5 Facts You Probably Didn’t Know About In-Flight Data Encryption
Would you be shocked to know that over 4.46 million data records are lost or stolen every day? Whether the risk is primary financial, reputational, operational, or a combination of all these, a holistic security strategy that protects both at-rest and in-transit data is imperative in today’s connected information landscape. Critical, high-capacity data is constantly moving across towns, cities, and borders as more organizations adopt cloud storage, endeavors that are matched only by the speed and capabilities of those seeking to compromise this data.
Unfortunately, traditional in-flight data encryption solutions are fraught with tradeoffs and inefficiencies, particularly when considering high capacity data rates. To shed some light on the story of in-flight data and how to protect it, take a look at these 5 facts:
1. Complying with privacy requirements and data security regulations is the top driver for enterprise adoption of encryption technology.
Complying with privacy requirements and data security regulations is increasingly important in today’s online, global culture. In fact, 55 percent of respondents in a recent Ponemon Institute survey ranked it as their top driver for adopting encryption technology. Not far behind, 51 percent of respondents see protecting enterprise intellectual property as the main driver. In the U.S. alone there are roughly 20 data security laws, such as HIPAA, FISMA, 23 NYCRR Part 500 and the Graham-Leach-Bliley Act.
The upcoming European General Data Protection Regulation (GDPR), a new law in the EU, will require notifying the relevant authorities within 72 hours of discovering a personal data breach, and, in cases where the information is sensitive or could cause significant damage, notifying every data subject affected by the breach. Some countries already have similar laws in place. Lack of compliance can result in huge fines or, worse, prosecution. Under the GDPR, the maximum penalties for a personal data breach will increase from the current cap of €500,000 to €10,000,000 or two percent of total worldwide annual turnover, whichever is higher. These fines are changing the way companies look at data security, especially in consumer-focused businesses such as banking, healthcare, and retail.
A new law in the EU, will require notifying the relevant authorities within 72 hours of discovering a personal data breach, and, in cases where the information is sensitive or could cause significant damage, notifying every data subject affected by the breach.
2. Heavily regulated industries have adopted encryption the most and healthcare has been hit the hardest.
The extensive use of encryption varies considerably by industry segment. Specifically, heavily regulated industries such as financial services and healthcare have the highest use rate; less-regulated industries such as manufacturing and consumer products have the lowest use rate. The healthcare industry was the hardest hit during 2017 in terms of the number of data breaches, accounting for more than one quarter (25 percent) of all breaches. Trends over the past four years suggest a steady increase in all industry segments. The most significant increases in extensive encryption usage occur in the public sector, retail, and technology and software organizations.
3. There are three key components to a holistic security strategy.
Data-at-rest and data-in-flight encryption, as well as server and database security, are key components of a holistic strategy to protecting data. Data in transit, in particular, is becoming more important given the extensive and increasing use of the cloud and the volume of data being moved around the globe. Fiber-optic cables carry hundreds of gigabits of confidential information every second and in the past, have been considered inherently safe and impenetrable. However, there are instances where fiber optic cables are unguarded and easily accessible, making them vulnerable to data breaches. This means that in today’s day and age, anyone with malicious intent, a few readily available tools and the help of a YouTube video could learn to infiltrate them. Encrypting in-flight data to secure communications across fiber-optic cables can help eliminate gaps within your data security strategy.
4. Traditional in-flight data encryption solutions have their downfalls.
High latency, costly application-specific hardware, bandwidth inefficiency, and complicated key management are significant downfalls of traditional encryption solutions. As a result, companies are deploying 10G, 100G, and beyond optical encryption solutions to cost-effectively secure all in-flight data, without impacting performance, no matter the application or protocol. For example, Ciena’s WaveLogic Encryption solutions integrate directly onto the transport network for simplified deployments, deliver ultra-low latency, protocol-agnostic, wire-speed data throughput, and offer simplified key management that is fully controlled by the end-user.
Companies are deploying 10G, 100G, and beyond optical encryption solutions to cost-effectively secure all in-flight data, without impacting performance, no matter the application or protocol.
5. Keeping out the bad guys takes everything from keys to crypto.
Third-party certification, always-ON encryption, independent keys, the latest industry algorithms, and fast key rotation intervals are all key elements that can be combined to enable a highly secure optical encryption solution. Third-party-certification provides the assurance that the encryption solution has demonstrated compliance to all of the necessary requirements by having successfully completed the rigorous laboratory testing and review mandated by the standards. Ciena’s WaveLogic Encryption is validated externally and independently certified by a third party to ensure it is implemented with industry-standard algorithms and advanced security features. It features a FIPS-certified AES-256 encryption engine leveraging the highest-security cryptography algorithms available today, including Elliptic Curve Cryptography (ECC) algorithms.
Although the ability to turn encryption on or off may seem like added flexibility, simple human error can result in sensitive traffic being sent over the network unencrypted. Ciena’s WaveLogic Encryption solution encrypts all network traffic at all times, eliminating any chance of sending data in the clear, to ensure the highest level of security. For enhanced data protection, the solution is designed with two distinct and independent sets of keys for authentication and data encryption functions, with a fast encryption key rotation interval of seconds instead of minutes, making it even more difficult for a hacker to access information.
So, did you learn a few things? As increasingly more sensitive information gets distributed across fiber-optic networks, organizations must deploy an IT security approach that encompasses not just server security and at-rest encryption, but also a robust in-flight encryption solution. There is an easy-to-deploy solution for in-flight data encryption and with the stakes so high, the time to secure your enterprise is right now. Ciena’s WaveLogic Encryption solutions can help. Read the app note and find out how.