Data diodes – an effective alternative to air gaps

Do you have sensitive systems or sensitive data that needs to be protected? Have you chosen not to connect the systems to the outside world, i.e. have you used air gaps as your solution? Reconsider! There is an alternative to air gaps that is more secure and more cost-effective. Read more about how data diodes provide the same level of security but at the same time make it possible to connect the systems.

Network security for sensitive systems and sensitive data

If a device can be accessed over the network by unauthenticated users or systems, it can be hacked. The security work often aims to make devices, or the important data stored on them, more difficult to reach for the people or systems that should not have access.

There are several different tools to keep potential attackers at bay – everything from encryption, VPN and various multi-factor authentication systems to network segmentation and principles such as defence-in-depth and zero-trust. But sometimes, some systems must contain data so important that no risk of a network-based attack, however small, can be tolerated.

In situations like this, a common action is to ensure that the system or network in question is not connected to any other systems or networks – at least not over any network that does not itself have extremely stringent security controls in place. Sometimes it may even be necessary to completely physically isolate the systems, completely forgoing the benefits of interconnecting systems.

Air gap – a common solution to protect sensitive networks

Air gap, air wall, air gapping, or isolated network is a network security measure used on one or more computers to ensure that a secure computer network is physically isolated from other networks, such as the public Internet or an insecure local area network. This means that a computer or network has no network interfaces connected to other networks. It is thus isolated from other systems connected to unsecured networks.

The only way to transfer data to and from an air gapped system is via portable media – sometimes called a “walknet”. Practically, this is done by people, which means you become dependent on well-trained staff who would probably rather be working on other more qualified and stimulating tasks. But even well-trained personnel with a high security awareness can unfortunately also make mistakes or take shortcuts, which despite all security measures exposes the systems to risks, e.g. that you get malware into your system.

Data diodes – a more secure and more cost-effective solution

A data diode is a cybersecurity solution that ensures a one-way flow of information. This hardware product, with its high assurance, maintains both the integrity of the network by preventing intrusion and the confidentiality of the network by protecting the most protective information. Thanks to its high assurance, a data diode protects the assets of actors active in critical infrastructure, ICS/SCADA and the defence industry. Digitalisation and the increase in sophisticated cyberattacks means that every organisation that works with sensitive information needs a data diode to be able to protect its valuable information and to be able to exchange data in a secure way.

A data diode is placed between two networks and acts as a check valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the security is not based on software, there are no vulnerabilities in the form of software bugs, nor can it be attacked by malicious code. Hardware-based security means that you can be sure that data diodes meet their security requirements with a high level of assurance.

A hardware-based data diode is to be equated with physical separation in the reverse direction, which means that if you have requirements for physical separation, it can actually be fulfilled (in the reverse direction) by a data diode but at the same time enable a network connection in the forward direction.

Read more about data diodes and how much you earn from having a data diode.

Do you want to invest in data diodes? Welcome to contact us.