Would you be shocked to know that over  4.46 million data records are lost or stolen every day? Whether the risk is primary  financial, reputational, operational, or a combination of all these, a holistic  security strategy that protects both at-rest and in-transit data is imperative  in today’s connected information landscape. Critical, high-capacity data is  constantly moving across towns, cities, and borders as more organizations adopt  cloud storage, endeavors that are matched only by the speed and capabilities of  those seeking to compromise this data.

Unfortunately, traditional in-flight  data encryption solutions are fraught with tradeoffs and inefficiencies,  particularly when considering high capacity data rates. To shed some light on  the story of in-flight data and how to protect it, take a look at these 5  facts:

1. Complying  with privacy requirements and data security regulations is the top driver for  enterprise adoption of encryption technology.

Complying with privacy requirements  and data security regulations is increasingly important in today’s online, global culture. In fact, 55 percent of respondents in a recent Ponemon Institute survey ranked it  as their top driver for adopting encryption technology. Not far behind, 51  percent of respondents see protecting enterprise intellectual property as the  main driver. In the U.S. alone there are roughly 20 data security laws, such as  HIPAA, FISMA, 23 NYCRR Part 500 and the Graham-Leach-Bliley Act.

The upcoming European General Data Protection Regulation (GDPR), a new law in  the EU, will require notifying the relevant authorities within 72 hours of  discovering a personal data breach, and, in cases where the information is  sensitive or could cause significant damage, notifying every data subject  affected by the breach. Some  countries already have similar laws in place. Lack of compliance can result in  huge fines or, worse, prosecution. Under the GDPR, the maximum penalties for a  personal data breach will increase from the current cap of €500,000 to  €10,000,000 or two percent of total worldwide annual turnover, whichever is  higher. These fines are changing the way companies look at data security,  especially in consumer-focused businesses such as banking, healthcare, and  retail.

A new law in the EU, will require notifying the relevant authorities within 72 hours of discovering a personal data breach, and, in cases where the information is sensitive or could cause significant damage, notifying every data subject affected by the breach.

2. Heavily regulated  industries have adopted encryption the most and healthcare has been hit the  hardest.

The extensive use of encryption  varies considerably by industry segment. Specifically, heavily regulated  industries such as financial services and healthcare have the highest use rate;  less-regulated industries such as manufacturing and consumer products have the  lowest use rate. The healthcare industry was the hardest hit during 2017 in  terms of the number of data breaches, accounting for more than one quarter (25 percent) of all breaches. Trends over the  past four years suggest a steady increase in all industry segments. The most  significant increases in extensive encryption usage occur in the public sector,  retail, and technology and software organizations.

Application note
WaveLogic Encryption Solution

3. There are  three key components to a holistic security strategy.

Data-at-rest and data-in-flight  encryption, as well as server and database security, are key components of a  holistic strategy to protecting data. Data in transit, in particular, is  becoming more important given the extensive and increasing use of the cloud and  the volume of data being moved around the globe. Fiber-optic cables carry  hundreds of gigabits of confidential information every second and in the past,  have been considered inherently safe and impenetrable. However, there are  instances where fiber optic cables are unguarded and easily accessible, making  them vulnerable to data breaches. This means that in today’s day and age, anyone  with malicious intent, a few readily  available tools and the help of a YouTube video could learn to infiltrate  them. Encrypting in-flight data to secure communications across fiber-optic  cables can help eliminate gaps within your data security strategy.

4. Traditional  in-flight data encryption solutions have their downfalls.

High latency, costly  application-specific hardware, bandwidth inefficiency, and complicated key  management are significant downfalls of traditional encryption solutions. As a  result, companies  are deploying 10G, 100G, and beyond optical encryption solutions to  cost-effectively secure all in-flight data, without impacting performance, no  matter the application or protocol. For  example, Ciena’s  WaveLogic Encryption solutions integrate directly onto the transport  network for simplified deployments, deliver ultra-low latency,  protocol-agnostic, wire-speed data throughput,  and offer simplified key management that is fully controlled by the end-user.

Companies are deploying 10G, 100G, and beyond optical encryption solutions to cost-effectively secure all in-flight data, without impacting performance, no matter the application or protocol.

5. Keeping out  the bad guys takes everything from keys to crypto.

Third-party certification,  always-ON encryption, independent keys, the latest industry algorithms, and  fast key rotation intervals are all key elements that can be combined to enable  a highly secure optical encryption solution. Third-party-certification provides  the assurance that the encryption solution has demonstrated compliance to all  of the necessary requirements by having successfully completed the rigorous  laboratory testing and review mandated by the standards. Ciena’s WaveLogic  Encryption is validated externally and independently certified by a third party  to ensure it is implemented with industry-standard algorithms and advanced  security features. It features a FIPS-certified AES-256 encryption engine  leveraging the highest-security cryptography algorithms available today,  including Elliptic Curve Cryptography (ECC) algorithms.

Although the ability to turn  encryption on or off may seem like added flexibility, simple human error can  result in sensitive traffic being sent over the network unencrypted. Ciena’s  WaveLogic Encryption solution encrypts all network traffic at all times, eliminating  any chance of sending data in the clear, to ensure the highest level of  security. For enhanced data protection, the solution is designed with two  distinct and independent sets of keys for authentication and data encryption  functions, with a fast encryption key rotation interval of seconds instead of  minutes, making it even more difficult for a hacker to access information.

So, did you learn a few things? As  increasingly more sensitive information gets distributed across fiber-optic  networks, organizations must deploy an IT security approach that encompasses  not just server security and at-rest encryption, but also a robust in-flight encryption  solution. There is an easy-to-deploy solution for in-flight data encryption and  with the stakes so high, the time to secure your enterprise is right now. Ciena’s  WaveLogic Encryption solutions can help. Read the app note and find  out how.

Application note
WaveLogic Encryption Solution