Network security is currently high on everyone’s agenda, and with good reason. 2015 saw a deluge of high profile breaches, which reminded companies and the general public alike of what is at stake. Nearly 300 million records and $1 billion were stolen last year alone through cyber-attacks. The impact such an attack can have on the reputation of a company can be substantial, with a stigma of mistrust prevailing for many months – even years – after an incident. This, in turn, also profoundly affects a company’s bottom line. Some recent attacks have lost organisations hundreds of thousands of customers, millions of pounds and seen shares fall dramatically.
The need to protect data is made all-the-more apparent by looking at the kind of information that criminals usually target. Attackers are particularly keen to steal online identities, sensitive medical records or even classified military documents and sell them on for profit.
On top of this, governments across the world are now looking to encourage companies to adopt some form of data encryption. In the UK, the Information Commissioner’s Office has criticised businesses for failing to protect the information they hold and the Government has set up a ‘Cyber Street Wise’ campaign to raise awareness amongst individuals and businesses. Other European nations have implemented penalties against cyber-attacks. For example, if a company does not adopt encryption and suffers a breach in the Netherlands, the Dutch Data Breach Notification Law means companies can be fined 10 per cent of their net annual turnover.
With this in mind, protecting data ‘at rest’, has become a top priority for organisations. Companies are now keen to make sure devices and servers are properly protected from the threat posed by hackers. Yet, despite increasing awareness, encryption of data as it moves across the network (in-flight) is often overlooked. In-flight data is most vulnerable to criminals that have the ability to tap into fibre connections; security measures for data in storage come to nothing if in-flight data is not properly protected as well.
Not only does in-flight encryption camouflage data traffic so it cannot be interpreted or altered, it can also result in efficiencies for a business overall. By encrypting at the lowest level, the optical transport layer, companies ensure all data is safe-guarded without the need for multiple application-specific solutions, which are time-consuming, add service latency and increase the overall risk of some data leaving the premises un-protected. This allows service providers to offer an all-encompassing service, which means customers can, in-turn, benefit from state-of-the-art encryption solutions with no impact to their highly valued end-user experience.
Furthermore, in-flight encryption that is integrated into hardware can result in a lower latency solution that can actually improve the service provider’s overall performance, as the optical chipsets which are already present can now serve dual functions – supporting both encryption and the conversion of the now encrypted data from the electrical to the optical domain. For large, content-based companies, this improvement in latency can have a dramatic effect on the bottom line. Amazon, for example, found that 100ms of latency can cost the company one per cent in overall sales revenue.
With the data being generated by the world’s population set to grow 10-fold by 2020, companies can no longer close their eyes to the risks cyber-attacks can have on their business. It is time for organisations to take action and adopt a more holistic approach – that of protecting their solutions. A comprehensive IT security approach, which includes protection and encryption of data both at rest and in-flight will go a long way in helping to reduce the number of business-critical breaches in the years to come.