Why bring encryption to the transport network? To paraphrase bank robber William “Willie” Sutton: “Because that's where the data is.”
To date, most data center security efforts have focused on physical security and protecting against Internet threats. However, IT departments can no longer ignore data theft through interception. Despite a reputation for being more secure than standard wiring or airwaves, the truth is that fiber cabling is just as vulnerable to technical hacks. Several years ago, three main Deutsche Telekom trunk lines were breached at Frankfurt Airport in Germany. In the United States, an illegal eavesdropping device was discovered hooked into Verizon's optical network. Other international incidents include optical taps found on police networks in the Netherlands and Germany, and on the networks of pharmaceutical giants in the U.K. and France. Reports on these high-profile fiber intrusions offered few details. For the most part, hacks typically go unreported, and often undetected.
The increased importance of data security has caused a paradigm shift, focusing on encryption implementations at lower layers of the OSI protocol stack, the physical layer in particular. At this lowest layer, data rate and block size are constant and predictable, allowing lowest latency while guaranteeing wire-speed data throughput without any loss in performance. These characteristics are vital to enterprise applications for data backup, protection and disaster recovery, which require the highest network performance and efficiency.
Clearly, encrypting data at the physical layer is most efficient to protect data. So why aren't organizations rushing to sign on? The complexity of managing keys is a top deterrent to ubiquitous encryption. After all, there are many ways to encrypt, but key management is where all these projects succeed or fail. And failure is most likely to occur several years out, after the hole has been dug quite deep.
Fortunately, advances in managing keys as well as targeted solutions for separating the key management from the network management domain make it much less likely that lost keys will come back to haunt you. Most of the enterprises and managed service providers we spoke with understand the problem and are looking for scalable optical transport solutions integrating latest encryption and key management technology. 256-bit block code AES encryption and Diffie-Hellman exchange are two examples of algorithms optical transport system vendors have started to implement into their products, creating new opportunities for managed service providers to enhance their services in a simple manner and add encryption functionality to their portfolios.
Security for optical transport networks is becoming an important means to safeguard private data sent across networks. The threat of data theft and espionage is real, and recent advancements in technology increase the likelihood that hackers will successfully gain access to business-critical information.