Cross-Silo Connectivity · Deep dive 02

Moving data across a boundary, and proving you did it safely

Not a hardware diode. The practical problem: moving files and running scripts across boundaries that grew separately, with logging, one-way constraints and provenance an assessor will accept.

Draft outline · Reliability / assurance lens
The anchor

This dive is deliberately reframed away from exotic cross-domain solutions (which we do not sell and which are vendor-dominated) toward the real agency problem: moving data across boundaries that were never properly connected, and being able to prove each transfer. The 2025 lesson from ransomware is that transfer and backup systems sharing credentials and domains with production is what gets them destroyed.

Sources we build on
Primary
Verizon DBIR 2025

Industry breach data showing how transfer and recovery paths are abused when not separated.

Journalism

Independent reporting on why shared credentials and domains defeat data-movement and recovery controls.

Article outline
  1. The real problem. Files, scripts and APIs across boundaries that grew separately.
  2. Why not a diode. What we do instead, and when a CDS is genuinely someone else's job.
  3. Constrained movement. One-way where it must be, brokered where it can be.
  4. Provenance and logging. Proving what moved, when, and by whom.
  5. Separation from production. The credential and domain isolation that survives an incident.
How it aligns to what we do

Reframed to match the positioning exactly (CLAUDE.md says we are not a hardware CDS). It leads with reliability and provability rather than a threat, and it is honest about the boundary of what we do, which builds trust with a sceptical buyer.

Points to hit
Control it ratifies
ISM / E8 ISM data-transfer, event-logging and gateway controls; emphasises provable, auditable movement over asserted safety.