Last year, we pointed out where and how a data diode is best installed. In this blogpost we will have a look at the why of installing a data diode. The answer to this question is both simple and complicated at the same time. Initially, it is easy to determine when you should deploy a data diode. In many countries, government regulations describe in a detailed manner for which industries a data diode is required (mandatory). On the other hand, not all those regulations are crystal clear. If we compare the US with the EU for example, it shows that the EU is behind in providing clear rules. While the US has detailed rules for various industries, the EU is still working on implementing them.
It is obvious that with the continuing digitization of the economy, there will be an increase of industries and situations in which the use of a data diode will become mandatory. Still, that leaves many companies that will have to decide for themselves if they want to deploy this network security technology that ensures one-way communication from highly critical information systems to other parts of a network. It is for example obvious that a local flower shop or supermarket will not need this kind of protection. But what about a large retail chain or flower exporter with a lot of critical customers and equally crucial financial data? A data breach could mean a disaster for these companies.
Data diode: yes or no?
Looking at current trends in the market we see many differences in the approach towards the data diode and their role as the ultimate solution in protecting digital assets. Where critical infrastructure companies in for example power and energy or on the other spectrum; the military acknowledge the importance of data diode technology, the finance industry seems to stay behind, although it too processes large volumes of critical information.
Check the grey area
The key question for any company is to explore the large grey area that lies between a mandatory deployment and no need whatsoever for the use of a data diode. In other words, how important are your data assets and how much importance do you attach to them being optimally protected? This grey area is not static, as it continuously shifts through new regulations. Think of GDPR which has put data security and risk mitigation in a new perspective. Therefore, regular evaluation of constantly evolving internal security needs is a must for any company.
Check the infographic to determine if a data diode suits your needs.