Data diodes play an integral part in securing the most critical business assets, protecting the most valuable data and ensuring operational continuity.
The physical nature of a data diode ensures data can only ever flow in one direction. Typically they are deployed at the boundary between a high security environment and a lesser network, data diodes stand guard at this intersection where unrestricted two-way communications would otherwise increase the risk of malicious attack and data loss.
Data diodes usually operate in one of two basic ways allowing data to flow from a low security to a high security or vice versa without being able to travel back.
1. Transmit only data diode -
Data diodes enable us to extract desired information from a high security network whilst protecting the assets that generated it from outside attack.
For example;
Industrial process control. It is desirable for certain parts of the organisation to acquire and process data generated from within high security areas but often there's no need for these recipients to ever have any return communication. In fact the mere presence of any return path presents a security risk. Data diodes eliminate this risk.
Transport – Rail/Road/Air. As signalling systems and intelligent passenger information networks become more advanced, processing and manifesting data gathered from elements throughout the network, so it become ever more critical to protect these systems from malicious attack. Traditional trust based security appliances, such as firewalls, do not provide the inherent levels of security required that a data diode solution provides.
2. Receive only data diode -
The 2 examples above both illustrate the need to extract information out of a high security area but data diodes are equally well deployed in the opposing manner. It can be necessary to ensure no highly confidential information gets out of a network but it may be necessary to input information into the network. Data diodes provide this assurance by having no physical return path.