Make sure your data is secure in transit – how you connect is as important as where you store it

29 Jan 2024, by Slade Baylis

With data security being on the top of everyone’s mind - and rightfully so given we hear about a new company data breach making the headlines each month - we’ve been ensuring to inform and keep you up-to-date with the many different ways you can improve your security posture.  Mostly, we’ve focused on security appliances and software that can be used to protect yourself, such as firewalls, WAFs, antivirus applications, and vulnerability scanning. However, one area that we haven’t touched on as yet, is the security of your data transmission itself.

Securing your data at rest – that is to say, the data that’s stored on your services – is always important, but the way you can connect to your services and access that data is also key to making sure that data is protected.  Everyone knows the basics, such as not using free public WIFI to log into your secure systems - but do you know why it’s a bad idea?  And what about accessing your systems directly from your home internet connection, is that secure? 

Understanding why these approaches have security concerns is key to knowing your "attack surface" - which is simply all the different ways that you or your organisation can be attacked.  That’s why in this article we’ll be talking about the risks from these sorts of different approaches, as well as what you can do to secure your communication and data in transit.

How you access your systems affects your security posture

When it comes to how secure your communication over the internet is, the first place to look at is the network that you’re connected to.  For example, if it’s your own network, then you’re more likely to be secure than if you were connected to public WIFI, where you can’t control who has access. 

On a public WIFI network, anyone can be on that network with you, which is why the common recommendation is to treat everything you do on it as potentially viewable – including avoiding logging into any of your online accounts.  For those interested, there is a good article from Tech Radar here that goes into more details on the risks of public WIFI networks. 

And that’s not even mentioning the network administrators that run these public networks. Without knowing who they are, how can you trust them to not spy on your traffic?  On the other end of the scale, the most secure form of connection is to have your own dedicated direct fibre, which is referred to as “Dark Fibre”.   On such a connection, you can rest assured that any data sent from your device over such a connection is secure and can’t be seen by third-parties.

With these two examples, you can see how the security of your data is directly affected by how you connect to your systems, with completely secure transmission on one end and completely insecure transmission on the other.  So then the question then arises - why doesn’t everyone get completely secure connections?  The answer may seem obvious, but the primary reasons are scalability and costs.

The good news however is that secure communications are possible via multiple methods, with each of them falling somewhere on the scale between less to more secure, as well as somewhere between affordable and expensive.

Open Internet vs VPN Connections

When compared against using public WIFI, the security of data sent over your own internet connection is much better, as your ISP is unlikely to be spying on your traffic.  However, if you have your systems and servers configured to allow you to connect over those connections via the open internet, then they are technically open to the whole world and could potentially be broken into.  As an example, having RDP (Remote Desktop Protocol) – which allows you to remotely access a server as if it was sitting right in front of you - open to the entire internet is one of the biggest attack vectors for hackers looking to compromise systems with ransomware.

For those interested, we covered that back in 2022 in our Dangerous cyber-threats to look out for leading into 2023 article.

So given this, what options do you have for securing your connection over the open internet?  The answer is to use a "virtual private network" (VPN).  Through using a VPN, you’re able to connect to a remote network over an encrypted connection, allowing you to encrypt all the data sent between your device and that end location.  In a professional context, this is often implemented to allow you to remotely connect to the same private network as your infrastructure/systems – and this allows you to configure your systems to only allow local network connections, rather than have them be open to the entire internet, greatly increasing how secure they are.

However, technically that data is still travelling over your ISP’s (internet service provider) network and being routed around the web - so even with that data being encrypted, technically that communication is not as secure as it could be.  For those who need even more protection, there are other options for further reducing the possibility of man-in-the-middle style attacks.

VPLS Connections vs Dark Fibre

We’ve briefly touched on “Dark Fibre” earlier in this article – which is the ultimate solution for having secure "comms" (short for “telecommunications”).   Going into more detail, “Dark Fibre” refers to fibre optic cables that are not used for any other services or traffic - so when you use dark fibre to connect two locations, that fibre optic cable is only being used by you for your data. 

As you can imagine, whilst this is the most secure option, it is also very expensive as it requires dedicated fibre optic cable to be laid between location A and B, which will then be exclusively used for your data.  Thus, for mission critical and highly confidential and/or classified data, this is the best option.  However, for less sensitive data, there are other options that exist that are more secure than VPN connections, and a lot more affordable than having dedicated Dark Fibre.

VPLS (Virtual Private LAN Service) fills this gap between a VPN connection over the web and Dark Fibre.  These connections allow you to have a similar link between two locations, via utilising fibre-optic cables and networking infrastructure provided by an ISP instead.   Both Dark Fibre and VPLS connections fall under the category of Point-to-Point (PtP) connections, though Dark Fibre achieves it physically by using dedicated fibre optic cables, whereas VPLS connections use what are referred to as “pseudowires” to achieve the same end.

Without going into too much detail, a "pseudowire" is an emulation of a point-to-point connection over an existing network.  These VPLS connections are able to be provided at a much more affordable price than that of a dedicated fibre, and so can be both an economical and secure option for organisations looking to establish secure communications between two or more locations.  As with most things, there are drawbacks to PtP connections which can make them not the best option in every single case. 

With the rise of remote work since COVID-19, many organisations have employees that work remotely, at least part time.  In these cases, it’s usually not feasible or desirable to establish Dark Fibre or VPLS connection to each location.  Due to this, VPN options are usually the default go-to in cases where staff need to access systems securely from remote locations, and are also very useful for staff who travel and need access to systems from locations they may not know beforehand.

Funnily enough - to bring it full circle – configuring VPNs to allow you to remotely access your systems can actually go a long way to securing communication even on an insecure network, such as on public WIFI networks.  As the connection between your device and the network at the other end of a VPN connection is encrypted, all the data sent over that connection is more secure than it would be without that encryption. That being said, it’s still recommended to avoid logging into any sensitive services over public WIFI connections - even with this added protection - just as a matter of precaution.

In any case, regardless of the method chosen, it’s important to make sure you consider how the way that you access your systems affects your attack surface.  Whilst more secure options can cost more, in some cases they’re the best way to safeguard your data and reduce your risk of a data breach.  As we’ve seen with recent high-profile incidents, the cost of a breach could be astronomical – and it could be even higher in the future with governments proposing to introduce financial penalties for preventable breaches!

Interesting in securing your telecommunications?

If you’re interested in looking at the different options for securing your data in transit, let us know!

We can look to see if a VPN would meet your requirements, or alternatively see what PtP or Dark Fibre options are available in your area.  You can reach us via email at sales@micron21.com or via phone on 1300 769 972 (Option #1).