Cybersecurity in Innoslate

By Steven Dam and Josh Rickwald

Innoslate® provides a very secure platform for capturing, analyzing, and reporting your systems engineering and program management information. We work tirelessly to provide the most secure environment possible in the world of cloud computing. We chose the Amazon Web Services (AWS) cloud platforms (both the regular AWS cloud and GovCloud) for this reason. The AWS cloud has been FedRAMP certified and has IL 4 and higher protection options, all the way to IL 7. We communicate with AWS through https, which means the data between the user and AWS is encrypted in transit. AWS then encrypts the data at rest. Since Innoslate® uses SQL databases as its foundation, all the security controls available for database management systems, such as the popular Microsoft SQL Server, are available to the users. These Database Management System tools can add many other security controls. We also support various single sign-on capabilities, including LDAP, CAC, OAUTH, and SAML. These features along with other features we won’t discuss ensure hackers are up against as hard of a target as possible.

Another important aspect of security is our team of software development experts. All the software developers are U.S. citizens, and most have been cleared at a high level. They all participate in our company’s annual security reviews, where we emphasize the need to maintain a secure environment for the software and workplace. Extensive code reviews and testing also ensure meeting the latest security requirements.

Since Innoslate® recently joined Iron Bank, a collection of software that has been approved and hardened for use across the entire DoD, we are required to meet those stringent security requirements. This causes us to consistently update libraries and improve the containerization of the tool.

In addition to Iron Bank, SPEC Innovations has just received a Security Technical Implementation Guide (STIG) approval from the Defense Information Systems Agency (DISA). The culmination of this two-year process means that Innoslate® meets the stringent security requirements of the Department of Defense and the guide provides a means to securely install Innoslate® on any DoD system.

There are many credentials to prove that Innoslate is secure, but perhaps the greatest cybersecurity benefit of Innoslate comes from the capability to model cybersecurity processes and designs more effectively. We can perform this through the Action diagram decision points. In most modeling languages, decisions are represented by symbols such as a diamond. In the Lifecycle Modeling Language (LML), which Innoslate® implements, decision points are special cases of Actions. By representing the decision point as an Action, we can allocate those Actions to cybersecurity (and physical security) Assets at any level in the model. This capability enables us to better design “defense-in-depth” strategies. The concept of “defense-in-depth” is very important for cybersecurity.

“Defense-in-Depth” means that security controls exist at many levels. Once a hacker penetrates one layer, they will find other layers have security controls too. This capability reduces the hacker’s access to all the information available within the system, limiting the damage they can do. The security controls are often represented by these decision points.

We are confident that Innoslate® is a powerful tool that places a high priority on cybersecurity. It can also help you develop a more secure environment for your entire system. Ease your mind by knowing your information is safe and secure with Innoslate. Happy Cyber Awareness Month!