It’s no secret that organisations have physical assets that require protection. In the same way, valuable or even classified information kept on sensitive networks also needs to be safeguarded. One way of doing so is by isolating the networks, making them inaccessible to all other external networks.
However, there are times when you want and need to transfer information between these networks, regardless of their sensitive nature. How do you as an operator within critical infrastructure send information without risking the integrity of the network, and how do you as a member of the defense industry collect sensitive information while maintaining the confidentiality of the network? In both cases a high assurance solution is needed, e.g. a data diode.
A data diode is hardware device that is often called a "unidirectional security gateway". It is placed between two networks with different levels of security and controls the flow of information. A data diode is a cybersecurity solution that makes sure that information can only travel in one direction.
So how does it work?
An optical fiber with a sender on one side and a receiver on the other ensures that data can only be transferred in a forward direction, and never in reverse. This means no two-way transfer, preventing leakage and manipulation from taking place.
If a data diode is directed out from the high security network towards a network with a lower security level, data can be transferred while the network stays protected. By transferring information via a data diode, you are guaranteed that no one can use the same connection in the opposite direction to reach the secure network and manipulate its environment.
A unidirectional solution makes sure that the integrity of the network is preserved.
A data diode can also be directed in towards the secure network. In these cases, it’s most likely that you want to collect information of some kind from another network. The security issue, however, is how to collect the information and at the same time make sure that there is no leakage of sensitive data from your network through this channel. A data diode will ensure the confidentiality of the network by preventing any form of leakage from happening.
Guaranteeing a unidirectional flow of information means sensitive information can be transferred without jeopardising the integrity or the confidentiality of the network, depending on how the data diode is used. Another benefit lies in the technology of a data diode. Being hardware and not software based, means it can’t be attacked by malicious code and intrusion is thereby prevented. A data diode allows you to transfer the data without putting the security of the network at risk.
A secure way to transfer data
As an effect of digitalisation along with an increased number of sophisticated cyberattacks, it’s not just operators within the defense industry or critical infrastructure that need to protect their data. It’s now up to all organisations with security sensitive and confidential information to choose a viable solution to transfer data in a highly secure way.