Maybe you dodged the most recent massive data breach but have no doubt: malicious electronic attacks are escalating in sophistication, frequency and scale. Criminals are partnering with cyber experts in a kind of crime-as-a-service twist, and organizations with a political, social or moral ax to grind are hacking to influence and embarrass. Together these malicious groups are expertly combining old and new attack strategies while taking advantage of today’s highly dynamic network environments to steal our money, our secrets and our peace of mind.
To level-set how every one of us could become a victim of a security breach, it’s worth noting that little over a year ago, the US International Revenue Service (IRS) shut down its online transcript process when it discovered that the authentication system had been breached, giving thieves access to the tax records of more than 720,000 citizens. That’s 720,000 full names, addresses, phone numbers and social security numbers, and maybe half as many bank account numbers. Impressive and terrifying.
The IRS is just now getting that service back online while promising that its new security schema will fend off hackers. I’m not confident that this will be the last breach of the IRS. It’s very hard to get in front and stay in front of those who hope to cash in on our data.
Hackers Continue to Innovate
The problem is that our targets are continually changing, devising new and creative ways to find and steal important information. Take for instance a new trend toward data integrity attacks where data is manipulated to skew decisions, redirect support or spur action that benefits the hackers in some meaningful way. Add that to massive transformation happening in the networks themselves to support huge bandwidth demand, high-speed transmission and dynamic change and it becomes clear that we need to counter with ever more sophisticated security schemes.For some time now, encryption has been the go-to scheme for security gurus. Encryption is a powerful tool and must be part of every network/information security plan for corporations, governments and other organizations.
At the networking level, Internet Protocol Security (IPsec) has been the protocol suite of choice for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. However, the drawback to IPsec is hit to performance. It introduces overhead in the 50 percent range, which degrades performance and becomes expensive when capacity must be increased to compensate.
As our networks become larger, faster and more dynamic we need to augment IPsec with ever more powerful technologies for the protection of valuable data.
Let’s Secure Data at the Physical Layer When It Leaves the Premises
The safest method for protecting information and guaranteeing data integrity is physical layer encryption. Imagine if every packet leaving your premises is fully encrypted including all local routing information, bulletproofed from launch. Even behavioral analysis by tapping fibers is inhibited. That’s what can be achieved when encryption is done at the physical layer.
Optical network encryption is coming into play as a powerful and cost-effective tool for securing high-speed, low-latency networks, especially in financial, government, healthcare and even retail markets. That’s because it can be implemented with zero overhead and operates at the highest transmission rates, making it ideal for synchronous mirroring applications and where high-speed leased lines connect major enterprise office locations.
Many organizations are already incorporating this new technology when they interconnect data centers for disaster recovery and business continuity. It’s the lowest cost-per-bit network encryption option available and, done right, it doesn’t slow the flow of data. Global enterprises are now specifying optical network encryption as a fundamental requirement for the interconnection systems between their data centers across the globe.
At ADVA Optical Networking we‘re continually enhancing our network security technology, enabling our enterprise, network operator and managed service provider customers to protect their data with ease. Our ConnectGuard™ solution provides protocol-agnostic encryption and operates with wire-speed performance using the internationally recognized Advanced Encryption Standards algorithm for securing information. Dynamic key exchange and a strictly separated encryption domain manager ensure that our solutions meet the most stringent regulatory requirements.
By taking encryption to the physical network level, information can be safeguarded as it moves outside the walls of the business with no loss of capacity or performance. The time is now to utilize the best technology available to protect our data, our networks and our peace of mind.