Today’s advanced military intelligence, surveillance, and reconnaissance (ISR) platforms generate large amounts of highly sensitive data that must be captured and securely stored without impacting performance. System designers must ensure that data-capture systems can handle large amounts of data in as close to real time without interruption or bottlenecks that might otherwise affect performance. When this critical data is stored, it’s considered data-at-rest (DAR).
For many years, military-system designers relied solely on direct attached storage (DAS) devices when they needed to deploy data storage on military platforms. These devices are embedded within or directly attached to the computers, such as single-board computers (SBC) on a platform. When a DAS device is used, only the specific SBC it’s attached to can access the stored data-at-rest (DAR). With Ethernet becoming commonplace on modern platforms, network attached storage (NAS) devices (also known as network file servers [NFS]) have emerged as an important alternative for deployed data storage. With NAS, stored DAR can be made available to any client devices on the Ethernet network. NAS and DAS are often used in combination to meet all program, platform, and application requirements. However, in those cases where it makes sense to use only a DAS or a NAS device, it’s useful to understand how they differ.
Since its introduction in 2014, the National Security Agency Commercial Solutions for Classified (CSfC) program has proven very effective in lowering the cost and speeding the accessibility of encryption for critical data-at-rest (DAR). Compared to the time and expense associated with acquiring certification and approval for Type 1 encryption solutions, CSfC has provided a breakthrough for defense and aerospace system integrators by establishing an approved means for using commercial encryption to protect critical data. What makes CSfC innovative is that it provided, for the first time, an authorized process for employing two layers of commercial off-the-shelf (COTS) encryption. These could be two layers of hardware, two layers of software, or a mix of hardware and software.