encryption. The first step is looking to NSA guidance on what’s acceptable and what isn’t, says Shawn Carroll, director of engineering at CenturyLink Federal Solutions.
The next step is narrowing down potential solutions. When looking for an optical encryption solution, agencies need to find one with 24/7, always-on encryption. While some might view the ability to turn off encryption as a benefit, it’s extremely dangerous and truly gives cyber thieves the keys to the kingdom. An encryption solution that is software selectable is worse than no encryption at all (since a clever hacker can make you believe you are encrypting, when in fact you are not).
It’s also important that the solution use two separate sets of keys for data encryption and authentication. For example, with WaveLogic Encryption, the crypto-man- agement tool is a distinct, separate policy from normal network management. That way, security management can be completely separate from the network manage- ment function—which is a security best practice.
Encryption keys should also rotate as fast as possible. Ideally, that means keys should rotate as quickly as once every second, independently, and on each line port. This should not affect traffic or throughput, and should not require user intervention.
Optical encryption should also use the highest available security cryptography algorithms. The most important are Elliptic Curve Cryptography (ECC)
Encryption as a Service
As agencies look for ways to reduce costs and
ensure application availability and scalability, many are moving from traditional on-premises applications to hosted solutions. It’s happening with everything from productivity tools to entire platforms and infrastructures. A Deltek report recently found that federal agencies’ use of cloud services will more than double between fiscal 2016 and fiscal 2021.
The “as-a-service” trend even extends to encryption. With the Encryption-as-a-Service (EaaS) model, agencies rely on the encryption technology of a chosen provider for all data encryption needs via the cloud.
That means agencies don’t have to deploy and manage equipment. More importantly, it also means no downtime or scalability issues. And that is critical. Any amount of downtime can expose agencies to breaches.
When considering Encryption-as-a-Service, make sure your agency retains full control over your encryption security parameters and security keys. One way to do that is using a service that provides a dedicated portal or console that includes easy-to-use management tools. The service should also allow credentialed users to access the portal on any device, from any location.
challenge for government. Encrypting data collected by these sensors at layer 1—the deepest layer possible—is an effective way to control this rapidly growing and vulnerable data.
As the demands for secure data in transit encryption evolve, optical encryption will keep pace.
As the demands for secure data in transit encryption continue to evolve, optical encryption technology will keep pace. CenturyLink’s Carroll expects products in this category to mature across the board. He also expects more widespread adoption, especially
algorithms, which many believe is more secure than older public key cryptography systems. The solution should also use a FIPS-certified AES-256 encryption engine and be certified for FIPS 140-2 level 2 or higher.
As the federal government continues to adopt new technologies and deal with new types of data, it must find ways to ensure data in transit continues to be secure and fully encrypted. The rise of internet- connected sensors in everything from HVAC and lighting systems to supply chain components, for example, presents a huge and growing security
when using optical encryption in conjunction with other encryption methods at other layers. Optical encryption technology is already fairly entrenched in the financial and healthcare markets. Government agencies will catch up as vendors earn required certifications.
For more information, please visit www.TransformingNetworks.com
Sponsored Content