Parts of the corporate network, such as disk drives and servers, can be at risk of intrusion without a proper data protection architecture. Ron Willis of Cipher Optics explains how companies are using this architecture to secure their networks.
Video Whiteboard: How to secure your data
May 30, 2006, 5:01 PM PDT | Length:00:03:58
Get IT Tips, news, and reviews delivered directly to your inbox by subscribing to TechRepublic’s free newsletters.
Hello, I'm Ron Willis, CEO of CipherOptics, and today I'mhere to talk to you about how to secure data over your corporate networks. Letme first start out by talking about how network security is used today. One ofthe first approaches companies have taken to protect network security is byprotecting their infrastructure. And this is through things such as firewalls,intrusion detection systems, intrusion prevention systems, deep packetinspection and other technologies to protect, secure and keep their networksrunning.
Then over the last four or five years, they've focused onhow to secure the people that have access to the networks. And we use thingssuch as AAA, which consists or Radius. We have technologies such as Knack,Knap, Unified Threat Management and others that are used to make sure that onlythe right people have access to today's networks.
However, with all this protection that's been put intoplace, one of the things that still remains unprotected is data. Greater than61 million personal records were stolen just in the last 15 months alone. Soobviously not enough work or not enough protection exists within the network toprotect data.
That's really the third element of network protection andnetwork security that I want to talk about. So for protecting data, you'reprimarily using a technology called encryption. And encryption also requiresthat we have policy and keys in order to make it work and make it be effective.However, today's encryption technologies for the network such as IP set sufferssome severe problems when trying to protect the network. It doesn't scale. It'svery hard to set up and manage, very expensive to deploy. It also breaks keynetwork elements such as load balancing, redundancy, multicast and broadcast,all technologies that get broken by using network security such as IP set.
So what a number of companies are working on today toprotect data within the network is a data protection architecture. So withinthe network, we have a number of different network elements. We have diskdrives, we have servers, router switches, we've got PCs, we've got IP phonesand a number of different elements we connect to today's networks. And more andmore, these network elements are beginning to include encryption as one of thebasic functions within the technology.
So the challenge is how d owe make all these things tietogether and work together to protect data. And so we have a concept of a keyauthority that manages keys and ties all of these different resources togetherinto this data protection architecture. And this is much analogous totechnology called DHCP, Dynamic Host Configuration Protocol. And what thisallowed IP to do in its early days was a user to connect to the network andautomatically receive IP addressing information so they could connect to thenetwork. That technology really made IP become the connectivity utility that itis today. And this key authority will do the same thing for encryption,allowing different resources to automatically connect and pick up policies andkeys from this key authority. This will allow for skill, ubiquity, set-up andmanagement that's unheard of with today's technologies.
And there's one last critical element to this and this ispolicy management. And policy management ties into existing network securitytechnologies to pick up entitlements and authentications that take place there,and push those down to the key authority. So by adding these solution elementsto today's networks, we're able to completely eliminate these risk associatedwith lost data, and for the first time we're able to completely secure dataover today's networks.