Last updated: 16 May 2016
As we discussed in the previous blog about data at rest, it’s clear that sensitive data needs to be protected. But what happens to data in motion when that data is transmitted to other locations?
Once it’s in motion, you are no longer in control of it, and, if unencrypted, it can be ‘tapped’ with relative ease by cyber-criminals (see Fibre Tapping: How to Protect Your Data in Transit with Encryption), or misdirected unintentionally either by human or machine error.
Something as simple as the wrong lead being connected to a wrong port or a routing table error can send your confidential information to an unintended destination.
The bottom line is your data in motion is at risk of exposure, maybe even more so than data at rest within your organization, since it’s out there and moving fast.
High speed networks are evolving to meet the growing need for increased bandwidth. ‘Big Data’ is placing unprecedented demands upon core IT infrastructure, including the networks that move data around. And the threats to this data increases as the volume grows.
The bandwidth demands of data center consolidation and rise of bandwidth intensive applications such as voice, video, virtualization, and cloud computing require high speed wide area networks. Because of its high overhead and other technical limitations, traditional router-based encryption often does not scale cost-efficiently to the levels of throughput required to protect data sent over such high bandwidth networks.
Many organizations using fibre optic cable networks internally and via service providers mistakenly believe fibre networks are inherently private and therefore safe. Unfortunately this is rarely the case, as telecommunications carriers often only offer the isolation of traffic or data such as VPNs (virtual private networks) without including best-practice data encryption.
Did you know? The technology that allows for fibre optic cable to be tapped, and for data to either be removed or added without breaking the connection, is readily available. Fibre-clamping devices are available over the internet, legally, for as little as $400. The simple clamp bends the individual fibre, allowing some of the light to escape. This is sufficient to either extract the information travelling down the cable or to inject additional information. With high speed networks handling up to 100 Gbps, it wouldn’t take long to extract a significant amount of data.
So, if you can’t prevent or detect fibre tapping, how do you secure your data in motion?
High speed encryption will protect your sensitive data – data, voice, video, or all three – and even your metadata. Whether you are a commercial or a government organization, your company is transmitting large volumes of sensitive data over high-speed Ethernet WANs that connect between offices, data centers with disaster recovery sites.
Traditionally, Layer 3 data networks were used to transmit information, but when you encrypt Layer 3 networks (IPSec), it’s at a serious cost of up to 50% of network performance.
On the other hand, Layer 2 networks do not suffer the same performance impact. They are used when you can’t compromise on efficiency and latency, while providing improved cost-effectiveness alongside best-practice data security.
To secure your data in motion, you need to encrypt it. By encrypting the data, you can be assured that however accessed by an unauthorized party, it is protected. The simplest and best approach is to provide protection that stays with the data, wherever it is being sent. High speed encryption does exactly that.
Download the Secure the Breach Research Kit to learn how to use authentication, encryption, and key management to prepare for a breach effectively.
The kit includes access to the Secure the Breach manifesto, white paper, and other helpful resources.