This article completes a series on what to consider when dealing with telecom supplier markets. The series is intended for businesses with no real understanding of dealing with the telecom world. Previous articles have covered Getting the best from regional telecom suppliers, Getting the best from international connectivity, and How to choose the best datacenter service supplier. This article offers a basic understanding of Securing your data, or the methods used to protect data when it is being electronically transported between diverse locations.
There are many software solutions available on the market that are specifically created to manage the day-to-day recording of company information and transactions. Some are PC-based, documented within a company’s own network hard drives and servers. Others depend on services that are located on servers, which are remotely accessed over a data network. This is where users need to pay attention: How do customers connect to remote services, and how secure is this connectivity?
Cloud services
We hear much about putting data into ‘the cloud’ or using cloud service providers to solve data management issues, reduce costs and supply online access to major ‘cloud platforms’. What does this really mean?
The ‘cloud’ could be considered as an all-encompassing description of the network, locations, equipment and software used for delivering outsourced data services. It’s a combination of the network required to connect customers to remote service provider solutions that are sited in a number of defined datacenter buildings.
Cloud service providers locate their many banks of servers inside dedicated, secure datacenter facilities. These servers contain the software (Apps), management and storage devices required to operate the ‘cloud’ services offered to customers. The ‘cloud’ therefore describes the overall end customer experience when remotely communicating with these locations, using any device (PC, laptop, tablet or phone) to access remote services direct from any internet access point (home, business, hotel…).
Public or Private Cloud
The topology of a ‘cloud’ network used to access product suppliers can depend on the level of security and quality of the service required by its customers.
Public Cloud
The cloud is most commonly understood to use the ‘public Internet’ network, allowing ‘multi device’ and multi-location access to centralized service platforms like Facebook, Amazon, Google, Netflix and more. These public cloud services are usually managed from more than one location, and replicated in two or more locations, in order to maintain availability and access continuity for millions of customers in a defined market.
Many of us are familiar with this ‘public cloud’ commonly used for on-line social networking, banking and shopping services, downloading films and music files, etc. The customer uses its registered identity to ‘log in’ to a service provider’s servers, via the web, over standard Internet service connections. These connections are created using temporary links that connect across the Internet, between customer and supplier locations. Customers using the same applications can interact with each other ‘on-line’ as they are actually connected via the centralized servers on a supplier’s network. The data transferred between a cloud service supplier and its multitude of customers is routed over temporary Internet ‘virtual’ connections between them, using a platform that is ‘publically accessible’, with these connections disconnecting when each service interaction is over.
Security on the Public Cloud network
The level of data protection and security applied to a ‘publicly’ routed data service is reliant on the service providers offering their own security solutions. A locally placed ‘firewall’ at a customer's premises can maybe protect a computer’s hard drive, but when data is ‘in transit’, more needs to be done.
An example of improved protection is demonstrated with on-line banking services, where the customer usually has a two-stage login process in order to set-up a safe transmission environment with its bank’s on-line interface. Customers have a unique electronic customer ID to identify their accounts on the bank’s server. A second synchronized electronic ‘key’ is then required to complete the connection. This key is normally dynamically generated by the customer using a personally held coding ‘calculator’ device, which synchronizes with the service provider’s registration security mechanism, so providing a managed encrypted service for the length of the interaction. Anyone trying to ‘read’ this data at points between the customer and bank location will be met with a block of illegible data.
In the case of public search engines like Google and social networking providers like Facebook, this encryption doesn’t take place. Only a password is required that identifies the user as a valid customer. The data transmitted is openly accessible and commercially shared by the supplier. This is the main source of ‘Big Data’ used by advertising tools managed by the likes of Booking.com, amongst a multitude of others.
The tradeoff for ‘free’ internet services is that it gives the supplier the right to sell advertising access, to allow advertisers to bombard customers with ‘surprisingly’ accurate offers related to previously input requests. All managed by software driven marketing machines.
Private cloud
What may be tolerated by the general public is not always suitable for business customers. There are no service level guarantees on the public Internet, regarding quality of network service or its availability (referred to as uptime). This is a major concern to most businesses which depend on strong operational availability in order to carry on their core business. They need at least operational hour’s availability, and in a global market that means 24h/7 uptime access for business transactions.
The information transmitted between business locations can be both high-priority and very confidential, requiring a high level of protection and security. In this case, a privately managed cloud service is best employed.
For a private solution, the network between a service provider and its customers is provided over a dedicated, managed pathway service, or privately leased line connection. This allows business customers direct access to their cloud services supplier, keeping a maintained, permanent link in place, providing instant service response and assured business continuity. A company that depends on managing its remotely-outsourced data management needs to depend on the quality and availability of access to its providers.
Hybrid Cloud
Most businesses need to operate a mix of both private cloud (to its own datacenter or direct to a service supplier) and a public cloud, for the use of ‘out of office’ employees. In this situation, the term ‘Hybrid Cloud’ is used. The private part of the network is used for more confidential, secure company transactions and data storage. As for the public part, employees that work away from a central office have the ability to access certain software services from the service supplier location directly over the Internet by using the public network via a virtual connection managed by the network service providers.
Cloud service suppliers
The list of cloud service providers in the world is enormous, with the big players like Microsoft, Amazon and Google being amongst the best known. There are, however, many smaller service providers which operate more localised services or managed platforms that also give access to or re-sell numerous products of the bigger players as part of a combined package. These companies may also operate their own purpose-built software products for use in a particular field (like finance) maybe mixed with office process applications provided from the big players.
Swiss-based cloud service providers include Exoscale, Penta, Infomaniak, Syselcom, Abissa, with many more. The services offered vary from providing cloud servers with web and email hosting for individuals or small companies, to a full range of applications which help companies manage their human resources, accounting, operational processes, sales databases and much more, all from a secure remote location and all available on-line. It’s worth comparing the products offered by these competitors in order to find the best fit for a company’s growing needs.
How safe is your data?
The issue of security of data in transit is probably one of the most often-raised by companies when they first consider using outsourced services. Whether looking to transmit and store key company information off-site, or to connect and utilize the services of the many on-line cloud service providers located across the globe, the key focus is on knowing how secure the product being offered really is.
First connections
Outsourcing services usually entails connecting directly to a datacenter building somewhere in the world that can provide the services required for efficient business operation.
Businesses are naturally concerned about the vulnerability of data being transmitted anywhere outside of their natural, safe working environment. Network and cloud suppliers need to verify how safe their networks, cables and locations used for handling business data really are.
For all of us, the use of services like online banking, shopping and social networks all carry a risk of external hacking or malicious attacks. As already mentioned, the services provided in a shared cloud (internet) environment are only as secure as the product suppliers make them. This is no different for business customers.
Network options
Fully private, company network solutions are rarely available. This option is more familiarly found in a local city footprint, connecting a business location to a close-by datacenter. It’s only possible where local network suppliers have their own multiple cables (fibre rich) which allows them to offer custom-built services. This occurs mainly in the well-cabled major cities, where ‘Fibre to the Home’ and ‘Fibre to the Building’ is now becoming quite common.
Fibre networks between cities are less dense, and operators are obliged to provide managed services that can operate over shared, multi-level hierarchies of transmission in order to get the best use of their expensive investment in limited cable assets.
Encryption
The threat of unauthorized individuals or entities gaining access to confidential information ‘en route’ is a real concern for customers. Physical intrusion of networks along a network path, although rare, is possible. This, together with the latest high profile data leak headlines, are driving an increase in demand for encrypted solutions, including the use of generated codes (keys) which help encapsulate data in transit, making the physical accessing of readable information more difficult. Emails, instant messaging platforms and critical business data transmission are all targets for network hackers and are serious candidates for encryption services.
Types of encryption
Encryption can be applied at various levels in the management of data services, starting with the ability to create and save files, using encryption software, at source, on a PC using the likes of standard Microsoft office software.
When transmitting data across a network, encrypted files or not, between operational locations, there is a strong case for enabling end-to-end (E2EE) encryption. A typical example is seen in some email applications and the recent E2EE solution applied to the WhatsApp Web cloud application.
Encrypted data is usually secure, unless an intruder has access and can solve the encryption code applied to disguise the data. This would normally mean the intruder getting access to a terminal location, either directly or remotely using invasive software on-line. Obviously there is a human factor in any security process that means locally held data can be accessed by anyone that is determined to break security rules.
For operator connectivity, more and more customers are demanding the best protection solutions on their physical transmission networks. Transmission equipment manufacturers like ADVA have already updated service options to include encryption in their switched network devices, allowing their Telco network customers to manage encryption on their physical networks. The CISCO range of equipment, as a major supplier of Internet technology, also allows encryption of data at certain levels, and is used by Internet Service Providers worldwide. It all really depends on what level of security the customer is looking for, and that needs to be discussed with suppliers.
A personalized service is available from the likes of IDQuantique. This is a Swiss company that supplies purpose-built equipment that can be placed at each end of a customer’s network, enabling discrete encryption for individual company networks. Customers can manage their own encryption between locations, over an operator’s network, with full support from the supplier. As the company name implies, Quantum physics is applied, where photon technology is used to generate random numbering, creating an encryption key, which is currently the ‘safest’ on the market. The company offers direct fibre (point-to-point) and managed service level encryption options. The services include monitoring and alarms for any attempts at physical intrusion on the network connection, automatically responding appropriately to the alert.
Summary
There is no question that an individual’s and companies private data needs to be protected from intrusion and misuse. The ongoing questions will always be: At what level? And what’s best for whom?
The main concern with any secure encryption product, from a Government security agency’s standpoint, relates to who gets to use the services and for what purpose. As latest developments in technologies race in front of the ability of agencies and hackers to keep up, we will continue to follow how the story, and the technology, develop.
One thing is certain: in these days of instant messaging and continued technical improvement, the priority of keeping private data secure will continue to grow in the minds of the public and businesses alike. Companies, in particular, need to keep current with available solutions on the market for all technological products in order to stay ahead of the game.
Image credit: TBIT , geralt and stevepb via Pixabay, CC0 Public Domain License
