For security teams tasked with safeguarding data, the need to protect sensitive information has never been greater. Concerns over data surveillance are growing, regulation is changing, and data breach stories are dominating the headlines, providing a constant reminder of the ramifications of security breaches and information loss. Yet, from the moment data is in motion, organisations are no longer in control. Data can be easily and cheaply intercepted by cyber-criminals for a number reasons ranging from corporate espionage to data theft and cyber-blackmail. In this environment, encryption of data is essential.
Many organisations make the mistake of assuming that data networks are safe. But in reality, data in motion has never been at a higher risk of exposure. It’s out there in terabytes (and even petabytes), and cyber-attacks, human error and equipment failings can all lead to sensitive data getting into unauthorised hands.
The problem is while there’s always been a need for network security mechanisms, service providers do not always take measures to ensure data integrity. Generally, the solution they offer is the isolation of traffic or data. But this approach doesn’t safeguard against tapping of transmission lines, eavesdropping at switching and routing points, misconfiguration, and a host of other issues.
In addition, while vast amounts of time and money are invested in securing data at rest, organisations often underestimate the magnitude of the risk to their business-critical data while it’s in transit across public or private data networks. However, this approach is short-sighted. It’s not simply systems and servers that are vulnerable to attack. Most companies today need to send and receive data across both internal and external networks - locations which are immune to anti-intrusion and anti-virus protection. So as data travels across networks – internally and externally – it carries its own degree of risk exposure.
To combat these threats and guarantee the protection of data as it is used, organisations must move to a framework that is centred on the data itself, wherever it exists. This means providing a protection that stays with the data – wherever it is being sent, such as encryption. With encryption organisations can maintain control of their data, even when it is deployed in the cloud or in their datacentre. By moving security controls as close as possible to the data, organisations can ensure that even after the perimeter is breached, the information remains secure. So why are organisations still not embracing encryption in motion?
Encryption is not new. Governments and defence forces around the world have encrypted information for hundreds of years. Previously organisations have shied away from encrypting data in motion due to concerns that it leads to huge losses of bandwidth, network performance and increased costs. But in reality, this needn’t be the case – encryption does not need to have a downside.
Up until now, the data networks used to transmit information were Layer 3, but this is not well suited to modern environments. It is complex to manage, does not scale well to larger settings, and with a considerable overhead, can compromise network performance by up to 50 per cent. For this reason, the adoption of Layer 2 encryption, otherwise known as high-speed encryption, is increasing significantly.
Layer 2 networks can be secured and encrypted with dedicated appliances without any loss of speed and performance, minimal management, and greater reliability – resulting in a comparatively lower cost per gigabyte. By encrypting at Layer 2, organisations can better protect their data from eavesdropping, surveillance, and overt and covert interception at an affordable cost, without compromising security or performance.
In a climate of increasing cyber-criminal and malicious attack threats, data cannot be encrypted in isolation. Data network usage is growing, data transmitted is becoming increasingly valuable and bandwidth demands continue to rise. As a result, organisations need to ensure that they are securing data throughout its whole lifecycle.
CIOs have long considered the best defence to be a good offense when it comes to handling security threats. As a result, the vast majority of time and money is spent building the perimeter security measures that keep the outsiders from getting into the network. But in the new reality of security, the best offence is now the best defence, and encryption is the key to that strategy.
Whereas in the past encryption data in motion was deemed to be uneconomic and add an overhead to data networks, today’s high speed encryption technologies mean cost and speed need no longer be an issue. So there really is no excuse for any data to be transmitted in plain text. Only by unlinking their encryption strategy from their network architecture can companies be safe in the knowledge that their data is protected, whether or not a security breach occurs.
By Jason Heart, VP Cloud Solutions, SafeNet