The last few months have revealed a litany of shocking network device vulnerabilities that are tantamount to ‘traps for the trusting’.
The sheer number of devices impacted by encryption vulnerabilities suggests all data networks contain inherent weaknesses. Whilst some are, inevitably, more serious than others, they all exposure potentially sensitive data to unnecessary risk.
Some of the recent revelations concern software patches, or more precisely, a failure to implement them properly. This highlights a number of worrying network device vulnerabilities:
1. Data remains exposed to breaches pending patch implementation
2. The time/cost of implementing successive software patches is significant and adds to the ‘total cost of ownership’ of these products
3. The cost of business and operations disruption is significant as network links etc are disabled during patch implementation
4. The serious loss of trust in the vendor – for releasing vulnerable products and causing the burden to customers.
Sensitive and valuable network data should not be (and does not need to be) vulnerable to security breaches – especially not to those facilitated by your own network devices.
Historically, we have known that data breach prevention tools, such as firewalls, will eventually be breached. However, the identification of specific, addressable weaknesses is a worrying development. If prevention is not fool-proof, then the only option is to secure the data itself; using high-assurance data encryption. When the inevitable breach occurs, the integrity of the data is maintained as unauthorised users are presented with meaningless data.
Senetas High-Assurance Encryption
It is important to understand the difference between a high-assurance, robust encryption solution and the alternative.
High-assurance network encryption solutions share five common features:
- They provide true, end-to-end encryption
- They are tamper-proof, dedicated encryption devices
- They feature client-side encryption key management
- They leverage authenticated, standards-based algorithms
- They are certified by independent testing authorities
The recent spate of press coverage has highlighted a number of serious flaws in network security products. Flaws that have a fundamental impact on all data network users.
We have heard time and again that multi-purpose devices (AKA hybrid encryption or embedded encryption devices) do not offer high-assurance security. In part because there is no separation of duties within the network and in part because of “corner cutting”.
Cyber-crime and data breaches in general have become one of the major IT security headaches for both commercial and public sector organisations. The consequences of a “successful” breach extend to financial loss, breach of confidentiality, identity theft, loss of reputation and more.
Government is right to be concerned about network devices that passed certification but contain inherent vulnerabilities. More importantly, they should never consider a multi-purpose device as the last line of defence against a data breach in the first place.
If you transmit sensitive data across any high-speed network, you need to take data security seriously. Use a high-assurance encryption solution and avoid the risks associated with vulnerable “embedded encryption” network devices.