Insight

MACsec: Next level security for data networks

Cybersecurity

The integrity of data is still a burning issue. Rather than ignore where responsibilities end, in terms of the protection and security of end users data, the reseller community should be leveraging the expertise that is available within the supply chain. Simon Stokes, Commercial Director for 01T, explains.

It’s no longer a domain for the subject matter experts, protecting customers from data security threats can be an effective selling point and used to objection handle when pitching on a competitive requirement.

If you are not involved in managing a data network day to day, it’s sometimes easy to glaze over when you see the words Network Security. However, Network Security is as crucial today as it’s ever been and despite a huge increase in the number of UK businesses implementing a cyber security policy to protect their data, cyber-attacks are becoming ever more sophisticated.

In July 2019 the Digital Secretary Jeremy Wright set out plans to improve security standards and practices across the UK’s telecoms sector. The proposals put forward included new legislation to enforce stronger security requirements in the telecoms sector and protect the UK from threats.

“The UK telecoms sector must prioritise secure and safe networks for consumers and business. With the growth of our digital sector and transformative new services over 5G and full fibre broadband in the coming years, this is not something to compromise on. People expect the telecoms sector to be a beacon of safety and this review will make sure that safety and security is at the forefront of future networks.” – Jeremy Wright – Digital Secretary.

The government outlined their ambition to safeguard the UK’s national security interests, possibly in a direct response to the growing pressure surrounding the use of Huawei equipment in the UK’s communications network infrastructure, developing a Telecoms Supply Chain Review.

At the very top level network security is being taken very seriously with state sponsored attacks being identified as a key threat which seek to exploit any weakness within a network. At every level of network design operators and suppliers will need to work much more closely to ensure that there is proper assurance testing for equipment, systems and software.

There are of course, as a result of the increased threats, increasingly robust measures being taken to protect data on a local level but what more can be done to secure the transit network layer?

When designing high capacity network solutions for our clients, it vital for us to understand and mitigate the growing risk to transit traffic from intrusion, denial of service attacks, man in the middle snooping, passive wiretapping, playback attacks and masquerading.

We are all familiar with the growing demand in the channel for higher capacity connectivity which is vitally important for today’s businesses. In no other sector has demand for higher capacity been met as such rapid speed and with more dark fibre becoming available 100g will soon be the norm and not just the prized bandwidth for backhaul. Faster, more complex, more integrated networks require more attention to security at every level.

MACsec is a technology that enables secure communication for traffic on Ethernet links. Utilising MACsec with upper layer security technologies like SSL & IPsec enables prevention in providing robust end to end network security. In simple terms it offers much better protection from all types of threats adding a level of security to the network layer.

What makes MACsec essential for protecting traffic is how it checks the integrity of data when its being transmitted from one place to another enabling confidentiality and integrity without performance degradation.

Businesses are increasingly using MACsec on layer 2 links to adhere to strict regulative protection in finance, banking and other businesses passing sensitive data through their networks. Offering the same protection as you would find in a datacentre to encrypt point to point, encrypt VM/Applications internally and external links MACSec is gaining significant traction. Often traffic can pass un-encrypted across networks (as we rely on inadequate upper stack encryption), by utilising MACSec, you can be certain that all traffic that passes across your network will be encrypted - leaving nothing to chance.