As far as can be projected into the future, what is clear that this world will experience ever-increasing connectedness, — that means all are headed into a brave new world of unbounded attack surfaces.
Yes, along with boundless connectivity comes a stratospheric demand for data protection and the urgent need for more powerful cyber tools to maintain the peace. While there are great tools in today’s security portfolios, they’re inadequate to counter and survive the spectrum of breaches that await the unprepared... this means that attention must be paid to the source of such incursions and protect the data itself using state-of-the-art encryption technology.
Many satellite users have worked hard to weave cybersecurity into their fabric (for instance, NATO is spending more US$3.2 billion to boost the coalition’s cybersecurity and satellite communications programs over three years), embracing best practices around encryption, subscriber management, access control, and overall system hardness. Still, there is more that can, and must, be done.
Cyphre, a Rignet company, exists to create a truly limitless data protection capability that scales to run across today’s and tomorrow’s networks and service clouds. Cyphre has helped the connected security space evolve from an age of bulky, hard-to-use products to tools that are inherent within the networks themselves.
Cyphre offers carrier grade, cloud-scale infrastructure that can be put into a service framework to transparently protect data in transit and at rest unequivocally. Cyphre works with a range of network service providers using all the standards in place today, keeping unbreachable data protection behind the scenes, transparent to the end user experience.
Halt Satellite Cyberdata Threats in Their Tracks
The “key” to unbreakable industrial grade encryption that can run inherently within the network models on a global basis is hardware-based cryptography.
AES-256 encryption — a data/file encryption technique that uses a 256-bit key to encrypt and decrypt data or files in most current encryption algorithms, protocols and technologies — is solid for now (at least until quantum computing comes of age — that’s another story).
However, software-based encryption does have vulnerabilities. Software encryption keys and certificates can become exposed to compromise. This is a fact of cybersecurity life — plaintext keys held resident in a server’s main memory present a major exploitable opportunity for hackers.
As the network computing landscape has evolved, Cyphre has focused on protecting crypto material using an iron-clad model based on hardware underlying the service framework. Cyphre has developed a technology the firm calls BlackTIE® that assigns an individual, chip-resident encryption key to each file, rather than one key for many files.
This added layer of protection provides deeper and stronger data security that prevents secrets from being discoverable in any way. Because encryption keys are stored in a hardware layer, they are never exposed. Even if an attacker obtains root access into the server, the keys are both protected and unusable. Cyphre encryption renders any hijacked data useless.
CyphreLock and CyphreLink
When cybersecurity knows no bounds it must protect data anytime, anywhere.
For data at rest, the CyphreLock network resident service couples standard AES-256 grade encryption with this unique one-key-per-file technology to create “blackened” keys that can only be produced by the hardware engine and brought back by the engine.
CyphreLock is built to carrier grade cloud scale; its encryption processing actually has no impact on network latency or performance. Data is protected in a unified fashion across cloud providers, with unique encryption keys that are never visible.
Enterprises can leverage the cloud storage service by routing data through CyphreLock to encrypt files at rest. Encryption services can also be provided on the customer’s premises, if desired.
For data in transit, CyphreLink uses BlackTIE® technology to effectively bolster the strength of any TLS/SSL session. BlackTIE® assigns an individual, chip-resident encryption key to each file, rather than one key for many files. Data can securely transit any network, whether wireless, cellular, mobile, or satellite, without being vulnerable to man-in-the-middle attacks.
For companies that want to move some traffic into public network connections but want to make certain they can trust the connectivity, CyphreLink authenticates endpoint identities and connects data safely, with protection traveling with the file as it travels.
To protect network traffic, CyphreLink is deployed at network end points to create a completely encrypted tunnel from endpoint to endpoint that secures communications over the entire data path. CyphreLink’s hardened security solution protects data, certificates, keys, and connections from eavesdropping, surveillance, overt and covert interception, and man-in-the-middle attacks. Connections for IoT data transmitted across networks is also immune to man-in-the-middle attacks.
Consider a maritime customer transmitting data ship-to-shore through VSAT equipment, where information is communicated via satellite to onshore teleports. Expensive and cumbersome protocols and dedicated links are required to provide an adequate level of security — and breaches can still occur through backdoor exploits and other attack vectors.
Placing CyphreLink onboard ships and at endpoints secures the data throughout the entire transmission, regardless of any vulnerabilities that may exist along the network path. Because Cyphre solutions run “over the top,” data is secured all along its path.
Crucial “Human-Nature-Proof” Security
Cyphre’s security solutions provide 360-degree data protection that is invisible to end users, highly scalable, device-resident, and cost-effective for medium and large scale environments.
Crucially, Cyphre’s automatic protection of information requires no proactive action by the teams managing and moving the data. This establishes a “zero knowledge” stance for employees, eliminating them as a possible point
Configuring, updating, patching, and upgrading systems and devices against breach vulnerabilities is a massive effort that is extremely prone to human error. Cyphre’s encryption technology ensures that staff failures — essentially a certainty in an era of boundless connectivity — do not imperil information security.
There are challenges — scaling encryption to meet the massive needs of the growing connected world means handling many more certificates and keys.
In the past, key management was typically a manual process. Happily, key orchestration has evolved greatly and is now highly automated, transforming a difficult function to one that is easy to perform.
Another issue is the fractured universe of encryption, especially in cloud computing. With many service providers available for storage, SaaS, and other functions, each with its own security features for its platform, Cyphre provides unified encryption models and management across cloud and enterprise platforms.
A future of boundless connectivity calls for cybersecurity without limits — and that requires a level of unbreachable encryption for data at rest and in motion that is only delivered by innovative hardware-based solutions such as Cyphre’s BlackTIE® technology.
Lance Smith is a seasoned entrepreneur with 20 years of executive leadership experience at ACS/Xerox, Atos, cloud Infrastructure-as-a-Service company VAZATA, and forming businesses focused on the payment card industry and managed service solutions for the Global 1000.
As CEO of Cyphre, Smith has focused on building a strong culture that is centered on solving the toughest Internet safety challenges. He maintains active board memberships at several private companies, as well as serving as Board President for a non-profit board focused on STEM education.
Smith holds a Bachelor of Arts degree in Economics from Austin College and a Master in Public Administration degree from the University of North Texas.