Several recent headlines about large GDPR-related financial penalties for data breach violations, continue to spark massive investments in security compliance initiatives across all industries. However, these programs are sometimes limited to protecting data held within the organization – with little or no consideration for ‘in-flight’ data traveling between locations across the Wide Area Network (WAN).

This is no longer adequate, as large amounts of data are transported over high-capacity wavelengths across fiber optic networks and cybercriminals are exploiting any potential gaps within an organization’s security strategy. It’s not uncommon, for example, for hackers to use ‘wiretap’ devices to steal data as it travels over optical fiber connections.

The frequent lack of physical security makes this kind of attack relatively easy, allowing hackers to access fiber and install wiretaps in cabinets in the street, under man-hole covers, and in other easy-to-breach locations. These wiretaps can also be left in place for long periods of time without being detected, leading to large quantities of data being stolen, with no indication when breaches even started.

The only way to prevent the theft of data using wiretaps is to encrypt ‘in-flight’ data as it travels over WAN connections. The ability to do this effectively has now become a key requirement in tender processes for network rollouts, and is critical for protecting customers and their data in the GDPR era.

Certification equals data encryption solutions you can trust

The challenge for organizations looking to strengthen their GDPR position and protect their critical data is that not all network encryption solutions are created equal. Some solutions are only designed to be compliant to a specific standard or are approved for a specific application.

In both these cases, this means that the solution has not gone through any kind of third-party testing or validation to ensure it has been implemented in accordance with the standard. As a result, implementing these kinds of solutions could lead to a potential gap within your security strategy – a risk not worth taking in today’s environment of ever-increasing threats.

The way to overcome this ambiguity and ensure the highest levels of protection for in-flight data is to choose an encryption solution that is certified to the very highest security standards. Choosing these kind of solutions means that all the relevant security features and capabilities will be well-defined and auditable, helping to reassure your customers and the regulator that all the appropriate measures are in place to protect your data from end to end.

What certifications should you be looking for?

Technology products are certified by different agencies, depending on where they are developed and deployed. The US Government, for example, has developed FIPS standards which apply to all technology products and end-user devices deployed in government agencies. Likewise, the German Federal Office of Information Security (BSI) sets the bar high for security certification in Europe, testing technology products against Common Criteria standards for computer and data security.

If you can find encryption products with one of these certifications, they are likely to be robust solutions you can trust. However, solutions with both FIPS certification and BSI/Common Criteria certification will give you the highest possible assurance for end-to-end security and data protection in your network.

Ciena has won the race for full BSI certification

In recent years, as the need for the highest possible data protection has become critical, some of the big names in networking have been working to achieve full BSI certification for their encryption products. In one example, a network company has achieved BSI certification for deployment of its encryption products in particular configurations and for particular use cases.

Ciena has now surpassed these achievements, becoming the first optical equipment provider to achieve full BSI certification for our WaveLogic Encryption products, in addition to our existing Common Criteria and FIPS certifications. This means that, with our solutions, you get peace of mind that your data will always be protected against wire taps and other unauthorized access – across all applications – even as it travels over the WAN. This not only helps you demonstrate your compliance to the GDPR, or any other data regulation, but you can also protect your customers and your business to build even more trust for your brand long term.

Ciena’s WaveLogic Encryption solutions have achieved the highest level of trust in EMEA with full BSI certification

Encryption efficiency 24/7, with improved network performance

Ciena’s proven, always-on WaveLogic Encryption solutions protect your data at the optical layer, eliminating the latency issues often associated with layer 2 and 3 encryption without impacting performance. Additionally, this approach allows you to protect your data with no need for additional layer 2 and 3 equipment, helping you reduce your network footprint and power costs.

Last, but not least, you can protect all of your customers’ in-flight data – not just Ethernet and IP traffic – with an easy-to-deploy optical-layer encryption offering.

Protect your in-flight data, across any distance

The full BSI certification is another feather in our cap, and proof that Ciena is committed to delivering third-party certified optical encryption solutions you and your customers can trust. This means you can be sure that your critical data is secure as it leaves the private cloud, and protected as it traverses the network, across any distance, without sacrificing the end user experience.