​DataDiodes at Sentyron: how it works, what it enables, and why it is so powerful

By Jef Pauwels, Sentyron

Introduction

In more and more environments, digital threats are growing, and the need to separate critical systems from less trusted networks is increasing. As a Product Manager at Sentyron, I see every day how our data diode solutions help organizations protect vital networks, while still allowing secure data exchange.

In this article, I will provide a clear and complete overview of:

1. What exactly a data diode is and how it works
2. The specifications of our Sentyron DataDiode
3. Real-world use cases
4. The clear advantages
5. Key considerations for implementation

What is a data diode & how does it work?

A hardware data diode (also known as a “one-way gateway” or unidirectional gateway) is a physical solution that only allows data to flow in one direction between two networks. This is not just a software firewall rule, but a physical mechanism that prevents any return flow of data to the higher or more secure network.

How does the Sentyron DataDiode work?

Key elements:

• There is a true physical separation: the transmitter (outgoing side) and receiver (incoming side) are designed so that no return path is possible.
• This is often achieved using an optical (fiber) connection to guarantee unidirectionality. Other implementations use hardware components with transmit-only or receive-only functionality.
• A data diode solution breaks standard network protocols and reduces communication to one-way traffic (UDP).
• To enable more complex data exchanges (e.g., monitoring, logging, analytics), additional components such as data filters, protocol proxies, or agents can be deployed.
• Goal: maximize confidentiality, integrity, and network segmentation, while minimizing risks of malware, unauthorized access, insider threats, or configuration errors.

Sentyron DataDiode Ruggedized Edition: specifications & distinguishing features

Here are the key properties of our data diode, recently certified, and what makes our product stand out:

• Certification level: EAL7+. Among the highest assurance levels worldwide.
• Data throughput: Available in 1 Gbps and 10 Gbps variants.
• Military/robust design: Ruggedized: compliant with MIL-STD-810G (shock), MIL-STD-810F (vibration), and operational in wide temperature ranges from -20 °C to +60 °C. Resistant to electromagnetic interference (EMI) according to EN 55035 (2016).
• TEMPEST / emission protection: TEMPEST SDIP-27/A compliant by design.
• Formal approval for sensitive/classified data: Certified by the Dutch General Intelligence and Security Service (AIVD) for use up to Stg Zeer Geheim (“Top Secret”) and NATO “Cosmic Top Secret.”

Thanks to these certifications and rugged construction, the Sentyron data diode is suitable for highly demanding environments such as defense, critical infrastructure, offshore, and other “extreme” contexts where risks cannot and must not be tolerated.

Use Cases

Military & Defense environments

• Transmitting tactical data (e.g., surveillance, sensors, field information) from less secure networks to command centers, while eliminating backflow and attack surfaces.
• Collaborating with allies or non-NATO networks, where data must be received without introducing vulnerabilities. Our Ruggedized Edition is used in such integrations.

Critical Infrastructure & Operational Technology (OT)

• Power plants, water treatment, transport (rail, metro), oil & gas often use legacy systems with limited built-in security but high volumes of process data.
• These systems must run continuously. A data diode allows monitoring, logging, and analytics without exposing OT to external threats from IT networks.
• In OT, the data diode serves as a secure bridge to IT, safely exporting sensor data, status, alarms, etc., while preventing malware from infiltrating OT.

Industrial environments

• Both IT and OT environments frequently share specific data with suppliers (predictive maintenance), business units (procurement, logistics), brokers, governments, and customers.
• A diode protects all collected information against external risks.

Image & video streaming, surveillance

• CCTV and monitoring systems often need external access to footage, but must not be open to manipulation or intrusion. Data diodes enable secure one-way export.
• Used in smart city and rail infrastructure projects. Sentyron has deployments in railway networks where operational data must be shared securely.
• Conversely, SOCs or control rooms aggregate large amounts of data (cameras, sensors, emergency services). These environments must not leak data, and all upstream data providers must also remain protected.

Secure updates & patching

• Highly classified networks need software updates and patches but cannot allow direct connections to less trusted networks or the internet.
• A data diode allows updates to be imported securely without opening the network to external threats.

Logging, monitoring & analytics

• Export of logs, alarms, and status data from secure networks to monitoring systems/SIEM without allowing inbound access.
• Database replication of non-critical data to analysis platforms or cloud for business intelligence. Common in industry and financial sectors.

Regulatory compliance

• Sector-specific requirements (defense, nuclear, critical infrastructure) mandate isolation of certain systems.
• European regulations such as NIS2 require strict segmentation and protection; data diodes help achieve compliance.
• Governments, intelligence services, and law enforcement with classified data levels (“Confidential,” “Secret,” “Top Secret”) rely on diodes for compliance.

R&D and trade secrets

• Organizations engaged in innovation and research are vulnerable to espionage.
• Data diodes are used to separate sensitive internal networks or backup servers from broader corporate networks.

Also read part II, where we go into details about the benefits of the data diode.