Getting started with a project to strengthen your organisation’s security can seem like a big and complicated project. An important first step is to identify your risks in a risk analysis. A risk-based working method is actually a prerequisite for successful and balanced security work. There are also some other important questions to ask yourself that will help you choose the right solution – and make it as easy as possible for you.
More and more organisations need to strengthen their security
Digitalisation is a natural development that has been going on since we started using computers seriously. In recent decades, digitalisation has progressed at a fast speed and more and more of our society is dependent on digital services.
As we rely more and more on digital systems, we must learn how to build resilience and robustness into the systems to deliver stable and sometimes socially essential services over time. Digitalisation enables a very efficient way to deliver services of various kinds, but at the same time makes us dependent on a very high level of availability in the systems. In addition, if there is no alternative way to deliver the services, an interruption can have major consequences for your organisation, your customers, or citizens. If an interruption has major consequences, you need to have a high level of security and alternative working methods and methods to deliver your services.
Step 1: Perform a risk analysis
In order to know which direction to go in your cybersecurity work, you have to evaluate the business as it looks today – by making an analysis of the risks that currently exist in the business’s systems. Based on the identified risks, you can create an architecture with zones and data flows between the zones. This method, where you use risk analysis as a basis for creating zones, is based on the IEC 62443 standard.
In an initial, simple risk analysis, the worst that can happen today without having introduced any risk-reducing measures is identified. Later, a detailed risk analysis is made for separate zones and flows. This step is only taken when the divisions of zones and flows based on the initial risk analysis have been made.
The goal of these risk analyses is to ultimately be able to apply the right risk-reducing measures and create a more secure business where the powder is put in the right places. Risks can either be mitigated (by putting measures in place), transferred to someone else (e.g. by taking out insurance) or accepted (we live with it and hope it does not happen). If you choose to mitigate the risk, you must work further towards introducing appropriate measures.
Read more about how to do a risk analysis!
Step 2 – Choose the right solution for your specific security concerns
How do you know which solution is the right one for the organisation and the security problems you have? There are a few different questions you need to ask yourself:
- Does the organisation fall under any law or regulation that requires a certain solution?
- Is the organisation affected by any standard that prescribes a certain way of working with cybersecurity, for example the NIS directive?
- Does the organisation need to ensure a one-way flow of information?
- Does the organisation need to be completely sure that no unencrypted information is sent?
The answers to these questions will lead you towards the right kind of solution.
Read more in our guide!
Firewalls are perhaps the most well-known solution for protecting data transfers. However, if you need to transfer information to or from a security-sensitive network, a firewall should not be the only solution you use to increase your cybersecurity. Then you need an add-on with significantly higher assurance.
Why data diodes are the easiest and most secure choice
A data diode is a security product that is placed between two networks and acts as a check valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the data diode’s security features are based on hardware and optical fiber, it can be shown that it is physically impossible for data to be transported in the opposite direction.
To be able to communicate with bidirectional protocols, proxy services are needed. The proxy services convert bidirectional protocols into unidirectional protocols so they can be sent over the data diode. By using a proxy service, a data diode can handle the most common communication protocols. These services lift the data of interest out of the bidirectional protocol and can then send the data itself, independent of the protocol, over the unidirectional hardware. On the other side, the data is then reassembled, usually to the same protocol as on the upside.
Some of the strengths with data diodes are:
- Its hardware aspect. There is no risk of user error or bugs because there is no software or configuration that can contain bugs or be tampered with.
- A hardware data diode is constructed with components that have a very long life and lack mechanically moving parts such as fans or processors. Once you have installed a data diode like this, you do not need to do any updates, even if you have not updated adjacent systems or proxy computers. The lifespan of the products is thus very long, just over 10 years.
- Their ability to ensure security in insecure systems and to protect and preserve legacy systems. By using data diodes, older systems can be protected without the entire system having to be overhauled or replaced.
- The long-term operating costs are low. After the initial investment of purchase and system integration, the savings in maintenance and administration costs make the data diode an effective long-term network security solution.
- How they reduce cyber risk. The data diode’s strict properties mean that certain types of risks can be completely ruled out if a data diode is used. For example, you know that the network cannot leak information and can therefore focus on managing only privacy and malware risks.
Read our guide where we list 14 advantages of using Advenica’s data diodes!
Another great advantage of data diodes is that they provide simplicity and clarity in the technical solution. This means less documentation work for you who have data diodes as part of your information security solution.
Read more about data diodes!
The implementation of a data diode is simple
Once you have selected the security solutions that suit your needs, the final step is to deploy them in your environment. This involves installation and configuration, but also acceptance testing and validation to ensure that the solutions work as they should, in their proper environment.
If you have chosen data diodes, they are easy to install and configure. A simple standard use case can be installed in a couple of hours. Monitoring is done using standard methods such as SNMP and Syslog which enable integration with commonly used network monitoring tools. Configuration changes are applied using an easy-to-use web application interface.
The security solution is then handed over to those who will manage it in the future. They then contact us at Advenica when they need support or experience any kind of problem!
Do you want to know more about how you can protect your business-critical information with data diodes? Welcome to contact us!