Insight and analysis on the data center space from industry thought leaders.
Switching Gears on Data Center Security
Today there are two methods to encrypt data in transit: encryption at the packet layer and encryption at the optical layer.
June 19, 2018
Paulina Gomez is Specialist of Product and Technology Marketing for Ciena.
Safeguarding sensitive or critical data such as intellectual property and confidential records has always been a priority when it comes to the data center, but now operators must take it a step further and work under the assumption that a network is already breached. Working off an assumed breach mentality challenges the way networks are traditionally designed, which is incredibly important as it’s not just about protecting information inside the data center, it’s also about protecting the increasing amount of content in transit.
Traditionally, data centers are protected using physical security, firewalls, anti-virus and intrusion detection methods. However, these security techniques are rendered useless if an attacker breaks through the invisible barrier created to keep unauthorized intruders out, or if there is a compromise while data is moving from one data center to another. This is where encryption comes into play.
Why is This Important Now?
The first concern is that data breaches are becoming more prevalent. 24/7 Wall Street reported that in 2017, the Identity Theft Resource Center found there was “a total of 1,579 breaches - a new annual record and 45 percent higher than the previous record of 1,091 set in 2016.”
The second factor is the massive amount of content being created and consumed by end users, and the technology that has been developed to meet this demand. 10 years ago, access to data within data centers was limited due to latency issues and the cost of bandwidth. When it was transported, it was predominately for backup or disaster recovery purposes. Fast forward to today and on-demand access to data is non-negotiable. Data is being pushed to the edge, and traffic is flowing with fewer limitations through terrestrial and submarine networks, with no indication of stopping – companies like Google, Microsoft and Facebook are making massive investments in new fiber builds. However, while transporting high capacity data is a necessity in order to satisfy end users’ expectations, it has also created new vulnerabilities.
Data centers take extreme precautions to remain secure, but when data travels outside of a data center (often through third-party providers), the chance of being compromised increases. Short of a “Hacking a Network for Dummies” book, there are numerous ways that a person with very little training can teach themselves how to hack a fiber network relatively easily – including YouTube videos that provide a viewer with a step-by-step tutorial.
Going Beyond the Data Center
The need to move data freely and securely across the network is exploding and data center interconnect (DCI) plays a critical role in meeting the explosion of data and non-stop demand for cloud-based services. Today there are two methods to encrypt data in transit: encryption at the packet layer and encryption at the optical layer (or Layer 1 encryption).
For a long time, encryption at the packet layer was the best option. This traditional in-flight data encryption solution is beneficial for specific applications but can present several challenges, particularly when encrypting high-volumes of in-flight data. These downfalls include painful key management, increased latency, inefficient use of bandwidth, and the need for a dedicated L2 encryption device. As the amount of content continues to grow exponentially, and as in-flight data is carried over longer distances across 10G, 100G, and 200G waves, this can become an incredibly complex and inefficient way to secure data.
More recently, data center providers have been given a new option: encryption at the optical layer. Optical encryption secures all in-flight data, with 100% throughput in the transport layer of the network as it is carried over optical waves across fiber-optic cables. There is no dependency on any additional hardware as the solution integrates directly into the transport network for a fast, easy-to-deploy solution. Encrypting data at the lowest possible layer also translates to a lower latency approach. This is a necessity for a wide range of industries – in the healthcare sector, for example, network latency can mean the difference between life and death when monitoring vitals. For utilities, it can be the difference between containing or propagating a power outage across the grid.
In-flight and at Rest – Protecting Data is Key
As more sensitive information gets distributed across fiber-optic networks spanning the globe and the need for simple-to-implement, low latency solutions increases, organizations must deploy an IT security approach that encompasses not just server security and at-rest encryption, but also a robust in-flight encryption solution. However, encryption of data at rest and in-flight is not mutually exclusive. Whether it is to protect from internal threats or hackers targeting intellectual property, data should be protected no matter where it resides. By creating a holistic security strategy that includes encryption of in-flight data at the optical layer, it is possible to mitigate the impact of a data breach, as well as meet the bandwidth and latency needs of today’s on-demand world.
Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.
Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating.
About the Author
You May Also Like