6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`Why Is Data Encryption Necessary even in
`Private Networks?
`
`Tags: security (/blog/topic/security)
`
`WhatsApp recently announced that they turned on end-to-end encryption
`(https://www.teskalabs.com/blog/whatsapp-end-to-end-encryption) for their messaging app, estimated to be
`used by 1 billion users. In this case, end-to-end encryption secures communication between endpoint
`devices, such as smartphones or the tablets.
`
`Securing data transferred between dierent endpoints is important not only through public networks but
`also in private networks. The data has to be protected if it is business critical or if modication or
`interception leads to a security incident with a high business impact. Can you imagine if it is easy for cyber
`attackers to intercept your bank transfers, documents or information about the business strategy or
`customers, the trac, modify the data, delete or even redirect it to another server?
`
`https://teskalabs.com/blog/seacat-encryption
`
`1/9
`
`EX1027
`Apple v. MPH
`IPR2019-00824
`
`

`

`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`6/1/2020
`Keeping the data secure means ensuring the principle of the CIA triad (Condentiality, Availability and
`Integrity); an important concept in information security. Securing the communication by implementing
`HTTPS, for example, doesn’t ensure condentiality if the HTTPS communication does not end at the
`application backend. There is a possibility that data will be modied during the transfer to the nal
`destination, thus the CIA principle is not ensured.
`
`Why is it important to encrypt data even in a private
`network?
`
`All data transfers are done using a public or private network. The public network is the Internet or any local
`Internet Service Provider (ISP) network used by customers. Based on lots of research and studies done about
`the DROWN attacks (https://www.teskalabs.com/blog/openssl-sslv2-drown-vulnerability) or other HTTPS-
`related attacks, there are a lot of servers with wrong HTTPS congurations which endangers the transferred
`data.
`
`The big problem is that encrypted data needs to be decrypted before being processed by the application
`logic. This decryption can be done in various devices such as rewalls, load balancers, SSL terminators, web
`application rewalls, and of course, application backends. The fact that a HTTPS session is terminated before
`the data arrives at the application backend poses a big issue. That means that if the data is decrypted before
`reaching the application backend logic, it can be intercepted.
`
`There have been and always will be bad guys who want to hijack the network to get their hands on the data.
`There are also many other devices such as routers, rewalls, anti-spam lters in the network that can be
`tampered with or operated by hackers to manipulate communications.
`
`Payload encryption helps when you encounter these issues or need an extra layer of security
`protection.
`
`Let's imagine that you have an SSL Terminator in your DMZ. The HTTPS trac is then terminated inside the
`DMZ at the SSL Terminator. If the data is not encrypted and only HTTPS is in place, the data is in readable
`form before being sent further inside the private network protected by a rewall. Operators of the rewall
`can intercept, change or manipulate the data.
`
`It’s important to keep in mind that every device that works with unencrypted data can be manipulated.
`
`Data being decrypted inside a private network
`
`https://teskalabs.com/blog/seacat-encryption
`
`2/9
`
`

`

`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`6/1/2020
`Allowing unencrypted communication even in private networks can incur severe consequences. It is hard to
`trust that all employees and contractors will know and do the right things when they have access to
`company servers and sensitive business information. They can intercept the data if the data are not
`encrypted. Thus, it is up to responsible people, the Application Business Owner, for example, to dene the
`level of importance of the data and how they want to secure it.
`
`If the data contains information about customers, payment transactions, company strategies or unpublished
`decisions, the impact is devastating.
`
`To make it short:
`
`Encrypt the payload transmitted from the client
`Allow only the application backend to decrypt the data
`
`How SeaCat supports encryption
`
`SeaCat client, SDK, is embedded with a protected mobile application and encrypts transmitted data by the
`recipient’s certicate. In our solution, this is the application backend certicate. The payload is then
`transferred via a secure client connection to the SeaCat Gateway where the secure client connection is nally
`terminated. However, the transferred data is not yet decrypted until it is passed to the application backend.
`
`SeaCat supports this approach to payload encryption, keeping data private until it reaches the application
`backend, and in doing so, guarantees data protection in both public and private networks.
`
`Data encrypted inside a private network
`
`If your mobile or IoT application is secured by SeaCat and monitored by our Network Security Center, you
`have payload encryption built-in. To get a true assessment of the architecture and security of your mobile
`application, please request a FREE Demo (https://teskalabs.com/request-demo). Or, to learn more about
`TeskaLabs’ SeaCat Mobile Secure Gateway and how we can help you with the security of your mobility
`solutions, please visit www.teskalabs.com/products/seacat-mobile-secure-gateway
`(https://teskalabs.com/products/seacat-mobile-secure-gateway).
`
`Contact us (/contact)
`
`https://teskalabs.com/blog/seacat-encryption
`
`3/9
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`About the Author
`
`Jiri Kohout (/blog//author/jkohout)
`
`TeskaLabs’ VP of Application Security, Jiri Kohout, brings years of experience in ICT security, having served
`as the Chief Information Security Ocer for the Ministry of Justice and Chief Information Ocer for
`Prague Municipal Court. He cooperated with the Czech National Security Agency to prepare the Czech
`Republic cyber security law.
`
`https://teskalabs.com/blog/seacat-encryption
`
`4/9
`
`TurboCat.io
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`Data encryption tool for GDPR
`
`(https://www.teskalabs.com/products/turbocat.io/encryption?topic=BlogPost&ref=seacat-encryption)
`
`More information
`
`Tweets by @TeskaLabs (https://twitter.com/TeskaLabs)
`
`Most Recent Articles
`
`C-ITS PKI as a Service (/blog/meili-c-its-pki-as-a-service)
`
`Creative Dock, TeskaLabs, Indermedica, Czech Ministry of Industry and Trade and Line 1212 launch the
`indicative test for new COVID-19 coronavirus (/blog/covid-19-indicative-test)
`
`Cyber-health with a password and an antivirus program is not enough (/blog/cyber-health-with-a-password-
`and-an-antivirus-program-is-not-enough)
`
`TeskaLabs at the ETSI 1st C-V2X Plugtest (/blog/etsi-plugtest-c-v2x-1st)
`
`TeskaLabs has become a leader of Mobile Healthcare applications in the Health (in) Future Platform
`(/blog/mobile-healthcare-applications-at-health-in-future-platform)
`
`You Might Be Interested in Reading These Articles
`
`https://teskalabs.com/blog/seacat-encryption
`
`5/9
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`Custom Made vs. O-The-Shelf Mobile Apps – The Issue of
`Security (/blog/custom-made-versus-o-the-shelf-mobile-apps-
`security)
`
`In October 2015, Blakely Thomas-Aguilar did a great article on mobile security statistics on the VMware
`AirWatch blog that can and will send shivers down your spine. For example, she found that there was an
`increase of 18% in the number of Android vulnerabilities between 2011 and 2015.
`
`Continue reading ... (/blog/custom-made-versus-o-the-shelf-mobile-apps-security)
`
` mobile (/blog/topic/mobile) security (/blog/topic/security)
`
`
`
`Published on July 26, 2016
`
`https://teskalabs.com/blog/seacat-encryption
`
`6/9
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`SeaCat and OpenSSL Heartbleed Bug (/blog/heartbleed)
`
`After almost two and a half year we hope that the Heartbleed remains in the past. It is not true,
`unfortunately. Now we have proof that a security vulnerability remains with us for a long time, maybe almost
`forever even when there exist patches and xes. The Internet is a battleeld among the good, the bad, and
`the ugly. Who has better attacking or defending technology wins.
`
`Continue reading ... (/blog/heartbleed)
`
` security (/blog/topic/security)
`
`
`
`Published on December 20, 2016
`
`https://teskalabs.com/blog/seacat-encryption
`
`7/9
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`You Can Build Apps for the Apple TV, But Do You Know How to
`Do It Securely? (/blog/secure-apple-tv-apps-using-tvos-seacat)
`
`Apple will want to dominate the market for TV apps. To achieve this objective, it’s understandable that Apple
`makes it easy for app developers to create apps and games for the Apple TV platform using tvOS and prot
`from them just as they have already done so for the iPhone and iPad devices. Developers can leverage
`similar frameworks and technologies since tvOS is just a modied version of the iOS. They can even retrot
`the apps that were previously developed for iOS to support the Apple TV’s tvOS.
`
`Continue reading ... (/blog/secure-apple-tv-apps-using-tvos-seacat)
`
` mobile (/blog/topic/mobile) security (/blog/topic/security)
`
`
`
`Published on June 29, 2016
`
`Follow @TeskaLabs (https://twitter.com/TeskaLabs) Tweet (https://twitter.com/share)
`
` (/blog/feed/atom)
`
`COMPANY (HTTPS://WWW.TESKALABS.COM/ABOUT)
`
`About Us (https://www.teskalabs.com/about)
`Team (https://www.teskalabs.com/about/team)
`Press (https://www.teskalabs.com/about/press)
`Blog (https://www.teskalabs.com/blog)
`Resources (https://www.teskalabs.com/resources)
`Open Source at GitHub (https://github.com/TeskaLabs)
`
`https://teskalabs.com/blog/seacat-encryption
`
`8/9
`
`

`

`6/1/2020
`
`Why Is Data Encryption Necessary even in Private Networks? · TeskaLabs Blog
`
`Contact (https://www.teskalabs.com/contact)
`
`Follow @TeskaLabs (https://twitter.com/TeskaLabs)
`
`© 2014-2019 TeskaLabs Ltd. · Terms & Conditions (https://www.teskalabs.com/terms-and-conditions) · Privacy Policy
`(https://www.teskalabs.com/privacy-policy)
`
`https://teskalabs.com/blog/seacat-encryption
`
`9/9
`
`