By doing some very clever things with thin client and a one-way network link, the data diode allows network managers to separate secure and non-secure environments, while allowing users to access both through a thin-client terminal. In essence, once something winds up on the high-side, secure network, it can't escape. "Tenix has got a solution for a very high security environment, without a doubt," says Montgomery.
Tenix is a military contractor; the IL-DD was no doubt engineered to meet the requirements of high security environments. As for whether it's finding commercial success, we don't know -- Tenix representatives did not respond to a request for comment.
So there you have it. Preventing your users from deliberately siphoning data away from your organisation is hard work -- there's no easy solution. Perhaps the important thing is we try; that we make it hard for those who want to break the rules. That way they can't argue later they didn't think what they were doing was wrong.
Restricted USB functionality in Windows Vista should make life a little more bearable, but we know too well that if a user has access to sensitive data in the first place then the battle is lost.
Least privileged access, combined with sensible auditing and some reasonable technical countermeasures are a start, and screening employees is vital.
What do you think? E-mail [email protected]