What is the key to data centre security?

In a truly connected world, organisations of all types are becoming increasingly dependent upon cloud and data centre service providers to facilitate everyday business operations. Data centre security is inherent in this relationship, as we trust that our business critical data is secure; both at rest and when in motion.

DATA CENTRE SECURITY – SECURING DATA AT REST

Data centres, and the high-speed networks that connect them, have become high profile targets for cyber criminals. High fences, biometric user authentication and firewalls are no good if the network itself is compromised. The only way to ensure your valuable data assets are secure is to encrypt the data itself.

Most organisations nowadays rely on the use of OpenSSL, OpenSSH or Open VPN to secure access to critical business data and applications. These systems all sit on a Linux platform and usually generate their encryption keys by sourcing random numbers from the Linux kernel.

Not all encryption solutions are created equal. The robustness of your encryption is directly linked to the degree of randomness (entropy) used to generate your encryption keys. In order to guarantee encryption security, random number generation must not be vulnerable to prediction or bias. Random number generation must be truly random.

In reality, a guaranteed source of entropy from start-up is difficult to achieve. This is due, in no small part, to the fact that operating systems such as Linux are, in essence, deterministic. OpenSSL applications need an instant source of highly secure encryption keys that Linux is not capable of providing by itself.

IDQs Quantis Appliance is a network-attached device that provides an instant source of entropy within cloud or distributed environments with both Linux and Windows operating systems. Designed for systems where high availability is a pre-requisite, the Quantis Appliance provides secure keys for virtual machines, VPNs, HSMs and remote desktops. It can also be used as the foundation for randomness-as-a-service or security-as-a-service applications.

SECURING DATA IN MOTION

Data is, perhaps, at its most vulnerable when it is in motion across the high-speed networks and Cloud infrastructures we take for granted. Business continuity, compliance obligations and simple best practice calls for geographical redundancy in our critical infrastructure solutions.

Data centre interconnect solutions transparently extend network connectivity and provide high-performance data back-up and recovery services from the Cloud whilst maintaining systems availability. In a big data world, vast quantities of information are constantly being moved around private and public networks to enable business-as-usual.

IDQs CN8000 multi-link encryptors are designed specifically for quantum-safe data protection of traffic on large-scale data networks. Suitable for point-to-point, point-to-multipoint or fully meshed network topologies, the CN8000 is ideal for data centre interconnect, disaster recovery services, storage area networking and multi-tenancy managed service providers.

The CN8000 leverages the same quantum random number generator used in the Quantis Appliance and can be enhanced to provide quantum-safe encryption with the addition of quantum key distribution (QKD) from the Cerberis QKD Server, ensuring long-term protection of data in motion.

Although the design and realization of a multi-purpose quantum computer, which will be able to break existing public-key cryptography, remains a few years off, recent progress in this field means that governments, standards bodies and industries are starting to mandate quantum-safe encryption methods.

IDQ is the first and only company to have developed a commercial QKD platform. The original Cerberis QKD Server has been used in real-world applications to provide long-term protection of data since 2007. In a recent implementation, the CN8000 was used to secure a global financial services WAN; providing provably secure access to customer data from over 30 locations, across 3 continents.

Leading SaaS companies and Cloud service providers also rely upon IDQ Ethernet encryptors to provide high-availability, geographically redundant solutions with the added assurance of long-term data security.

For more information, visit our data centre security page, or visit our Resource Centre for more use cases.

To find out more about data centre encryption solutions and quantum cryptography, contact IDQ direct on +41 22 301 83 71 or email info@idquantique.com

Home
HomeShop Online