UM Labs

Data in Transit threat

The growing incidence of security failures and the loss of personal data has generated a raft of more stringent and comprehensive compliance regulations.

When compliance is discussed, most people think of protecting  names, address and credit card details in static databases. This is important, but it is equally important to protect data-in-transit.  Data-in-transit includes voice and video calls and Instant Messages. The European Union Agency for Network and Information Security (ENISA) specifically include calls and IM within their definition of data processing.

There is little point in investing in security technology to protect back-end databases if your IP based phone system lacks the protection to prevent unauthorised call monitoring.

Unicus from UM Labs provides the essential security needed to protect data-in-transit and assist in ensuring that your data processing meets the growing number of data protection compliance regulations. One of the key technologies is the ability to encrypt that data.

Meeting the complete set of compliance requirements is not straight forward. Some regulations such as Europe’s GDPR and The California Consumer Privacy Act of 2018 from the USA call for encryption, while others such a MIFID II require the recording of communications.  Organisations may also need to implement call recording to meet internal audit requirements. Call recording and encryption cannot be combined without adding additional layers of complexity. Complexity is always the enemy of good security.

Unicus solves this problem by managing the key exchange needed to set an encrypted call and enabling calls matching an established recording policy to be recorded for compliance and auditing purposes.  The recording policy and the recordings themselves remain under the control of the organisation using Unicus.

This approach enables Unicus to bridge both sets of compliance requirements.

Call us +44 020 3021 3200

Compliance Key Points

  • Compliance regulations apply to all data processing, including voice/video calls and IM traffic
  • Data loss from a breach of these services risks significant penalties
  • Complying with data protection regulations makes it difficult to meet call-recording requirements
  • Unicus provides the security and functionality needed to meet both data protection and call-recording

The more complex, the better

“Call recording and encryption cannot be combined without adding additional layers of complexity. Complexity is always the enemy of good security”

So what is Data in Transit…?

Data in transit, is data actively moving information from one location to another such as across the internet or through a private network or VPN. Data protection in transit is the protection of this data while it’s traveling from network to network or being transferred from a local storage device to a cloud storage device – wherever data is moving it’s vulnerable, effective data protection measures for in transit data are critical as data is often considered less secure while in motion.

Data at Rest, the bit you know

Data at rest is data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way. Data protection at rest aims to secure inactive data stored on any device or network. While data at rest is sometimes considered to be less vulnerable than data in transit, attackers often find data at rest a more valuable target than data in motion. The risk profile for data in transit or data at rest depends on the security measures that are in place to secure data in either state.

Protecting sensitive data both in transit and at rest is imperative for modern enterprises as attackers find increasingly innovative ways to compromise systems and steal data.

Security that protects every day 21st century communications.
UM Labs
UM Labs
UM Labs