The secure exchange of information between the Government, Defence and the supply chain is critical to operational outcomes. A Community of Interest (COI) is often used to facilitate multi-party coordination and collaboration between these parties but is often difficult to implement. Let’s explore the use cases, challenges and tools for creating COIs for secure information exchange.
What is a Community of Interest (COI)?
A Community of Interest is commonly used in Defence. Both the NATO Architecture Framework (NAF) Chapter 7, 7.2 and the National Institute of Standards and Technology (NIST) define a Community of Interest or COI as “any collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes.” These groups/users must operate at the appropriate security level (or levels) and share a common vocabulary for the information exchanged within and between systems.
How are COIs used in the Defence Industry?
In a Defence setting, a COI is a group of internal and external users or organisations authorised by their respective organisation(s) to work together to share information, including sensitive data, on specific topics on a need-to-know basis. The goal of a COI is to help coordinate efforts, capture knowledge and facilitate innovation. Specialized access control and privacy mechanisms are generally necessary to ensure secure information exchange and compartmentalised access, allowing users to access only authorised information.
For example, a military division may need to share sensitive information and designs with a supplier regarding the specs of the part it is manufacturing. In a multi coalition environment such as NATO, COIs support interoperability, information sharing and collaboration within and between the various NATO partner communities.
What are the security challenges of Creating a COI?
Creating a COI is often a complicated procedure to ensure the appropriate access controls and information security are implemented on the system(s) used to share information. It can involve purchasing new hardware and software to ensure stringent government regulations are met for all parties.
Information must be properly segregated or compartmentalised to ensure authorised access only and enforce ‘need to know’ principles. This level of compartmentalisation can be difficult to achieve using traditional file sharing tools, which do not provide the fine-grained controls needed to facilitate secure information exchange between multiple parties with differing security requirements and clearances.
Many organisations try to solve this challenge by building bespoke solutions that require considerable time and effort to implement and are costly and difficult to maintain.
How Kojensi Simplifies COI Management for Secure Information Exchange
Kojensi SaaS is a secure classified information collaboration platform designed for Defence and Defence industry file sharing and collaboration needs. It provides an out-of-the-box solution that enables multiple parties, including internal and external users and organisations, to securely create, collaborate, and exchange sensitive and classified information without providing access to their internal network and systems.
The platform uses a data-centric attribute-based access control (ABAC) model to enforce the strict controls needed for a COI. With Kojensi, a file and user’s attributes, including security classification, organisation and country, can be added to documents and files. These attributes are used in Kojensi’s security policies, which information custodians use to set strict controls over who can access, edit, and download files. With Kojensi, information owners maintain complete control over their information.
All data stored in Kojensi SaaS is hosted locally in Australia by an ASD-certified PROTECTED cloud provider, ensuring data is stored and processed in local data centres. Also available as an on-premises application, Kojensi Enterprise is one of the only solutions accredited by the Australian Government to secure “top secret” information.
COI Creation Takes Just Minutes with Kojensi
The Kojensi SaaS platform allows you to easily set up a Community of Interest (COI) and invite trusted partner organisations to securely exchange information and collaborate without the overhead of an installed system. Users can set up a shared workspace in minutes and invite internal personnel and external partners to share and collaborate on information. A full audit trail, version control, and tracking ensure transparency and assist with auditing requirements.
Create guest organisations and users
Easily create ‘organisations’ or guest users, one of the three key attributes used in the platform’s attribute-based access control (ABAC) model.
Create a secure Workspace or Community of Interest (COI)
Information is compartmentalised in a secure ‘Workspace’, also known as a compartment or COI. Kojensi enables the quick creation of a COI, typically taking just a few minutes to create a workspace and invite collaborators.
Invite Workspace Collaborators
The Workspace owner has complete control over inviting internal and guest users to their workspace. They can also set whether the individual users have an editing (Contributor) or a view-only (Viewer) role.
Information Owners Can Easily Build Access and Sharing Policies
All information owners can effortlessly configure file access, security and sharing policies through the built-in user-friendly interface. Each file owner within the workspace has complete control over their information and is responsible for setting the security and sharing controls for their files.
For security, only the file Owner can move a file out of a workspace, delete it or copy it. File Owners can also apply a download policy to ensure that contributors can only download the file if the Owner enables it. Kojensi’s easy-to-configure ABAC policies ensure users will only have access to information they are authorised to.
Book a Demo
Uncover the power of Kojensi to instantly create a secure Community of Interest. Effortlessly invite new partners within minutes, confident they will only have access to authorised files to meet security and compliance requirements.
Contact us to see Kojensi in action.