This Industry Viewpoint was authored by Bill Ballmer, ADVA Optical Networking
5 five essential strategies for safeguarding data as it moves between sites
Today’s networks are more at risk than ever before. Data is most susceptible when it’s in motion and, with the explosion of cloud data and application-based connectivity, criminals now have unprecedented access to the keys that unlock encryption.
Fighting back against cyberattacks is even more of a challenge due to the changing nature of the threats. Yesterday’s technologies are being overwhelmed by polymorphic attacks from malware which constantly changes to avoid detection and uses encryption streams to gain access. Traditional safeguarding methodologies, such as firewalls, have become no more than police tape surrounding a crime scene. Newer technologies like data analytics can help find breaches and improve policies to reduce the risk, but these tools alone are powerless to stop them.
While security industry experts focus on this aspect of the problem, they are missing one of the key elements – the keys. Encryption is like a 1,000-piece jigsaw puzzle where all the pieces are white. It would take an extremely long time to figure out how to put the puzzle together by trial and error. But if each piece has a column and row number on the back, then solving it becomes easy. The keys that unlock encryption are similar to the coordinates on the back, and that’s why cybercriminals are so eager to get access them.
To get their hands on these credentials, thieves will steal computers, trick users into downloading a trojan, attempt to break passwords or bribe employees. And there are many other methods. One of the easiest is to read all the traffic crossing a network, looking for unprotected data to help gain access to users’ credentials. These could be emails or communications with vendors that have less sophisticated protection. For a very low cost (less than 2,000 USD), it’s possible to build a remote-controlled device capable of reading either fiber or copper links. Using physical man-in-the-middle attacks is still a very simple procedure because of the insecurity of the public network. Few companies protect themselves from this form of attack or even recognize the danger. Yet, it is the least expensive security precaution compared to firewalls or application-based encryptors.
Man-in-the-middle attacks circumvent many of the protection processes provided by firewalls, data analytics, and conformance policies. The network traffic flow is just too complex for any one technology to address.
Service Providers and Customers Must Work Together
The time has come for service providers and customers to work together to protect data when it’s most vulnerable. The only way to combat the latest cyber threats is to create a multi-tiered solution. Layer 1 and 2 protection is the least expensive and most sophisticated encryption technology available. Encryption of data at these lowest networking layers as it moves between sites should now be deployed universally. This method ensures all layers are protected because everything has to flow through the connectivity layer before going anywhere else. It’s a low-latency solution that ensures superior network performance. And new technologies such as NFV can help make it even more cost-effective.
Here are five essential strategies for safeguarding data as it moves between sites:
- Deploy multi-layer security. Just like an airport security system, which involves several methods including video surveillance, perimeter protection technology and passenger screening, using multiple layers of network security maximizes effectiveness when it comes to safeguarding data.
- Segment applications. Any damage caused by an intrusion is minimized by segmentation. Limiting the level of access to sensitive information for applications, servers, and people who don't need it, ensures that a breach into a single user or administrator is not a gateway to an entire network.
- Enforce security policies. The best designed security network is only as good as the ability of its operator to implement effective security policies and ensure that all users comply.
- Don’t trust in infrastructure. A zero confidence approach is essential. Remember: What cannot be controlled must be considered compromised. Always assume the worst case scenario and trust only the keys.
- Proactively plan for the next trend in attacks. Criminals are constantly looking for weaknesses and finding new ways to exploit them. That’s why it pays to expect the unexpected. Over-confidence creates complacency, which is exactly what criminals look for. What happens in one industry will migrate to others so keep on top of the latest developments and stay one step ahead.
About the author:
Bill Balmer, Manager, Global Business Development, Ethernet and NFV markets, ADVA Optical Networking. Bill has more than 30 years in the Telecommunication Industry with extensive experience in Ethernet, security, IP, wireless, VOIP, optical, packet networks, and performance management systems. He is part of the security team that develops encryption products for the marketplace.