Securing data in motion

Data in Motion: Safeguarding Sensitive Data

The data highway is a metaphor for data traveling from one place to another. In the past, data was usually transmitted in motion through wires or cables, but now data can be sent over any digital network with no physical connection at all.

Data highways are everywhere; they connect people and organizations across the globe, enabling global trade and collaboration. This means that securing data in motion is not only important because of regulatory guidelines like PCI DSS (Payment Card Industry Data Security Standard), GDPR (General Data Protection Regulation) HIPAA (Health Insurance Portability and Accountability Act) or SOX (Sarbanes-Oxley Act). It’s also important because unprotected sensitive data can cause damages on several levels to a company – including exposure to possible financial penalties and reputational risks.

Securing Data in Motion. The matter of terms

Securing data in motion is a topic that requires a new set of terminology, and in this article, I will attempt to explain what that terminology is.

However, as is the case with so many things in life, it is usually best to just say “secure data in transit”. The problem is that when you’re talking about security controls for data, what you really mean is “secure data storage”. In other words, the actual device you use to store and protect your data is called a “security appliance”.

Securing the Data Highway: solutions

There are two types of security solutions used to secure data in motion.

One type of security solution connects devices that need to have their data protected to a single central point. This is called a key material infrastructure. The key material infrastructure consists of:

  • servers
  • routers
  • switches
  • hub servers.

These devices can be combined together to form a single secure data storage and transport system.

The second type of motion security solution uses what is known as a packet filter to control what is sent and received by a particular transport layer. When a packet is sent over a network, it can either go through the security controls or it can fail to make it through the network. If the packet does make it through the network, then the data is allowed to travel in what is called an error path. This is a data path that has no forwarding rules.

Data highway security. When to apply?

The data in a motion security solution is usually put into place when a business entity is determining whether they want to move their data to a different location or whether they want to do the same with their data at their current location. In many cases, companies use the latter approach. The problem with this approach is that it provides very little security against data loss and/or data corruption. The data in motion approach was designed to keep information secure by physically securing the devices that contain it. It is also used to help ensure that a business meets the minimum requirements for firewalls and other protection measures.

Why should you care

Unprotected sensitive data can cause damages on several levels to a company: financial losses (fines), reputational damage, or even lawsuits from customers whose data has been compromised. The average cost for each lost or stolen record containing personal information was $148 last year globally according to research by IBM’s X-Force Threat Intelligence Index report 2017. That means that if hackers were able not only to steal PII (Personally Identifiable Information) without encrypting data but also transactional data (such as credit card numbers or bank account information), the total cost could be much higher.

Securing data in motion. Physical safeguarding

Securing data in motion. Physical safeguarding
Securing data in motion. Anonymus figure.

This physical securing of data comes via a number of security solutions.

PLIC

One such solution is what is known as physical layer integrity checking (PLIC). This physical layer integrity checking security solution helps to determine the integrity of the data transfer. In addition to PLIC, there are a number of physical security solutions that help to secure data at the IP network level.

MACsec

One of these physical security solutions is MACsec, which stands for multi-level security control. MACsec functions through the use of what is known as protected ports. These are ports that are either locked or unlocked and only allow access from authorized sources. There are also what are known as smart cards that operate in much the same way as MACsec protected ports, but do not have the requirement for physically securing data.

Keylogger

Other physical security solutions for data include Keylogger Hardware and Keylogger Software. Keylogger Hardware Key Loggers are designed to capture data at different points in time. These devices are controlled remotely using the internet or serial cable connections and can record digital data as well as secret data or passwords. Keylogger Software applications monitor keystrokes made on computer keyboards and record these in real-time.

Securing data in motion. Shadow your files

File shadowing is another form of motion security technology that requires physical security. File shadowing refers to the process by which data is saved to hard drives or other media on a regular basis so that changes and updates can be tracked. This is used primarily for two purposes. First, by making changes to files and data, the user can make it appear that the changes occurred simultaneously with the rest of the changes that took place, and this can be used as evidence in a legal investigation.