Data diodes – an effective alternative to air gaps

min read

Sensitive systems and data require strong protection, and many organizations turn to air gaps. But there’s a better approach. This article explains why data diodes are a more secure and cost-effective alternative, delivering the same level of protection while enabling safe
system connectivity.

Questions we cover in this article:

What is network security for sensitive systems and data?
What is an air gap solution?
Why is a data diode a stronger alternative to an air gap?
Can Advenica provide the solution we need?

What is network security for sensitive systems and data?

If a device can be accessed over the network by unauthenticated users or systems, it can be hacked. The security work often aims to make devices, or the important data stored on them, more difficult to reach for the people or systems that should not have access.

There are several different tools to keep potential attackers at bay – everything from Encryption Systems and VPN and various multi-factor authentication systems to network segmentation and principles such as defence-in-depth and zero-trust. But sometimes, some systems must contain data so important that no risk of a network-based attack, however small, can be tolerated.

In situations like this, a common action is to ensure that the system or network in question is not connected to any other systems or networks – at least not over any network that does not itself have extremely stringent security controls in place. Sometimes it may even be necessary to completely physically isolate the systems, completely forgoing the benefits of interconnecting systems.

What is an air gap solution?

Air gap, air wall, air gapping, or isolated network is a network security measure used on one or more computers to ensure that a secure computer network is physically isolated from other networks, such as the public Internet or an insecure local area network. This means that a computer or network has no network interfaces connected to other networks. It is thus isolated from other systems connected to unsecured networks.

The only way to transfer data to and from an air gapped system is via portable media – sometimes called a “walknet”. Practically, this is done by people, which means you become dependent on well-trained staff who would probably rather be working on other more qualified and stimulating tasks. But even well-trained personnel with a high security awareness can unfortunately also make mistakes or take shortcuts, which despite all security measures exposes the systems to risks, e.g. that you get malware into your system.

Why is a data diode a stronger alternative to an air gap?

A data diode is a cybersecurity solution that ensures a one-way flow of information. This hardware product, with its high assurance, maintains both the integrity of the network by preventing intrusion and the confidentiality of the network by protecting the most protective information. Thanks to its high assurance, a data diode protects the assets of actors active in critical infrastructure, ICS/SCADA and the defence industry. Digitalisation and the increase in sophisticated cyberattacks means that every organisation that works with sensitive information needs a data diode to be able to protect its valuable information and to be able to exchange data in a secure way.

A data diode is placed between two networks and acts as a check valve whose function only allows data to be sent in one direction while blocking all data in the opposite direction. Since the security is not based on software, there are no vulnerabilities in the form of software bugs, nor can it be attacked by malicious code. Hardware-based security means that you can be sure that data diodes meet their security requirements with a high level of assurance.

A hardware-based data diode is to be equated with physical separation in the reverse direction, which means that if you have requirements for physical separation, it can actually be fulfilled (in the reverse direction) by a data diode but at the same time enable a network connection in the forward direction. Read more about data diodes and how much you earn from having a data diode.

Want to discover our full range of data diodes?

Can Advenica provide the solution we need?

If you feel insecure on what solution that fits your business needs, please feel free to contact us at Advenica.

We have extensive experience of network security and can offer advice, expertise, products and services that solve your challenges. We are at your service.

FAQ

Who needs a data diode?

Organisations that handle sensitive information, such as those in defence, authorities, infrastructure, and industry.

What are the various types of data diodes?

Advenica offers a broad portfolio of data diodes including DD1000i, DD1000A, DD1G, DD500E, DDSFX-10G, Data Diode Engine and Data Diode Services.

How does a data diode work?

A data diode allows data to move in only one direction using optical fiber with a sender and receiver. This prevents two-way communication, stopping cyberattacks, data leakage, and manipulation. Because it is hardware-based, it cannot be compromised by malicious software, helping protect the network’s confidentiality and integrity.

How much does a data diode cost?

There are different types of data diodes with different functions, which also means that the costs can vary. Something that also can affect the price is if the data diode is certified.

Advenica’s data diodes have a unique certification, N3, in Sweden – Advenica are the only ones with this certification level in Sweden. N3 is a certification issued by the Swedish Armed Forces.

Advenica’s data diodes DD1000A and DD1000i are approved by the Swedish Armed Forces at component assurance level N3, which e.g. handles data up to and including level KVALIFICERAT HEMLIGT/TOP SECRET according to the Swedish Armed Forces’ “Krav på säkerhetsfunktioner” (KSF). So a higher cost for a data diode with a high certification will also give you much higher security.

Do you want to know more about our data diodes? Do not hesitate to contact us. We are at your service.