cybercrime opportunities, maintain and apply security policies against carelessness, and select security solutions that will prevent data access or manipulation.

The nature of these attacks continue to evolve as cyber thieves and hackers find new ways to exploit network weaknesses to obtain sensitive and valuable information. Weaknesses – on both commercial and government web sites – can turn them into “virtual minefields.” Disturbingly, news reports in early 2011 noted that cyber attacks, launched by phony email messages, had accessed “protected” information from Treasury Board, the Department of Finance, and the House of Commons.

New security solutions emerge on the marketplace almost as quickly as the numbers of cybercrimes rise. This proliferation of security solutions places yet another burden on Shared Services Canada as it evaluates the effectiveness, maintenance and cost of secure solutions. For instance, many parties may claim to have “secure” communications, however, when compliance with government policies and consequences for loss can be so serious and costly, we must have confidence in the reliability of that security. Thus, it is necessary to validate solutions claims by third party certification. Unisys offers such a third party certification. The Unisys Stealth Security Solution is certified to the Common Criteria Evaluation Assurance Level 4 (EAL–4+) that is administered by the National Information Assurance Partnership (NIAP). This level signifies that Unisys Stealth offers clients unprecedented protection and is certified to protect up to “Secret” defence-level information.

Unisys Stealth takes an innovative approach to protecting security by “hiding” users from hackers or internal security threats, and by making user data invisible to all but the predefined, authorized parties. Being invisible is not only non-confrontational to hackers; it is a safer position from which to compute. Common IT Security Models fail because they are reactive and respond to known threats, so, when new threats emerge, these models are unable to prevent the attack until updated. They also do not prevent bots from being assimilated into endpoints, allowing the bots to contact “armies of bots” later, resulting in denial of service (DNS) attacks. Traditional perimeter security often fails because organizations may not have a sense of what hackers consider valuable. In contrast, Unisys Stealth Solution provides proven security that establishes an invisible point-to-point connection, securing and isolating user communications from attack. “Stealth” locks down end-points and provides cryptographic isolation of data in motion, which protects users from cyber attacks such as malware, denial of service, man-in-the-middle, and phishing.

A community of interest is a client-determined group of individuals that can be isolated. Such a community can be as large as an entire agency or as small as a group of two individuals. Membership and access rights are determined by the IT security administration.

Unisys Stealth protects by virtualizing networks through these isolated “communities of interest”, meaning that sensitive data is invisible to individuals who are not within that specific community. These protected communities of interest are pertinent to ­protecting data sovereignty within a Shared Services Canada.

These communities become the means by which network assets and network users are cryptographically segregated for specific purposes. Stealth makes data “invisible” to participants outside communities, isolating data and preventing security compromises, and allows agencies and departments within the government of Canada to protect data sovereignty.

Unisys Stealth Security Solution allows users in separate agencies and organizations to work with unprecedented security and within any public or private network. Unisys Stealth provides a viable option for government agencies to be stewards of the data they collect to secure and manage for their citizens’ benefit and well-being.

For more information on the use of Unisys Stealth Security Solution and the protection of data sovereignty, visit or contact
© FrontLine Security 2011