Scaling up the approach to information security, use of unidirectional networks—or data diodes—are being increasingly eyed by commercial organizations as a way to augment existing software-based security systems.
These devices have been commonly emplaced by high assurance environments over the past 20 years, such as in energy grids and intelligence agencies, where they offer a more reliable way of transferring data securely. In simple terms, this is done through hardware-based technology that will send information out but not allow anything to come back in.
SEE ALSO: Cyber Security Challenges, Focuses 2019
Owing to their capabilities, data diodes are seen as increasingly attractive to companies dealing with industrial processes that need to be monitored and controlled remotely, but also by those involved in high-risk commercial activity, such as the financial services.
Of the most popular solutions today, firewalls remain prone to misconfiguration and other vulnerabilities, and often require frequent manual review and adaptation.
'We may see a wider range of global enterprises beginning to tap into these technologies, including those in telecommunications, transport, and those dealing with high-value intellectual property.'
Meanwhile, air gaps are—by nature—extremely limiting in data transference, which is seen as a possible barrier to predictive maintenance and live monitoring, such as in the operation of offshore platforms where these elements are likely to play a major role in the coming years.
Use of data diodes may therefore not only offer an additional layer of security but open up new capabilities depending on an organization’s needs.
However, maturity and expense has remained a factor in procurement, with most seeing the purchase of this type of equipment to be an extreme measure.
But leading providers, including Fox IT, Owl Cyber Defense and SecuriCDS, believe we may see a wider range of global enterprises beginning to tap into these technologies, including those in telecommunications, transport, and those dealing with high-value intellectual property.
“Cybersecurity professionals looking to improve cybersecurity using data diodes need to consider how to segment their networks,” suggests Scott Coleman, director of marketing/product management at Owl Cyber Defense.
“They also need to look at the type of data they need to transfer (OPC, MODBUS, historians, databases, syslog files, Splunk, etc.), the transport layer (TCP, UDP, FTP), latency requirements, and the bandwidth required to move the data. This will determine the capacity a data diode solution needs to provide and any software applications needed to support the different data types.
“The ability to increase bandwidth licenses over time to accommodate future growth should be considered along with the ability to support multiple protocols and multiple data streams simultaneously.”
Potential users are also advised to consider the number of physical hardware devices needed to support the required data streams and for any redundancy needs to be included when evaluating different platforms. A single box that offers the ability to increase bandwidth when needed and support multiple data flows and protocol types simultaneously may also be worth considering when assessing costs over the total life of the product.
Interested in this topic? We also recommend Beyond The Firewall: Breaking Down Layered Security.