Not sure what you should believe about data diodes?
It’s no surprise—manufacturers of “unidirectional gateways” and other inferior technologies have done their best to create confusion in the marketplace about what data diodes are and how they work. The market has been polluted with ideas that data diodes are expensive, fill server racks with equipment, take weeks to deploy, cannot support two-way protocols, and are only used by nuclear power plants, among other myths and misconceptions.
It’s time to set the record straight. The reality is that data diodes are compact, affordable, highly capable devices that play essential roles in a wide range of data security use cases. Owl data diodes provide flexible, hardware-enforced protection that no competing technology can match.
Here’s a look at seven of the most common myths about data diodes, and the true stories behind them.
Myth 1: Data diodes are expensive
Vendors of competing products often claim that data diodes cost tens (or even hundreds) of thousands of dollars each. In reality, data diodes are highly economical. For example, the DiOTa, a single purpose data diode for device level protection, can be purchased at volume for as little as $3200.
Owl offers solutions at a range of price points to address a range of customer requirements, but diodes always represent an excellent value, because they provide more reliable protection and a lower total cost of ownership than any alternative. Misconceptions about price should not stop you from getting the best protection possible.
DiOTa
Myth 2: Data diodes are complicated to deploy
Weeks or months to install?! Unidirectional gateways may take that long, but more than 95% of Owl data diodes are installed by the customer in a few hours, without the need for extensive training or onsite support. In fact, DiOTa diodes can be installed in a matter of minutes by operations personnel—no cybersecurity experience is required. The user simply sets up the basic source and destination information via a web-based interface, selects a protocol, and opens the client. And once a diode is up and running, it stays that way, with no need for software patches, updates, or other maintenance—more on that when we get to myths #6 and #7.
Myth 3: Data diodes are limited to one-way use cases
Despite being one-way flow control devices, data diodes drop into two-way networks without a problem. Customers routinely use Owl data diodes to support two-way protocols, securely transferring data across security domains without opening a threat vector into a network.
Myth 4: Data diodes require the use of multiple devices
This is another case of manufacturers projecting their own products’ shortcomings onto a superior solution. While “unidirectional gateway” systems are typically comprised of transmit and receive devices, plus transmit and receive flanking servers (four devices in all), an Owl data diode is truly a single, standalone device.
OPDS-1000
Myth 5: Data diodes can only support a single data flow
Owl data diodes scale from a single data flow to hundreds of data flows, supporting multiple protocols simultaneously. In many Owl customer implementations, data originates from many sources and is transferred to many destinations simultaneously, without exposing the source systems to the possibility of an inbound threat.
Myth 6: Firewalls can operate as one-way data diodes
Data diode security is hardware based and deterministic. Traffic goes through a protocol break, only transferring the payload, not the whole packet, stopping the propagation of attacks and protecting the original IP address. The design of a data diode makes it impervious to malware, zero-day attacks, and configuration mistakes. Firewalls, on the other hand, are software-based solutions with a broad range of vulnerabilities and no ability to provide a protocol break.
A data diode’s built-in protocol break becomes even more important in the face of attacks like Ripple20 and Amnesia:33, in which vulnerabilities are exploited through malicious packet fragmentation or inappropriate values in the packet headers. Firewalls typically don’t detect those issues, but a diode’s protocol break and hardware-enforced separation will ensure that the malicious data does not propagate.
Myth 7: Data diodes drive up operating expenses
Owl data diodes never need to be updated unless a data flow needs to be modified. It’s not uncommon for Owl data diodes to operate continuously for ten years or more with zero maintenance. Firewalls and unidirectional gateways, on the other hand, need constant monitoring and updates to protect against the latest threats, and will always be one step behind, despite the continuous drain they place on the organization’s IT resources.
How can data diodes help you?
Owl data diodes have been trusted by critical infrastructure operators, military commands, and intelligence services for decades. No other technology delivers the same combination of security, value, and flexibility. Now that you know the true story, take a moment to learn even more about data diodes, or contact us for a consultation on how diodes can fit into your security strategy.
