[betterunix]

I am not sure partitioning networks the way the military does is going to work very well. What is going to happen when a mid-level manager has a meeting, he is running late, and he just needs to get his powerpoint set out of the internal network? He's either going to miss that meeting or fail to close the deal, at which point the policy is getting in the way of business (and will therefore be short-lived), or he's going to find that one crack that lets him get some data out (more likely).

The reason red/black networks (can potentially) work in military environments is that there is a (somewhat) uniform notion of classification in the military; in the business world, there is no such thing. What is needed is something more distributed, like a system that automatically encrypts documents so that uploading those documents to some Internet service is not so hazardous. Give employees smartcards that are easily carried around and easy to use, perhaps combining those smartcards with a thumb drive that contains whatever software they need to decrypt their documents on any computer. The security will not be perfect, but this is not a situation that requires perfection, only improvement.