ARTICLE
Why Are There Constantly Escalating Data Breaches and Security Violations?
Every day we hear about another data breach and security violation. So many of us have received notices in the past year that our private data was somehow exposed. Why is that?
The problem is fundamental to the way security is implemented on the Internet today. The problem is that IP networks provide the transportation of data, while the authentication is provided at the application layer. For instance, anything connected to the Internet can connect to your Web Server/RDP/SSH/etc. services and those applications then authenticate you.
That’s right: Anything on the Internet can reach the service, so if there is a vulnerability in that service—that’s it, game over. Of course, this huge issue has been known about for decades and we have applied bandaids to it. VPNs prevent access to the service unless you can create a “tunnel” to the service. The catch here is that the VPN itself is a service that has to be open to the whole Internet. This problem has been hitting hard with many well known VPN vendors recently. The other approach,firewalls, only allow known IP addresses through to the service. Since you never know the IP address that people in particular are going to come from, the result is cumbersome firewall rules, and, over time, massive unreadable rules.
The core problem here is that with TCP/IP as a client/server protocol, something has to be listening for connections. If that process has anything of value, it could be compromised. To avoid the trap, no services should be directly exposed (listening) on the Internet, yet anyone with the right identity should be able to access services from anywhere. Any process that is listening should have nothing of value; no unencrypted data and, perhaps more importantly, no encryption keys.
We have been layering security measures, like firewalls, VPNs on top , and now we see AI entering the market with the same promise to make a network secure. But these address symptoms instead of the root causes.
Zero Trust Network Architecture (ZTNA), tells us we should never trust the network, even if it is a private network, and we should verify and secure each identity with strong authentication. But implementing this architecture today is difficult, adds complexity, and once set up, requires extensive data collection for continuous authentication, leaving you with additional privacy concerns.
Finally, a simple alternative
Atsign has solved this fundamental problem. How? By creating a new digital address called an atSign. An atSign is the combination of a unique string and a set of cryptographic keys that are created by the owner of the atSign. Instead of creating a VPN tunnel, atSigns communicate and authenticate with each other without the Internet service having to be exposed to the Internet at all. Once an atSign has been authenticated and authorized, both the client machine and the service meet at a rendezvous point. The client and the Server are now connected via an end-to-end encrypted connection with keys that only they know. At this point, the client application, for example, a web browser, and the service, for example, a web server, can communicate normally (but via a localhost interface).
This may sound similar to existing solutions, but it’s fundamentally different. The litmus test to ask is, “What ports are open?” and, “How do you authenticate and authorize TCP/IP socket connections?”
Atsign’s answers are equally simple: “No ports are open on client or server,” and, “With strong public key encryption.”
Better yet, this is easy to implement right on existing IP networks without any complex firewall configuration and all of this is available today! Sign up for a demo to see how it works.
Mitigating Man-in-the-Middle Risks and Ensuring Data Integrity
Prevent Man-in-the-Middle risks, protect your data, and maintain privacy while implementing corporate policies.
Atsign’s Zero Trust Planes: Policy Plane
Learn how Atsign’s unique policy plane revolutionizes data transmission, eliminating vulnerabilities associated with VPNs and firewalls.
Atsign’s Zero Trust Planes
Learn how Atsign’s innovative use of control, data, and policy planes revolutionizes data transmission, eliminating vulnerabilities associated with VPNs and firewalls.
Transforming Fleet Management with Real-Time Telemetry: An Atsign Use Case
Learn how a real-time telemetry solution with Atsign technology can help a large fleet management company achieve significant improvements in reliability, reduce costs, and optimize maintenance schedules.
Data Transmission Methods with Atsign’s NoPorts and atSDK
Learn how Atsign is addressing vulnerabilities in data transmissions, making it safer to send data securely over the Internet.