Certes blog

Critical Infrastructure Depends on Strong Encryption - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:48 GMT

And, as automation continues to evolve and become more important worldwide, the use of ICS/SCADA systems are going to become even more frequent.

Encryption is critical to the security of the industrial control systems and the communication channels through which they send/receive sensitive data to keep critical infrastructure functioning. It protects the integrity of data in transit, enables visibility of communications channels, and enables secure authorization to defend against compromise by malicious actors. For example, encryption is used to protect data in transit across the electricity grid, including communications to and from operations centers, power generation systems, distribution substations, and home “smart grid” networks.

Because encryption is among the most important safeguards for managing the risk of data breaches, it is widely mandated by government and critical infrastructure organizations. Strong encryption is recommended by NIST Framework for Improving Critical Infrastructure Cybersecurity, now mandatory for U.S. Government agencies. It is also directed for financial sector entities and Smart Grid operators.

Cybersecurity is critical for national and economic security,” said Secretary of Commerce Wilbur Ross (2018). “The voluntary NIST Cybersecurity Framework should be every company’s first line of defense. Adopting version 1.1 is a must for all CTO’s.”

End-to-End Data Protection - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:48 GMT

Data breaches are unfortunately inevitable, and traditional network security alone is no longer enough. Organizations need to change their focus from perimeter defenses to a data-centered approach. This keeps sensitive information protected no matter where it goes.

End-to-end encryption (E2EE) is essential for keeping data safe. It protects data before sending, while traveling, and during storage.

With rising regulatory demands and sophisticated cyber threats, businesses must act now to safeguard their most valuable asset: data.

What is End-to-End Encryption?

End-to-end encryption (E2EE) protects data from the moment someone creates it until it reaches the right person. Unlike traditional encryption methods that protect data only in certain states, E2EE keeps data encrypted all the time. This prevents unauthorized individuals from reading it.

How End-to-End Encryption works:

Data is encrypted at the source before it leaves a device or system.
It remains encrypted as it moves through networks, cloud environments, or storage systems.
Only the intended recipient with the decryption key can access and read the data.
Without the right decryption keys, stolen data is useless to cybercriminals. This is true even if they get past network security. This makes E2EE a critical defense against data breaches, ransomware attacks, and insider threats.

Why Businesses Need Data Encryption

Data is the primary target of cybercriminals. Businesses must protect sensitive data, like financial records, customer information, and trade secrets. This includes intellectual property. Here’s why encryption is non-negotiable:

The Growing Threat of Cyberattacks

Cyberattacks have evolved beyond brute-force hacking. Attackers exploit stolen credentials, phishing schemes, and advanced malware to infiltrate systems undetected. Traditional security models that rely solely on firewalls and endpoint protection are no longer sufficient. Encryption ensures that even if unauthorized access occurs, the data remains unreadable and unusable.

Regulatory Compliance & Industry Standards

Governments and regulatory bodies worldwide impose strict data protection requirements. Laws including GDPR, DORA, NIS2, and HIPAA require encrypting sensitive data. This helps prevent breaches and ensures compliance. Organizations that fail to implement adequate security measures face hefty fines and damage to their reputations.

Protection Against Insider Threats

While external threats dominate cybersecurity headlines, insider threats, whether intentional or accidental, pose just as much risk. Employees, contractors, or partners with access to critical systems can compromise data security. E2EE mitigates these risks by ensuring that only authorized users with the correct decryption keys can access sensitive information.

How Certes Secures Data

Certes delivers advanced encryption and security solutions designed to protect data at every stage. By implementing a Zero Trust approach and ensuring faultless encryption, Certes empowers businesses to mitigate cyber risks effectively.

Encryption at the Source

Certes’ solutions encrypt data before it ever leaves its source device or application. This prevents unauthorized access from the outset and keeps sensitive information protected throughout its journey across networks.

Preventing Data Interception

Traditional security measures focus on protecting the perimeter, but attackers often gain access through stolen credentials or unpatched vulnerabilities. Certes ensures that even if an intruder breaches a system, the encrypted data remains unreadable and unusable.

Implementing Secure Data Practices

Businesses must take a proactive approach to cybersecurity by implementing secure data protection strategies. Here are key steps organizations can take:

Adopt End-to-End Encryption – Encrypt data from creation to consumption to prevent unauthorized access.
Implement Zero Trust Architecture – Assume that no user or device is trustworthy by default, requiring continuous verification.
Regularly Rotate Encryption Keys – Reduce the risk of key compromise by frequently updating encryption keys.
Secure Backups with Encryption – Protect backup data to prevent ransomware attacks from rendering recovery efforts useless.
Train Employees on Cybersecurity Best Practices – Teach staff to spot and avoid cyber threats. This will help reduce human error.

Future Trends in Encryption

Cybersecurity threats are constantly evolving, and encryption technologies must adapt to stay ahead. Here’s what businesses should expect in the coming years:

Quantum-Safe Encryption – As quantum computing advances, traditional encryption algorithms will become obsolete. Businesses must prepare for post-quantum cryptography to ensure future-proof security.
AI-Driven Encryption – Artificial intelligence and machine learning will improve encryption methods. This will allow security measures to adapt to real-time threats.
Enhanced Regulatory Requirements – Governments will continue tightening data protection laws, requiring businesses to adopt stronger encryption measures to remain compliant.

Learn More About Certes Solutions

Certes offers advanced encryption solutions. These help businesses protect sensitive data, stay compliant, and defend against new cyber threats. To improve network security, consider using a Zero Trust strategy.

If you want to protect your backups, Certes has the tools and knowledge to help. They can keep your organization safe. Request a Demo to learn how Certes can help you implement end-to-end encryption for ultimate data protection.

Introducing Certes Networks Provable Security™ - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:47 GMT

Introducing Certes Networks Provable Security – A New Way to Measure the Effectiveness of Your Security Strategy

February 3, 2020 – Traditional network and data security approaches have focused primarily on threat detection and vulnerability management. Demonstrating business value, such as compliance, risk management, or information security, has been challenging. Consequently, data security is more often looked upon as a necessary cost of doing business. However, as CIOs, CISOs and network security teams become more fully vested members of the C-suite, provable security remains an ever-growing and overarching goal when considering employing data security technology. Organizations want to see data assurance as a strategic investment in mitigating risk and as a quantifiable contribution to the overall value of their business.

Certes Networks Provable Security™ enables exactly that based on the Certes Five Pillars for Provable Security, or key performance indicators, that enable organizations to quantify security’s role to build, modify and measure a data security strategy that aligns and protects the needs of the organization while mitigating risk.

Certes Networks Provable Security™ is built on the Certes Five Pillars:

Pillar One: Policy Enforcement

Pillar Two: Crypto-segmentation

Pillar Three: Scalability

Pillar Four: Visibility

Pillar Five: Observability

Certes Networks Provable Security™ starts with the premise that policy enforcement is only as good as the policy defined and how that policy is enforced. While threats and vulnerabilities are virtually infinite, access to data is defined and is therefore finite and measurable. By enabling policy definition and enforcement at a highly granular level, risk can be eliminated and data security can be quantified, measured and outcomes driven.

Certes Pillar Two, Crypto-Segmentation creates a reduced scope of trust per policy, protected by encryption, to separate your applications and workloads.

Sean Everson, Chief Technology Officer, Certes Networks, comments: “Crypto-Segmentation removes the implicit trust we traditionally place in our network infrastructure by creating reduced scopes of trust to securely separate data flows between applications and workloads as defined by fine-grained policies, independent of the physical infrastructure or underlying network topology.”

The next pillar of Provable Security is Scalability. Certes Layer 4 solution is a scalable end-to-end encryption management solution that is network agnostic easily integrating into any existing network infrastructure, fully interoperable with the existing security stack and with zero impact to performance. Certes offers the ability to support multiple deployments across multi-vendor environments on any network or transport. With Certes Layer 4 technology, a customer can be sure that their data assurance posture will scale to support the depth and breadth of a customer’s environment, whether deployed top-of-rack, in a virtual environment, between data centers and applications (east to west) or simply just across the WAN or SD-WAN.

The Fourth Pillar of Certes Network Provable Security™ is Visibility. The Certes Layer 4 solution encrypts data in transit, allowing for secure encryption of only the payload enabling transparent deployment that operates independently of applications and the underlying network with zero changes to routers, switches and firewalls. Network visibility and operational functionality are thereby fully maintained with zero impact to performance.

The last Pillar is Observability, the lynchpin that provides real-time contextual meta-data enabling rapid detection of out-of-policy data and fast response remediation to any non-compliant traffic flow or policy change to maintain the required security posture on a continuous basis. Observability provides evidential and visual proof that an organization’s security strategy is effective.

Paul German, CEO, Certes Networks, concludes: “Organizations need to start thinking differently about data security. The major challenges for a CISO is no longer the network rather the data has to come first. With the launch of Certes Networks Provable Security™, we have a technology solution available today that allows CIOs and CISOs to visualize and understand their data, associated applications, workloads and behavior, with real-time contextual data. Organizations can now take actionable steps not only to measure the effectiveness of their security strategy but to gain deep insight into how to enhance their security posture and to manage and enforce policies.”

About Certes Networks

Headquartered in the U.S. with a global presence in Europe, Middle east and Asia Pacific, Certes Networks has been delivering data security technology solutions to enterprises and governments around the world for over 15 years. Our technology is deployed across 1000

customers in nearly 100 countries and is certified for FIPS 140-2 and Common Criteria EAL4+. Our global footprint of organizations using Certes technology has helped customers to meet national, international and industry-specific regulations.

To learn more about Certes Networks Provable Security™, please visit CertesNetworks.com

The New NYDFS Standard: Prove Your Data Is Secure, or Face Penalties

Certes Networks — Thu, 12 Mar 2026 12:09:47 GMT

That era is over.

The New York Department of Financial Services (NYDFS) now expects firms to prove how they protect Nonpublic Information (NPI) across every system, cloud, and third-party connection. And regulators have shown they will pursue large penalties when firms cannot demonstrate that protection in practice.

This shift has caught many organizations off-guard. They invested in detection tools, audits, and dashboards, but far fewer invested in controls that actually secure data wherever it moves.

This blog breaks down why NYDFS has raised expectations, where organizations are failing, and why data-centric protection is now the control regulators look for.

NYDFS Is No Longer About “Reasonable Security”, It’s About Evidence

NYDFS supervisors have repeatedly stated that certification alone is no longer enough. Firms must be able to show how NPI is segmented, encrypted, and controlled across hybrid and multi-cloud networks.

Recent enforcement actions underline this change:

EyeMed Vision Care — $4.5M penalty

NYDFS found the organization failed to maintain effective access controls and left known security gaps unresolved. Sensitive customer data was exposed, and the regulator concluded the firm lacked proper oversight of systems handling NPI.

First American — $1M penalty

A vulnerability exposed hundreds of millions of documents containing personal and financial information. NYDFS determined the company had known about the issue for years yet did not remediate it or maintain adequate processes to protect NPI.

Both cases share a theme: NYDFS now investigates whether firms can prove their controls work, not whether they just exist on paper.

Why NYDFS-Regulated Firms Are Struggling

Most institutions can see their risk. They have dashboards, scanners, reports, and audits. But very few can control that risk across the places regulators now examine:

Multi-cloud estates (AWS, Azure, Google Cloud, private cloud)
A mix of modern and legacy applications
Third-party service providers and integrations
Data flows crossing internal and external boundaries

In practice, this results in:

Inconsistent protection across different clouds
Poor visibility of how NPI moves between systems
Over-reliance on cloud-native encryption, where the provider holds the keys
No way to demonstrate segmentation of sensitive data flows
Weak evidence when regulators ask: “Show us how this data is safeguarded.”

NYDFS expects consistent protection across every environment where NPI travels, and many organizations simply don’t have a control that can meet that expectation.

Why the Shift to Data-Centric Protection Matters for NYDFS

The most common gap discovered during NYDFS enforcement is data in transit.

Many firms assume the network, the cloud provider, or TLS alone will cover them. Regulators no longer accept that. They expect organizations to enforce protection at the data-flow level, not at the perimeter or the device.

A modern NYDFS-aligned approach requires:

Protecting the data itself, not just the network it travels across
Ensuring encryption cannot be bypassed or weakened by misconfigurations
Owning the encryption keys rather than leaving them with AWS, Azure, or Google
Being able to prove which users, systems, or services can access specific data flows

This is the shift regulators want to see, and the shift most infrastructures were never designed for.

How Certes DPRM Helps Organizations Meet NYDFS Expectations

Certes DPRM (Data Protection & Risk Mitigation) gives financial institutions a single, consistent control they can point to when regulators ask how NPI is secured across their entire environment.

Instead of relying on a mix of cloud-native settings, network rules, and device-level protections, DPRM applies protection directly to each data flow. It keeps those flows isolated, authenticated, and encrypted, whether they move through private cloud, AWS, Azure, Google Cloud, or third-party networks.

Your organization maintains full ownership of encryption keys and policy enforcement, removing the dependency on cloud provider key management. And because DPRM records clear, auditable policies and logs, teams can show regulators exactly how NPI is segmented, governed, and protected.

DPRM is also built for crypto agility. Its quantum-safe design means firms can be ready for the PQC era, avoiding another costly and disruptive compliance cycle.

NYDFS Has Raised the Bar, Firms Need Controls That Can Keep Up

NYDFS is now focused on proof, not promises. If an organization can’t show how NPI is secured across end-to-end data flows, regulators see that as a material gap, no matter how strong the documentation looks.

Certes helps financial institutions replace partial coverage with data protection that works across every cloud, system, and connection. Instead of depending on the network or the provider, DPRM gives teams a straightforward, defensible answer when regulators ask how data is actually protected.

Book your free NYDFS Readiness Briefing and get a clear path to provable protection.

SD-WAN Paves the Way for SD-branch - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:46 GMT

Software-defined wide area network (SD-WAN) is technology for configuring and implementing an enterprise WAN – based on software-defined networking (SDN) – to effectively route traffic to remote locations such as branch offices.

As SD-WAN matures, enterprises are moving away from traditional branch routers to offer consolidated network functionality on a single device. The reason is organizations are migrating toward integrated SD-WAN alternatives, with bandwidth prioritization and centralized management capabilities for remote WAN sites.

Hardware improvements have also enabled software-based routing driving better performance of standard server platforms. Software-based routing provides advantages in terms of its flexibility, as it can be implemented anywhere and combined with other WAN functions for a complete package.

SD-WAN services have matured significantly over the last few years with suppliers now offering a broad range of network functionality integrated in their SD-WAN devices, including WAN optimization, routing and basic security. But the branch network of the future will have most of the following requirements, regardless of whether they take the form of an appliance or software:

Secure WAN communications
Reliability
Zero-touch deployment
Remote manageability
Elastic scale-up and scale-down capacity
Integration with SD-WAN, security, LAN and WiFi

As many industries and organizations investigate and phase-out their existing branch routers in favor of SD-WAN packages, some will keep their installed routers for existing MPLS connections as part of a multiyear contract.

Options for enterprises when it comes to branch routers will now include keeping their traditional branch routers, phasing out their brand routers with SD-WAN technology or plan migration to a software-defined branch.

As SD-WAN paves the way for the SD-branch, application security and performance at the branch must be reliable and fast, with low latency. And, IT teams are rearchitecting their branch networks to deliver on application performance expectations and data security. So, as SD-WAN gains steam, it will be important to offer SD-WAN organizations a full-scale security management solution that allows operations to more easily roll out security services while also easing the management of monitoring, metrics, analytics and visibility of their network traffic.

Monthly Insights on Ransomware Trends and Statistics - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:46 GMT

Ransomware attacks have rapidly become one of organisations’ most serious threats. As cybercriminals become more sophisticated, the frequency and severity of ransomware attacks have escalated, placing businesses of all sizes at significant risk.

Our latest infographic, “Cyber Insights on Ransomware” infographic sheds light on the current landscape of ransomware threats in Q2, offering valuable data on the scope and impact of these attacks.

Source: https://www.cyberrescue.co.uk/

The insights presented highlight the urgent need for proactive cybersecurity measures to combat the increasing ransomware threat as the numbers continue to grow. As cybercriminals evolve and expand their reach, businesses must stay informed and prepared.

Keep an eye on our blog for these regular reports, and speak to our team today to learn how we can protect your business from ransomware and other cyber threats. Stay informed, stay secure, and stay ahead of cyber threats with Certes DPRM.

Quantum Threats Are Here – Is Your Security Already.

Certes Networks — Thu, 12 Mar 2026 12:09:45 GMT

Think quantum computing is a theoretical threat on the distant horizon? Think again. It’s a real and accelerating force that is already rewriting the rules of cybersecurity, and exposing a fatal flaw in how most organizations protect their data.

Here’s the uncomfortable truth: if your business is still relying on TLS, RSA, or traditional PKI, your encryption is on a countdown clock. And when quantum machines mature, that protection will become obsolete overnight.

This isn’t alarmism. It’s the reality security and compliance leaders must face now, because by the time quantum is mainstream, the damage will already be done.

Fact: Quantum Will Break Today’s Encryption

The rise of quantum computing presents extraordinary opportunities. Government agencies, research labs, and big tech are pouring billions into quantum development. These machines will be capable of solving problems current systems can’t touch, including breaking the cryptographic foundations most organizations depend on.

Algorithms like RSA and ECC depend on the difficulty of factoring large numbers or solving discrete logarithm problems. Quantum computers, with Shor’s algorithm, will make short work of these defenses.

This is not the work of science fiction. And the global security community is responding accordingly. The U.S. National Institute of Standards and Technology (NIST) has already selected and begun standardizing post-quantum cryptographic (PQC) algorithms. Why? Because current encryption will be completely useless in the quantum era.

So if you’re securing critical data with RSA today, you’re effectively securing it with an expiration date.

Regulators Are Paying Attention to the Quantum Threat – So Should You

This shift isn’t just technical, it’s legal and financial. Under modern data protection laws, organizations have a responsibility to safeguard data against foreseeable threats. That includes quantum.

Regulations like:

GDPR requires “state-of-the-art” technical measures to protect personal data, based on risk.
DORA mandates secure ICT risk management and operational resilience in financial institutions.
NIS2 requires risk-based encryption and technical safeguards for critical infrastructure.
CJIS enforces full encryption key ownership for agencies handling criminal justice data.

All of these frameworks tie data protection to ongoing risk awareness. And quantum is now a known, documented, and acknowledged threat.

Failing to act could mean failing compliance, leading to fines up to 4% of global revenue, criminal investigations, and executive liability. Going forward, failing to adopt quantum-safe measures could be viewed as negligence under similar scrutiny.

“Harvest Now, Decrypt Later” Has Already Begun

Cyber criminals aren’t waiting for quantum hardware to attack, they’re stealing encrypted data today, knowing they’ll be able to decrypt it later. This “harvest now, decrypt later” strategy turns delayed preparedness into an active vulnerability.

Nation-states and advanced persistent threats are stockpiling sensitive data right now – financial records, medical information, trade secrets, law enforcement evidence – counting on the inevitable arrival of quantum decryption capabilities.

Once quantum reaches the necessary scale, previously captured data can be exposed retroactively. If you didn’t protect it with post-quantum tools when it was collected, the damage is done. That’s why forward-looking security leaders are shifting now, not later.

Certes Is Ready for Quantum. Today.

At Certes, we’re not waiting for quantum threats to materialize. We’ve already integrated quantum-safe algorithms into our Data Protection and Risk Mitigation (DPRM) platform, based on NIST-approved standards.

Our approach is different by design. Unlike traditional perimeter-based defenses that focus on keeping attackers out, Certes protects the data directly. Whether it’s in motion, at rest, or in use, the data remains protected with post-quantum safeguards.

Our model delivers:

Quantum-Safe Protection: PQC built into the data layer, not bolted on later.
Regulatory Readiness: Supports GDPR, DORA, NIS2, CJIS compliance with enforced key ownership and audit-friendly controls.
Zero Trust Enablement: No trust in the network, full trust in the data.
Operational Longevity: Future-proofs sensitive data so it’s not exposed years from now when legacy encryption collapses.

With Certes, businesses stay compliant and protected, regardless of what breakthroughs the next five years bring.

The Longer You Wait for Quantum, the More You Risk

Post-quantum security isn’t a five-year roadmap. It’s a now problem. Because the breaches of 2029 are already underway in 2025, and they’re targeting the data you think is encrypted.

The executives, CISOs, and compliance leaders who take action and become Quantum-ready now will be the ones who avoid tomorrow’s headlines, regulatory actions, and boardroom blame.

Your Data May Be Secure Today. But Will It Still Be Secure Tomorrow?

Quantum threats are already changing the rules. If your data protection strategy isn’t already quantum-safe, it’s already obsolete, non-compliant, and not enough.

Certes is ready for the quantum era. Is your organization?

Book a PQC readiness assessment with Certes.

Achieving DORA Compliance: Securing Data in Transit

Certes Networks — Thu, 12 Mar 2026 12:09:44 GMT

As digital financial services grow, so do the risks associated with cybersecurity, data breaches, and operational disruptions. The European Union’s Digital Operational Resilience Act (DORA), set to come into force in 2025, is a comprehensive regulation aimed at strengthening the digital resilience of financial institutions and businesses within the EU. Among the many aspects of digital resilience that DORA addresses, protecting data in transit plays a critical role in ensuring compliance with this regulation.

In this blog post, we will explore why safeguarding data in transit is essential under DORA and how it helps businesses meet compliance requirements while protecting sensitive financial information.

Understanding EU DORA Compliance and Its Objectives

DORA’s primary objective is to ensure that financial institutions, including banks, insurance companies, and investment firms, can withstand, respond to, and recover from all types of IT disruptions, including cyberattacks. The regulation establishes a uniform set of rules for risk management, reporting, and compliance.

Among its core pillars, DORA focuses on:

Risk Management: Financial institutions must implement robust digital operational resilience frameworks, including securing data and systems.
Incident Reporting: Firms are required to report cyber incidents to relevant authorities.
Third-Party Risk: Managing risks related to third-party ICT service providers (e.g., cloud services).
Testing and Audits: Financial entities must undergo regular testing to ensure that their security systems are resilient to operational and cybersecurity risks.

One of the critical aspects of operational resilience under DORA is securing data in transit, which is data actively moving across networks, whether between internal systems, external partners, or customers. This is particularly relevant for financial services, where sensitive personal and financial information is frequently transmitted.

Why Protecting Data in Transit is Critical for DORA Compliance

Ensuring the Confidentiality of Sensitive Financial Data

Financial institutions deal with highly sensitive information such as account details, financial transactions, and personal customer data. During transmission, this data is vulnerable to interception, manipulation, or unauthorized access if not properly secured. DORA emphasizes the need to maintain the confidentiality, integrity, and availability of data, making it essential to protect data in transit.

Under DORA, financial entities must ensure that their data management practices secure sensitive financial information during transmission. Encrypting data in transit with solutions such as Certes DPRM ensures that unauthorized actors cannot view or tamper with data, maintaining its confidentiality and integrity.

Preventing Man-in-the-Middle (MITM) Attacks

Man-in-the-middle (MITM) attacks pose a significant risk to data in transit. In these attacks, an unauthorized actor intercepts communications between two parties to either steal data or manipulate the transaction. MITM attacks are a common threat in financial services, where cybercriminals aim to intercept sensitive information or alter payment instructions.

DORA mandates that financial institutions protect data from unauthorized access and tampering. This includes securing all data transmissions between systems, third-party providers, and customers. End-to-end encryption of data in transit helps prevent MITM attacks, ensuring that financial data is protected as it travels across networks.

Meeting Legal and Regulatory Requirements

The financial industry is already highly regulated, with requirements from GDPR, PSD2, and now DORA adding further layers of compliance. Many of these regulations overlap, particularly concerning the protection of customer data. GDPR already mandates the protection of personal data during transmission, and DORA extends this requirement to encompass operational resilience against cyber threats.

Compliance with DORA means that financial institutions need to integrate cybersecurity practices that ensure data in transit is always protected. Failure to do so could lead to violations not only under DORA but also under other regulations like GDPR, leading to significant fines and penalties.

Mitigating Third-Party Risks

DORA emphasizes the need to manage risks associated with third-party IT service providers, such as cloud service providers, payment processors, and outsourced IT services. When data is transmitted between financial institutions and third parties, it is crucial to ensure that it is encrypted and protected during transmission to avoid unauthorized access or leaks.

To comply with DORA’s third-party risk management requirements financial firms must implement secure data-sharing protocols when working with third-party providers. Secure APIs, encryption of data in transit, and audit trails are key to ensuring that third parties handle financial data securely and that firms remain compliant.

Proactively Guarding Against Data Breaches

Data breaches not only compromise sensitive customer information but can also disrupt services, damage reputations, and result in significant financial losses. DORA mandates that financial institutions must implement proactive measures to safeguard digital systems and data to ensure continuous service availability and security.

DORA’s focus on operational resilience includes safeguarding data from breaches that could result from cyberattacks on data in transit. Encrypting data in transit reduces the likelihood of a data breach, ensuring compliance with DORA’s requirements for safeguarding customer data and ensuring operational continuity.

Strengthening Customer Trust

Protecting data in transit is not only about compliance but also about building trust with customers. Financial institutions that take steps to secure all aspects of their data flow, including data in transit, demonstrate a commitment to customer privacy and security. Certes DPRM is entirely focused on protecting data in transit using quantum techniques and keys that are unique to the customer resulting in highly secure transmission of customer data.

DORA places the customer at the center of its regulatory framework by emphasizing the need to ensure continuous, secure, and trustworthy financial services. By protecting data in transit, financial institutions can meet DORA’s requirements and reassure customers that their sensitive financial information is secure.

Best Practices for Securing Data in Transit to Ensure DORA Compliance

To ensure compliance with DORA, financial institutions should adopt the following best practices for securing data in transit:

Implement Strong Encryption Solutions

Always encrypt data in transit using strong encryption solutions such as Certes DPRM. DPRM ensures that even if data is intercepted, it cannot be read or manipulated by unauthorized users. Each separate data flow is individually protected using Quantum-based techniques and the key is changed every hour.

Enable End-to-End Encryption (E2EE)

E2EE ensures that data is encrypted at the source and only decrypted at the destination. This prevents any unauthorized interception during the transmission process, whether internally or externally. DPRM can protect the data from its source to destination irrespective if that is as a physical, virtual, container or in the Cloud supplied solution.

Regular Security Audits and Testing

DORA requires regular testing of operational resilience measures, including cybersecurity practices. Conduct penetration testing and vulnerability assessments to identify weaknesses in how data is transmitted and ensure compliance.

Monitor and Log All Data Transfers

Implement monitoring tools to log and audit all data transfers across your network. This helps detect any suspicious activities or unauthorized access attempts and ensures you can report incidents as required by DORA.

Securing Data in Transit is Key to DORA Compliance

As the financial sector becomes more digitized, protecting data in transit is no longer optional — it’s a regulatory requirement. Under the EU DORA framework, ensuring the confidentiality, integrity, and security of financial data in transit is critical to building a robust and resilient cybersecurity posture. By deploying Certes DPRM to protect data in transit and managing third-party risks, financial institutions can achieve DORA compliance and safeguard their customers’ trust.

For financial institutions operating within the EU, now is the time to assess your data protection strategies and prioritize securing data in transit as a key component of your DORA compliance efforts.

By understanding the importance of protecting data in transit and implementing best practices, your organization will be well-prepared to meet the stringent requirements of DORA and maintain a secure, resilient digital financial infrastructure.

Contact us to find out more about how Certes empowers organizations to navigate complex regulatory landscapes and fortify their defenses against evolving cyber threats.

Certes Networks announces partnership with EU Commission - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:44 GMT

Certes Networks announces it has been selected by the EU Commission as a trusted cybersecurity technology provider.

20 April, Pittsburgh MA, Certes Networks, an innovator in software-defined security solutions, today announces its work as an on-going provider of cyber- security solutions to secure data-in-motion for the EU commission.

Handling sensitive data from its 28 member states, the EU Commission has selected Certes Networks as part of an official procurement framework, based on its proven ability to encrypt and protect data in motion. This extends the relationship between Certes Networks and the European Commission, who have been working together since 2012.

The European Commission is the EU’s politically independent executive arm and is responsible for all new European legislation proposals, and the implementation of decisions of the European Parliament and the Council
of the EU.

Paul German, President and CEO at Certes Networks commented, “We are very proud to continue our on-going relationship with the European Commission based on our proven ability to protect sensitive data-in-motion. With the introduction of GDPR, and based on the success over the last 5 years, we are delighted to be able to continue to protect the data of the EU citizens through our work with the European Commission, but also assisting organisations looking for innovative security solutions to help meet the new regulatory demands.”

Keeping Data Secure in the Oil & Gas Industry - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:43 GMT

Keeping Data Secure on Oil and Gas Industry

Author: Jerry Askar, Managing Director Middle East, Levant & Africa, Certes Networks

As published in Professional Security Magazine, August 2019; InfoSecurity Magazine, September 4, 2019; and, Security Middle East, upcoming September 2019 issue.

As automation continues to evolve, the utilities sector is finding that encryption of their network data is a critical to safeguard against cyber-attacks. And, as organisations across the globe continue to prioritise cybersecurity, the threat landscape continues to expand. Although good progress is being made, it is evident that critical network vulnerabilities are still being left unprotected.

This is particularly the case in the oil and gas sector, which is the latest to enter the cyber security spotlight according to the latest threat report by security firm Dragos that highlighted that the sector is a valuable target for adversaries seeking to exploit industrial control systems (ICS) environments. The report revealed a new activity group targeting the industry, bringing the total number of tracked ICS-targeted activity groups to nine, five of which directly target oil and gas organisations. What’s more, the increased deployment of automation within the oil and gas industry to manage costs, extract the most value from current assets and maximise up-time, only causes the threats to ICS and supervisory control and data acquisition (SCADA) networks to rise.

The threat is clearly high, as are the potential consequences of a cyber-attack on this sector. An attack on an oil or gas organisation would not only have severe political and economic impacts, but it would also have a direct effect on civilian lives and national infrastructure. Much of how the population lives and works is dependent upon the energy from oil and gas production, from communication, the use of electronic devices and appliances, and even heating, cooling and cooking. The smallest attack on this sector could have devastating effects.

Beyond consumer impact, an oil or gas company hit by a cyber-attack could experience a plant or production shutdown, utilities interruptions, equipment damage or loss of quality, undetected spills and of course safety measure violations. For example, in December 2018, Saipem, an Italian oil and gas industry contractor, fell victim to a cyber-attack that hit servers based in the Middle East, India, Aberdeen and Italy, which led to the cancellation of data and infrastructures.

Mitigating Cyber-attack Damage

Understanding not just the threats faced by this sector, but also how the attacks are taking place and the behaviors and capabilities of activity groups targeting oil and gas companies, is essential. As the Dragos report warned, there is currently limited visibility – and observability –into the network ecosystem, including communications to and from operations centers, distribution substations and even home “smart grid” networks. This means that intruders can dwell for longer and the root cause of the attack can remain undetected. As is widely documented, the longer an attacker remains in a network, the more damage the breach will cause.

To protect data in ICS/SCADA environments, organisations in the oil and gas industry need an encryption solution that not only safely encrypts data enterprise-wide, but that is also scalable and easy to implement, without disrupting, replacing or moving the network infrastructure. Furthermore, some encryption technologies will provide organisations with greater visibility of their data to monitor deployed policies. By defining and deploying policies and keys based only on which users should have access to what data, organisations can ensure that only those who need to send or receive the data have the access to do so. In addition, new Observability tools can provide crucial flow data so that IT operators can observe policy enforcement and quickly shut down a policy if compromised to stop further damage and potential escalation.

Conclusion

Lessons need to be learned from the past attacks on the oil and gas industry, such as the Saipem attack which had global consequences. With the sector facing such a high cyber risk, it’s more crucial than ever for oil and gas organisations to inhabit a cyber security culture and move from reactionary to proactive. This means employing an encryption management solution, along with the right forensic intelligence tools, to understand and safeguard against future cyber-attacks and their potential for devastating consequences.

Embracing the Quantum Age: Pioneering Data Privacy - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:43 GMT

Quantum computing is often hailed as the next industrial revolution, transforming everything from machine learning to cryptography. With its potential to increase computational power, the implications for data privacy are profound and immediate.

The quantum computing market is expected to grow significantly, reaching $1.7 billion by 2026, so the need for quantum-safe encryption solutions becomes urgent.

The Quantum Threat to Cryptography

Traditional cryptographic systems, which underpin modern digital security, depend on complex mathematical challenges that are tough for classical computers to crack. However, quantum computers, using principles of quantum mechanics like superposition and entanglement, can solve these problems much faster. This capability poses a direct threat to encryption methods such as RSA, making the current cryptographic standards exposed and vulnerable.

Shor’s and Grover’s algorithms are prime examples of how quantum computing can disrupt current security systems. Shor’s algorithm, for instance, can factor large numbers much more efficiently than classical computers, which is a critical blow to RSA encryption. Meanwhile, Grover’s algorithm improves the efficiency of unstructured searches, enhancing the capabilities of brute-force attacks.

Innovative Responses to Quantum Challenges

In light of these challenges, Data Protection and Risk Mitigation (DPRM) is leading the way by integrating quantum physics into the generation of key materials and adopting the latest quantum-safe algorithms.

This proactive approach not only fortifies data protection but also ensures that organisations are ready and future-proofed for the quantum era.

Quantum Key Distribution and Quantum Random Numbers

A key feature of quantum-safe cryptography is Quantum Key Distribution (QKD), which uses quantum mechanics to provide secure communication channels which are immune to computational attacks. Additionally, quantum random numbers, which are fundamental to generating cryptographic keys, offer a new level of security by leveraging the inherent randomness of quantum processes.

Navigating Challenges and Opportunities

Despite its potential, quantum computing comes with its own set of challenges, such as:

Decoherence
Error Correction
and Scalability.

These technical hurdles provide opportunities for innovation in quantum error correction techniques and fault-tolerant architectures. The continuous development of these areas is critical for the practical implementation of quantum computing.

The Road Ahead for Quantum-Safe Cryptography

As we enter the quantum era, the transition to quantum-safe cryptography is not just advisable but essential. This shift involves updating cryptographic standards, deploying new encryption solutions, and widespread education on the importance of quantum-resistant methods. For example, integrating quantum-safe solutions into existing infrastructures will require significant collaboration across various sectors.

Certes DPRM’s commitment to quantum-safe technologies makes it a valuable ally to safeguard data privacy. By offering advanced quantum-resistant solutions, and setting new standards in cybersecurity, DPRM helps organisations protect their most valuable asset—their sensitive data—from emerging quantum threats.

The rise of quantum computing is both an opportunity and a challenge in the field of data privacy. With its pioneering efforts in quantum-safe solutions, Certes DPRM is leading the charge in preparing for a secure quantum future.

As we stand on the brink of this new technological era, embracing quantum-safe encryption is not merely an option—it is a necessity to secure our digital future. To learn more about how we’re placing quantum-safe security at the forefront view our whitepaper here or book a PQC readiness assessment with Certes.

Why Protecting Data in Transit Should Be Your Top Priority

Certes Networks — Thu, 12 Mar 2026 12:09:42 GMT

In seeking to protect valuable, sensitive information that all businesses maintain, many organizations prioritize network activity monitoring as their primary line of defense against cyber threats. While monitoring is important, it’s not enough on its own. One of the most overlooked but critical aspects of security is protecting data in transit — the data that moves between devices, networks, or cloud services.

In this blog post, we’ll explain why focusing on securing data in transit is essential and how it can protect your business from sophisticated cyber threats. We’ll also highlight how data protection through quantum cryoptography and security best practices can give you peace of mind that monitoring alone can’t provide.

The Growing Threat to Data in Transit

When data is transmitted between different points (like between your company’s internal network and an external cloud server), it’s particularly vulnerable to attacks. This stage of data movement is known as data in transit or data in motion. Hackers constantly look for opportunities to intercept this data during transmission, hoping to steal, manipulate, or exploit it for malicious purposes.

Common threats to data in transit include:

Man-in-the-middle (MITM) attacks: Hackers position themselves between two communicating parties to intercept and even alter the data being sent.
Eavesdropping: Cybercriminals can listen in on unencrypted communications, capturing sensitive information like passwords, financial data, or personal details.
Packet sniffing: Attackers use special tools to capture and analyze data packets as they travel across networks, which can expose confidential data.

While monitoring network activity helps detect these kinds of attacks after they happen, it doesn’t prevent them. This is where the focus on securing data in transit comes into play.

Why Protecting Data in Transit Matters More Than You Think

Prevention is Better Than Detection

Monitoring network traffic helps identify suspicious activity, but it’s reactive. By the time a threat is detected, the damage may already be done. On the other hand, protecting data in transit with strong quantum based encryption actively prevents hackers from being able to read or exploit sensitive information, even if they manage to intercept it.

Imagine sending an unencrypted email that contains your company’s financial data. If a hacker intercepts that communication, they can read it easily. Now, if that email is protected by strong cryptography and a key controlled by the customer, even if it’s intercepted, the hacker will be unable to decipher the information.

Comply with Regulations and Standards

Protecting data in transit is often a regulatory requirement. Many data protection regulations, such as GDPR, HIPAA, and PCI DSS, require businesses to encrypt sensitive data during transmission. Non-compliance can result in heavy fines and penalties, not to mention the loss of customer trust.

For example, Payment Card Industry Data Security Standard (PCI DSS) requires credit card data transmitted over public networks to be encrypted. Simply monitoring your network won’t meet this standard, but encrypting your data in transit will.

Guard Against Man-in-the-Middle (MITM) Attacks

MITM attacks can happen on any network, especially unsecured ones like public Wi-Fi. In these attacks, an attacker intercepts the data being sent between a sender and receiver, without either party knowing. They can steal login credentials, personal information, or other sensitive data. Protecting data in transit using end-to-end encryption can prevent attackers from accessing or tampering with your data, even if they manage to intercept it.

Secure Communication with Cloud Services

With more businesses moving their operations to the cloud, ensuring secure communication between local systems and cloud services is vital. Data traveling to and from the cloud needs strong encryption to prevent exposure during transmission.

Without encrypting data in transit, your sensitive information could be intercepted at various points on its journey to the cloud provider.

Prevent Unauthorized Data Modification

Not only can attackers steal data in transit, but they can also modify it. Imagine a scenario where an attacker intercepts and changes a file during transmission, potentially causing irreversible damage or confusion.

Encryption protects against unauthorized data modification by ensuring the data’s integrity. This is particularly important when used in conjunction with immutable backup solutions – the backup is only as good as the data it receives, if that data is tampered with then the backup is useless.

How to Effectively Protect Data in Transit

To safeguard data in transit, you need to take proactive steps. Start from the assumption that your data will be the target of an attack and plan accordingly. A solution such as Certes DPRM (Data Protection and Risk Mitigation) is focused on protecting the data in transit, it does this in a way that is transparent to other network devices and services. The data is protected using quantum based techniques and includes key material unique to the customer that is changed per data flow every hour. The result is a data set that is only available to the customer and their intended recipient and no one else – no service provider, no network vendor and certainly no attacker.

Don’t Just Monitor, Secure Your Data

While monitoring network activity is an essential part of a strong security posture, it’s only one piece of the puzzle. Protecting data in transit is proactive, ensuring that your sensitive information remains safe even if it’s intercepted by malicious actors. By adopting Certes DPRM, and best practices, you can prevent many common cyberattacks and keep your business safe.

Remember, prevention is key in cybersecurity. Securing data in transit should be a top priority, not an afterthought.

Protect your data on the move — because it’s not just about knowing who’s trying to access it, it’s about ensuring that no one unauthorized ever can.

By emphasizing the proactive protection of data in transit, businesses can ensure that sensitive information stays secure and continues to build customer trust.

Contact us to find out how Certes DPRM protects your data in transit, ensuring sensitive information stays secure and protected from unauthorised access.

Rethinking Cybersecurity in Critical Infrastructure - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:41 GMT

As the rate of cyber attacks worldwide continues to increase, the energy sector remains a prime target for attackers seeking to disrupt global economies. Recent examples, such as the Halliburton incident, highlight how criminals can exploit vulnerabilities that persist in systems, like Active Directory (AD) – underscoring the urgent need for a shift in how we approach cybersecurity for critical infrastructure.

Halliburton attack: a wake-up call for the industry

The attack on Halliburton in August 2024 forced the company to take drastic measures, including shutting down some internal systems to prevent further unauthorized access. While the specifics of the attack remain under wraps, the potential compromise of core systems, like Active Directory (AD), could have led to significant operational disruptions. This incident is not just a concern for Halliburton but a clear signal to the entire energy sector – and other critical infrastructure industries – that they must move away from relying solely on traditional perimeter-based security measures that have repeatedly proven inadequate against sophisticated cyber threats.

The role of Active Directory and the ZeroLogon exploit

The Halliburton attack is part of a troubling trend in cyberattacks on critical infrastructure that reveal a broader industry crisis where vulnerabilities in systems like AD can lead to catastrophic outcomes. Once AD is compromised, it can grant attackers access to critical resources across the network, potentially leading to devastating consequences. By decrypting the AD database and creating their own superuser accounts, attackers can roam as they please throughout the network – a technique known as ‘living off the land’.

Using existing tools and legitimate processes for malicious activities without the need for malware or external tools, attackers can blend seamlessly into normal network traffic. Such a stealth approach means that attackers can remain undetected by traditional security measures.

One particularly concerning exploit is ZeroLogon, a vulnerability in the Microsoft Netlogon Remote Protocol. This flaw allows attackers to manipulate authentication processes and gain control over an entire Active Directory environment. Exploits like ZeroLogon can result in attackers taking over all systems within a domain, enabling them to deploy ransomware, steal sensitive data, or even halt operations entirely.

Proactive defense: moving beyond traditional security

With high-profile examples of critical infrastructure attacks being all too frequent, it’s clear that traditional network security measures are insufficient in protecting against sophisticated cyber threats. To effectively safeguard critical infrastructure, organizations must adopt a proactive, multi-layered defense strategy that focuses on securing and segmenting key systems like Active Directory.

This includes implementing solutions like Certes Data Protection and Risk Mitigation (DPRM) that deliver a robust defense against exploits like ZeroLogon through a combination of granular security controls, including strict data segmentation, quantum-based cryptography for data in transit, strict policy enforcement, and real-time monitoring. This combination creates a robust defense that minimizes the risk of critical exploits compromising the AD environment.

As cyber threats continue to evolve, so must our approach to defending against them. By adopting proactive measures like DPRM, organizations can protect their most critical assets and contribute to the overall security of the industry.

Contact us to find out more about how Certes DPRM can strengthen your data security and protect your Active Directory against external threats.

Meta’s $1.3 billion GDPR Fine: Lessons in Data Protection - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:41 GMT

In May 2023, we witnessed Meta incur a staggering $1.3 billion GDPR fine, making it the largest-ever fine imposed by the European Union. This substantial penalty resulted from Meta’s violation of EU privacy laws, specifically related to the transfer of Facebook user data to U.S. servers.

This fine serves as a strong reminder to other businesses the importance of strict user data protection and emphasises regulatory bodies’ commitment to enforcing corporate compliance.

Below, we delve further into the concept of data sovereignty and the challenges faced by companies like Meta in protecting user data.

The Challenges of Data Sovereignty

With increased global data protection efforts, data sovereignty becomes more important. Handling, preserving, and transferring data across borders has grown more complex, especially with widespread cloud storage and international data management. This complexity is magnified for organisations relying on Managed Service Providers (MSPs) for infrastructure needs, as accountability is shared between data owners and data handlers (MSPs) in case of data breaches.

Growing Value of Personal Data

The value of our personal data has surged with the rise of social media and online activities like banking. Our data, once underestimated, is now an invaluable asset intertwined with our lives, but it does carry risks like identity theft.

Organisations handling personal data must recognise their duty to protect it, as GDPR regulations hold data owners accountable, regardless of its location or processing and regulators are becoming increasingly stringent on how the data is being handled. The responsibility to secure this asset is paramount.

Data-centric Security

Traditional network security has heavily relied on perimeter protection, sometimes at the expense of neglecting vulnerabilities. Yet, the ongoing series of breaches and increasing regulatory pressure raises concerns about this approach.

Switching to data-centric security, which emphasises data protection instead of relying solely on perimeter measures like firewalls and access controls, can help avoid GDPR violations..

The Meta breach highlights the need to go beyond networking monitoring and analytics for spotting data issues, clarifying that the root cause is data-related, not a network problem.

How Certes Can Help Protect Your Data

Organisations can enhance their data protection by adopting a solution such as the Certes Layer 4 Solution. With this approach, security is wrapped around the data itself, separate from the network security, and encryption mechanisms are implemented to ensure that Personally Identifiable Information (PII) is only visible to the intended recipients. This way, organisations can establish a form of virtual data sovereignty, eliminating concerns related to geographic boundaries and granting them greater freedom and control.

Lessons for GDPR Compliance

Companies can learn valuable lessons from incidents like the Meta breach. The key takeaway is a shift in perspective: companies must recognise that, as data owners, they bear full responsibility for data throughout its lifecycle, regardless of its location. Assigning responsibility to service providers or the cloud isn’t enough in the eyes of regulators.

The Meta breach serves as a clear example of the challenge posed by cross-border data handling and reliance on Managed Service Providers. It underscores the significance of personal data and the obligation to safeguard it, regardless of its location.

Want to find out more about navigating data sovereignty? Check out our latest white paper here.

Do We No Longer Care About Data Breaches? - Certes

Certes Networks — Thu, 12 Mar 2026 12:09:40 GMT

Data breaches comprised of large volumes of sensitive information being compromised, stolen, or held for ransom not almost seems commonplace today but the repercussions may not be widely understood by the broader public. And, as I talk to the average person on the street, most are not even aware that large data breaches have happened compromising their personal data and potential financial security.

The year 2019 is shaping up to be a landmark one for data breaches as it has seen over 3,800 breaches which is a 50% greater increase over the last four years, according to a report published by Risk Based Security.

Despite cybersecurity concerns, 89% of breaches are the result of outside attacks and primarily due to the failure of organizations to properly handle or secure information resulting in over 3.2 billion records being exposed as of August 2019.

Risk Based Security also points to the dangers of placing sensitive data in the hands of third parties, naming the American Medical Collection Agency (AMCA) breach, in which “hackers infiltrated AMCA’s network and pilfered over 22 million debtors’ records including data such as names, addresses, dates of birth, Social Security numbers and financial details” as a critical event. “These breaches can be more difficult to manage given the multiple parties involved and can also have more damaging consequences for the individuals whose data is exposed in the event,” the report said, noting that the breach has severe consequences for AMCA, as the company “was forced into filing for bankruptcy protection a mere 2 weeks after news of the breach made headlines.”

Moreover, ransomware attacks on businesses are up 365% in 2019 with cybercriminals targeting businesses instead of consumers hoping for the “big payout.”

“Cybercriminals are searching for higher returns on their investment, and they can reap serious benefits from ransoming organizations over individuals, who might yield, at best, a few personal files that could be used for extortion or identity theft,” the report stated. “Encrypting sensitive proprietary data on any number of endpoints allows cybercriminals to put forth much larger ransom demands while gaining an exponentially higher chance of getting paid.”

As breaches, ransomware, phishing attacks and the like become all too common, there can be no more motivation than these recurring events to protect and encrypt data. With all of the cybersecurity technology and tools available today, why are these attacks becoming more prevalent and frequent? Are cybercriminals becoming more sophisticated or are they simply banking on the fact that most organizations think their data is safe when indeed it is not?

Any network can be hacked, but encrypting sensitive data, defining strong policies between applications and end-users, and enforcing these policies through enhanced visibility, lessens the likelihood that in the event of a breach, it can either be detected much earlier and/or the data hackers breach will be unreadable and useless.