In an age when privacy is splashed across the news,  confidentiality is at the root of many of the issues we read about every  day—whether it’s a breach of financial data at a bank, a leak of medical  records from a hospital, or one of the high-profile celebrity hacks—the result  is a breach of confidentiality. No one—the victims or the companies involved—wants  to be in the headlines for this kind of security issue.

Ensuring Data Remains Private
The core rationale for any data security approach is to ensure  data—it might be a company’s data, personal data, or partner data—remains  confidential at all times. This requires an end-to-end security approach that protects  network traffic from the endpoint to the  data center. Security used to mean ensuring that data in a fixed location  remained safe, but in this era, when data is always on the move, securing it in  transit to ensure it remains confidential until it reaches its intended destination  is critical.

So, how does data confidentiality work? In the network, it begins  at the physical layer, where the adversaries  can use fiber tapping devices to grab sensitive data without  even being detected. To avoid this kind of exposure, a well-secured network  should bulk encrypt all in-flight data from end-to-end, making it completely unreadable  and useless to hackers.

The core rationale for any data security approach is to ensure data—it might be a company’s data, personal data, or partner data—remains confidential at all times.


Securing the network in this way is an important part of ensuring data  confidentiality. Another element that can also be leveraged involves adding  selective service layer encryption at the edge. Today, a very cost-effective  way for companies to accomplish this is by deploying next-generation,  virtualized security solutions. This approach can reduce legacy infrastructure  costs but it requires a flexible, open infrastructure that can rapidly deliver  and provision virtual network functions (VNFs) in real time.

A multi-layered security solution that has confidentiality as its  core aim should use virtual security appliances like firewalls, intrusion  detection systems, and identity/access management systems. A little deception  is good as well though, so routing of traffic to virtual honeypots will help  fool and expose bad actors. Making it all work seamlessly might look like  magic, but a virtualized security environment depends on advanced analytics and  orchestration tools to make sure all VNFs work together effectively.

Another critical component of confidentiality includes intrusion  detection. Ciena’s PinPoint Integrated Optical Time Domain  Reflectometer (OTDR) detects fiber tapping and protects valuable traffic from long  term exposure. PinPoint automatically scans fiber plant at turn-up and during  faults and spots high losses or reflections in seconds; this enables quick  troubleshooting and repair. In addition, it enables proactive monitoring and  maintenance by finding potential fiber issues and avoiding future outages. It  also ensures fiber plant is properly conditioned for optimal performance.

Video
In the Lab: Hacking an Optical Fiber Line in Minutes

Securing the Network Itself
In today’s environment, it is not enough to encrypt user data, there  is also metadata information which can be used by adversaries to map out the  network and plan attacks even without access to the encrypted application layer  data.  What type of information is  exchanged as part of this metadata? IP and MAC addresses, protocol types  in use, and other potentially critical network information is exchanged in the  clear even when the actual user data is encrypted.

So how do you fill this hole in your enterprise encryption  strategy? You  must secure the network itself and not just the end-user data, but encrypting at the lowest layer possible on the network. Only  a Layer 1 optical encryption approach renders ALL data undecipherable to any  hacker that taps into the fiber strand. This ensures that metadata isn’t  exposed to attackers and eliminates gaps within an organization’s in-flight  data protection strategy.

You must secure the network itself and not just the end-user data.

Securing the network communications channels is also critical in  protecting the network itself against attacks that would attempt to take the  network down or alter its intended functions. This can be done by encrypting  selected ODU/OTU overhead and network management traffic to ensure that it  can’t be accessed by hackers. This ensures that the information required for  communications between all nodes in the network is kept private – this is  essential for the network to function as it is designed to.

Data Confidentiality Laws
Confidentiality is at the core of the EU’s GDPR—the General Data  Protection Regulation, which went into effect on May 25, 2018. Under the GDPR, companies  must notify authorities within 72 hours of discovering a personal data breach,  and, in serious cases, the data subjects affected by the breach must also be  notified. Fines have gone up significantly.

Financial services organizations that do business in New  York State have to conform to the 23 NYCRR Part 500, which went into effect on  March 1, 2017, and requires that entities  such as New York insurance companies, banks, and other regulated financial  services institutions (including agencies and branches of non-US banks licensed  in New York) assess their cybersecurity  risk profile and create a robust program to addresses those risks.

Okay—so that sounds daunting, doesn’t it? Trying to run a business  is tough enough. Now you have to worry about so many other issues—like keeping  your customers’ data confidential. How can you pull that off? Fortunately, Ciena  knows how to help.

Article
Following the 3-pillar approach to effective security strategy

How 花魁直播Helps
At Ciena, we use our WaveLogic  Encryption solutions to provide data protection that  ensures data remains private and secure from theft and secures all in-flight data  all the time. This is critical to ensuring that data remains confidential no  matter where it is going. Wavelogic Encryption utilizes field-proven techniques  that are widely deployed across the globe in finance, legal, healthcare,  military, utilities, ICPs, service provider networks, and government networks.

Enterprises like Switzerland’s Helvetia choose  Ciena as the infrastructure they rely on to securely transfer data  between critical enterprise hubs. With Ciena, Helvetia can benefit from  always-on encryption to send more data securely by taking advantage of the  ability to transport encrypted data at 200 Gb/s across distances up to 130km.

Network operators cannot just stop at encrypting the end-users’  data, they must protect their entire network by securing at the lowest level  and utilizing integrated OTDR capabilities for better visibility to detect  intrusions.

The world can be scary. So much is riding on  your network. 花魁直播is equipped to make sure that your confidential information  stays secure. At the same time, we’ll help you conform to the increasingly complex regulatory environment.