Skip to main content

Three Domain Separation


Three Domain Separation

Groundbreaking cybersecurity innovation

The cost of managing VPN deployments grows exponentially without central management possibilities. The obvious benefit of central management is the possibility to rationalize the deployment, monitoring and management of VPN installations.

Central management will greatly reduce the total cost of ownership (TCO) and improve the return on investment (ROI). However, traditional central management has severe drawbacks when it comes to information privacy and information leakage. The root of the problem lies in the two domain separation. In traditional solutions, red and black domains are used to describe the transportation of user information between the secure plaintext side (RED domain) and the untrusted encrypted side (BLACK domain) of a VPN device. Traditional central management utilize two domain separation where administrative personnel have the ability to access sensitive information on the protected network (RED domain) from the management site.

 

Three Domain Separation, a true paradigm shift in VPN management

Advenicas patented innovation, Three Domain Separation, is a true paradigm shift in VPN management. It is the only technology that eliminates the threat of unauthorized disclosure of sensitive information by a VPN administrator or a Managed Security Service Provider (MSSP).

The Three Domain Separation technology is based on extending the traditional two-domain separation with an administration domain. By adding a third domain, Advenicas solution provides system administrators with a tool that allow management and control of VPN devices from a central location. At the same time, administrators cannot under any circumstances access user information that passes through a VPN device or information stored inside the secure network. Users of the VPN system are thus provided increased security:

  • No unauthorised access to user information in transit over an unprotected network (encrypted traffic in the VPN tunnel)
  • No administrative personnel can access any information other than what is required for device management.

Three Domain Separation is a truly groundbreaking innovation that prevents IT administrators from accessing sensitive information and thus provides unique opportunity for providers of managed security services.

It provides unique assurance and protection against data leakage, which is crucial for Managed Security Service Providers and for customers who manage their own cybersecurity systems.