Closing the Backdoor

By Duncan Ellis, Global Industry Insights, Ciena

In today’s world, hardly a day goes by without another story about a security breach—hundreds of thousands of confidential records being accessed by federal agencies (according to Edward Snowden[i]), illegally accessed by foreign governments[ii], international crime gangs[iii],terrorist organizations[iv] or even young people from the privacy of their homes[v].  These headline stories catch attention, but often fail to mention that the financial services vertical is the second most breached industry[vi], with the third highest per capita cost after the health and pharmaceutical verticals, at $259/record[vii]. It is obvious that, despite the huge investment over recent years, a perimeter approach to cyber security has failed to protect data systems.

The legislative landscape is changing rapidly on both sides of the Atlantic in the face of the growing threat to sensitive digital information. In the US, 47 states have passed laws requiring notification of breach involving personal information, and 29 U.S. states have laws that require organizations to make personal information unreadable or undecipherable if retained or transmitted. In Europe, various countries are passing tougher data regulations. In the Netherlands, for example, the Dutch Data Breach Notification Law went into effect from January 1st 2016—with the obligation to report any breaches not only to the authorities, but to all involved. These new rules require not only the disclosure of data thefts but also hefty fines—up to 10 per cent of turnover. All this comes ahead of the formal adoption of the General Data Protection Regulation (GDPR) in Europe later this year, which aims to harmonize data security legislation as well as the penalty fines across the EU. Crucially, the GDPR will require organizations to comply with strict rules and duty of care relating to data retention and transmission of EU citizens’ data wherever in the world it is processed. This is where encryption plays a critical role for organizations, not only to ensure their own compliance, but to provide compliant services to end-customers and consumers.

Financial institutions are subject to even more rigorous legislation such as The Safeguards Rule implemented pursuant to the Gramm-Leach-Bliley Act (GLBA), which requires financial institutions to “develop, implement, and maintain a comprehensive information security program” that contains administrative, technical, and physical safeguards designed to protect the security, confidentiality, and integrity of customer information.[viii]

One element common to many of these laws is that data breaches are exempt from the notification requirement if the loss of the data does not compromise the end-user, which usually means it must be encrypted. With some legislation levying penalties of as much as 4% of global revenue[ix], many organizations are now moving to implement ‘Privacy by  Design’, (a comprehensive program of building protection for data into a program tight from the start) which is based on seven “foundational principles”:

  1. Proactive not reactive; preventative not remedial
  2. Privacy as the default setting
  3. Privacy embedded into design
  4. Full functionality – positive-sum, not zero-sum
  5. End-to-end security – fill lifecycle protection
  6. Visibility and transparency – keep it open
  7. Respect for user privacy – keep it user-centric

As part of this process, much greater focus is being placed on the protection of data throughout its lifecycle. In addition to the more common practice of encrypting at-rest data, there is a marked increase in the desire to encrypt in-flight data. Network encryption technology has historically been seen as complex and expensive but the latest generation of hardware-based encryption solutions means that ALL network traffic can be cost-effectively protected with high-capacity, low-latency hardware solutions that fit in existing network equipment, and major carriers such as Telstra in Australia are leading the market with their deployment of encrypted solutions capable of running at up to 200 Gigabits per second[x]. And there is a new technology called Network Functions Virtualization (NFV) that allows key network functions, such as encryption, to be deployed as a virtual machine running within a bank branch, for example. This allows for the rapid deployment, system updating, and management of these capabilities across a bank’s entire branch or ATM network. Recognizing that the management of this type of solution may lie across both the network and security teams, some solutions even provide separate network and security management systems to allow the respective departments to be in control of the relevant functionality.

The process of tapping an optical fiber has become so mainstream that there are even YouTube™ videos[xi] demonstrating how to do it with an optical coupler that costs less than $600. As banks steadily increase the security levels of their perimeter defenses, the attractiveness of an optical tap increases proportionally; when you consider a bank’s entire optical infrastructure—both owned, leased, or the network services procured from a carrier—could stretch for thousands or even tens of thousands of miles, the number of potential tap points means that network encryption is the ONLY way of ensuring the integrity of the network and the data it carries. A security-conscious individual wouldn’t enter credit card details on a website without ensuring it had a protected https URL, so why would a company allow its IP or sensitive customer data to leave the building without ensuring it too is protected from unauthorized access?

 

Contact: Malcolm Loro, Senior Director, Global Consulting, Ciena  mloro@ciena.com

About Ciena

Ciena Corporation, the network specialist, enables reliable, secure connectivity to transform financial institutions’ networks into a strategic asset that increases their profitability and competitive differentiation. With deep expertise and leading packet-optical platforms, intelligent software, and consultative services, Ciena solutions are developed in alignment with OPn, our ecosystem-based architecture that transforms network capacity to on-demand capability. Ciena enables financial institutions to deliver critical revenue-generating applications, secure sensitive data, and address regulatory requirements among geographically dispersed data centers, trading networks, branch offices, and other remote locations.

[i] www.cbsnews.com/feature/nsa-surveillance-exposed/

[ii] www.cnn.com/2015/12/18/politics/juniper-networks-us-government-security-hack/

[iii] www.csoonline.com/article/2938529/cyber-attacks-espionage/cybercrime-much-more-organized.html

[iv] www.politico.com/story/2015/12/isil-terrorism-cyber-attackes-217179/

[v] www.independent.co.uk/news/uk/15-year-old-boy-arrested-over-talktalk-hack-sues-three-newspapers-for-breach-of-privacy-a6725956.html

[vi] 2015 First Half review, Gemalto’s Breach level Index, page11

[vii] 2015 Cost of Data Breach Study: United States, Ponemon Institute, May 2015

[viii] Data Protection And Privacy – United States Lisa J Sotto and Aaron P Simpson Hunton & Williams LLP 2014

[ix] www.allenovery.com/SiteCollectionDocuments/Radical%20changes%20to%20European%20data%20protection%20legislation.pdf

[x] www.ericsson.com/news/160120-telstra-ericsson-and-ciena-demonstrate-world-first-secure-encryption-solution_244039856_c

[xi] www.youtube.com/watch?v=bnzeyBK3kAY&feature=youtu.be

Advertisement

Follow Us:

Sitemap | Privacy | Copyright © © 2017, WSTA®, All Rights Reserved.