Sensitive Data Flows Traveling Unencrypted
Sensitive Data Flows Traveling UnencryptedSo far, everything looks good. All traffic that needs to be encrypted is protected and company data is being protected. Or is it? Outside of this traditional security setup many businesses may find that additional encryption options could pay dividends. For example, just because a network is inside the firewall doesn't mean it is safe. Moderately technology-savvy employees can easily employ network-sniffing tools to access lots of sensitive company data, from human resources payroll information to confidential partner services to customer credit information. And just because something is outside of the company firewall doesn't mean it doesn't contain sensitive information. While many enterprise-oriented SAAS applications offer secure Web connections as an option, this is not always the default, or it is used only for user log-ins, and then all other data is sent in the clear. Network administrators should think like a hacker themselves and use network-sniffing and analysis tools to identify all the data moving through their internal network to look for sensitive data. If you can see it in this way, then so too can anyone else on the network. Once found, these data connections can be secured. And any SAAS contract that entails sensitive data transmission should specify a secure connection for entire sessions. --JR
Your business has what you would consider a standard, secure network configuration. A firewall protects all internal network traffic. Web servers and other systems requiring direct Internet access are in a DMZ configuration with encrypted tunnels to needed data sources within the firewall. A VPN lets outside workers and partners securely access network resources from remote locations.