Layer 1 Encryption Delivers Superior Protection
Driven by social media, the move to cloud networking and mobility, todays networks are becoming ever more open. In parallel, as security threats become more prevalent – this 'openness ' is making protecting networks and business data ever more difficult.
While security solutions for a wide variety of threats have existed for many years, one commonly overlooked threat lies at the heart of the network – Layer 1. fibre connections can be easily tapped at nearly any point along the line; even under the ocean. The only way to take advantage of fibre's many benefits while still keeping data secure: Layer 1 encryption.
Layer 1 encryption offers several key benefits:
1) Protocol Agnostic - it doesn’t matter if you’re using Ethernet, Fibre Channel, Infiniband, or a completely unique, proprietary protocol. That makes Layer 1 encryption extremely flexible and easily deployable even as networks evolve.
2) Virtually no latency - Because…..the data moves just as quickly as it would without the encryption but more securely.
3) Comprehensive – only Layer 1 encryption protects the entire network stack against outside intrusion and keeps the metadata from other layers from being exposed. This is critical to any security program as that “extraneous data” (IP addresses, application-level details, etc.) is often used by cybercriminals to find new chinks in the network’s armor that can be exploited for a full-scale breach.
Basic Tips To Consider When Deploying Layer 1 Encryption
- Match the current network speeds. Layer 1 encryption techniques will work with network speeds of up to 100Gbps. While 100Gbps networks have yet to become the norm, it is important to look for a vendor who can provide not only the interfaces, but also the encryption speeds which tomorrow's networks require.
- Encrypt at the highest standards.
- Select Layer 1 encryption tools that use the Advanced Encryption Standard which provides a 256-bit key size – currently the top of the line as far as security keys go.
- Those organizations that face persistent threats should also incorporate what's known as Galois Counter Mode. This technique not only protects the data itself, but it also authenticates its point of origin and makes sure that no two messages are encoded in the same way.
- UseDiffie-Hellman key exchange and X.509 certificate authentication for operationally efficient and secure key distribution.
Many businesses today focus on higher level security when it comes to protecting data. While this is a sound enough method—don't be surprised if cyber terrorists manage to bypass your security system when you've left your 'basement window' unlocked. Just ask the executives at Home Depot or Sony. This is why many organizations are moving forward with extensive data encryption projects to augment their perimeter defense programs.
Remember, if the data is impossible to be read, it is no longer valuable to any hacker. It’s like breaking into a bookstore that stocks only Russian literature when you can't read Cyrillic.
Regardless of which protection method is used, encryption today is a must. While it is still important to encrypt data at other layers – particularly the network and application level – implementing a solution at Layer 1 provides broad spectrum protection against a wide range of issues. Without this precaution, a high speed, high capacity fibre network could quickly become a liability rather than an asset.