It's 10 o'clock. Do you know where your data is? If you think for just a moment, you'll realize that it could be anywhere in the world and you have no idea if it is protected or vulnerable. Your personal information is somewhere at your bank, sent over the Internet when you buy a book or CD online, and stored at your health insurance company, not to mention state, local and federal government agencies. Whether it's the potential of embarrassment or financial ruination, shouldn't your private information remain secret? A slew of government regulations imply that it should. Yet, security breaches keep coming. ChoicePoint, a name made famous by a huge breach in early 2005, has become a rallying point for organizations to re-examine their approach to data security.
A simple Google search verifies that there is a growing market for stolen personal information, and how easy it is to buy and sell personal information. Credit card numbers, bank accounts, and other information can fetch between $50 and $100 per number. A tapped network link where transactions are processed can lead to the theft of tens or hundreds of thousands of personal records that contain such information and lead to a ten million dollar profit to the thief. The ChoicePoint haul could be worth up to $4 billion in the black market. And with such information as Social Security numbers, bank account and credit card numbers and corporate intellectual property all being targeted for theft, it's time for organizations that house and use confidential data to get serious about protecting it.
As your customers trust their most important information to you, protecting networks with firewalls, intrusion detection and ID management are essential first steps but protecting the data itself is the true goal. There are new threats surfacing every day that bypass these traditional security solutions. Because most network data is dynamic, it can be moving around the network at any given time. How do you approach securing that dynamic data? According to best practices espoused by top security experts, encrypting the data in motion over the network is key to protecting it. Once encrypted, when an unauthorized person is able to access it, customer records would be useless to them and your business would be protected. As organizations integrate encryption into their best practices to protect data and comply with regulations, they often encounter highly complex, time-intensive and expensive solutions that, while protecting data, degrade network and application performance. Perhaps it's time to take a better approach to encryption as a means of data protection.
Is protecting data really that difficult?
You know you need to secure data. But you have heard all the stories about how difficult the job of securing data on your networks really is. Router upgrades with new software and new hardware, encryption accelerator add-ons so the router CPUs do not roll over, complicated ACL rules the list just goes on.
Do you really want to "touch" your network? You have invested potentially millions of dollars in it. You have staff to manage and operate, troubleshoot, and fine tune network infrastructure. Do you really want to upgrade your network, which is the foundation of your business, to support data protection? The upgrade can take months and cost millions more. In some cases an entire network upgrade is necessary. You really need a data protection solution that can overlay your existing network and not impact its design or architecture. Maybe it's time to look outside the router for a data protection solution.
What if you could overlay security onto the network, in a cost effective architecture? With the strategic placement of transparent encryption endpoints throughout the network that security overlay is possible.
Personal Information Protection for Customers of an International Bank
A bank with multiple data centers elected to use a third party MPLS provider for data center-to-data center connectivity. The benefits were financially motivated--they save on telecommunications expenses by switching to MPLS. But they were concerned about what happens to their customers' financial data if the MPLS provider misconfigures a switch. The chain of trust on the customer data would be broken. They had no way of assuring that there was no customer data leakage between the two data centers.
Their solution was to add authentication and encryption to the bank's existing router/switch infrastructure. The required architecture was quickly self-evident. Two high-speed encryption appliances created a secure tunnel over the MPLS infrastructure, preventing any unintended data leakage. No router infrastructure upgrades were required, no complicated project plan needed. The link is secure.
- Cost savings--enabled toll-bypass of telecommunications company by using MPLS
- Customer information protection--data leakage prevented in case of a misconfigured switch
- Investment proof--no infrastructure upgrades required