What is a data diode?

While data diodes restrict and inspect traffic similarly to firewalls, their core functionality differs. Firewalls rely on CPUs and software which are vulnerable to hacking, while a data diode’s hardware-based core functionalities make them resistant to remote hacking. Data diodes ensure unidirectional data flow without the need for constant updates or patches, providing a robust solution for securing network traffic.

Originally adopted by military and government agencies, data diodes are now finding increased deployment in critical systems across diverse sectors. These sectors range from life sciences and finance to energy and utilities, encompassing any industry where network segregation is crucial to safeguarding data and systems.

Data diodes transfer data across an air gap while maintaining the defined air gap protocols. This ensures that only intended data enters or leaves the segregated network. It allows receiving sensor data or log data from your Operational Technology (OT) network while preventing malicious actors from getting in. Data diodes can perform content inspection to verify the incoming data, enabling your network SOC to easily monitor and ensure no malware comes in at the same time.

Data diodes can also be used in more complex scenarios. For instance, they guarantee safe internet browsing from classified networks, ensuring the safe export of data based on well-defined workflows and enabling secure management of systems and networks, either from your trusted classified network, or a SOC network.

Data diodes provide a complementary enhancement to an organisation’s existing network security stack. Implementing security-enforcing functions in hardware and software has its benefits and the best security solutions take advantage of this to optimise their layered network defence.

When selecting a data diode solution, it’s crucial to consider the technology underlying the diode and the overall cost-effectiveness. Many diodes are based on optical systems, which require expensive components such as a light emitter and receiver, driving the cost up.

In contrast, the Oakdoor data diode leverages transistors – one of the best-understood and most-tested electronic components. Transistors are simple, cost-effective, reliable, and capable of operating at very high frequencies. Electric current flows in one direction through the transistor with no reported successful instances of transistor hacking to date.

The hardware of the Oakdoor diode product family is UK CAPS approved for use at the highest classifications and equipped with a variety of security enforcing features. Most variants perform data structure inspection, ensuring only structured data can pass the data diode. Any unstructured data that fails to comply with the inspection rules is wrapped and stored for separate handling. The inspection rules themselves are encoded in the Oakdoor hardware and cannot be modified remotely.

In addition to validating the data structure, Oakdoor diodes automatically scan the data content for unwanted properties, such as macros in Word documents, further eliminating the risk of compromise.