 | |
|
|
|
|
|
|
Security Solutions
Quick Links
CipherEngine OverviewCipherEngineCompetitive Analysis
White Papers
Contact Us
Available Monday - Friday
9am - 5:30pm EST
Network Vulnerability
Assessment Tool
Secure Information Sharing at a Glance:
 There is a real need for network security
Don't protect the network, protect the stuff on the network
Until now, technology has not permitted Secure Information Sharing
5 levels of basic needs for Secure Information Sharing
1.Sending information without encrypting-no protection 2.Point-to-point tunnels-tunnels must be set-up and torn down manually 3.Router-based encryption-works with very small networks, but breaks larger networks 4.CipherEngine-no limitations and full information protection across the network 5.Protection and segmentation at the device level |
Secure Information Sharing
Print this PageThe Hierarchy
We can think of Secure Information Sharing (SIS) as having a hierarchy analogous to the model made famous by Abraham Maslow, with the "Basic Needs" which are easy to obtain at the bottom, and the higher order needs at the top.
The first three levels
At the very bottom of the hierarchy is "clear text" which is not really secure at all it is how most enterprises, financial institutions and government agencies share information. This is even true when network traffic is sent over "private" third party networks.
Then next level is basic point-to-point encryption. This "tunnel" method of encryption is only for a specific data stream, which must be set up and torn down on a case-by-case basis.
The third layer is traditional Network Encryption, which would provide SIS on a broad level except for some fatal flaws, which limit its usefulness.
The limiting factor with traditional encryption is that the method of creating a security key locks every pair of end points into a "binding" relationship. It is with large network architectures where the limitations of network wide encryption reveal themselves.
The three main problems/limitations are complexity, incompatibility with networking best practices, and decreased network performance/functionality:
- Increased Complexity: traditional network encryption is extremely complex to manage the explosion of encryption keys and security associations. Just the keys alone grow at a rate of n(n-1) where n is equal to the number of encrypted points, usually the "edge" routers in a mesh network. This complexity increases the management burden, for router-based encryption methods. It's because of this complexity that the term "brute force" is used to describe network wide encryption due to the quickly diminished returns on effort.
- Incompatibility with Networking Best Practices: In addition to the complexity issues, traditional encryption is not compatible with networking best practices such as dynamic load balancing or multicast/broadcast.
- Decreased Performance: While there may be some network operators willing do put up with increased complexity and the inability to efficiently network, there are very few who would justify decreased router performance.
CipherEngine is able to overcome ALL of the traditional limitations of network wide encryption by removing the need for the "binding" relationship between the encrypted end points. CipherEngine allows encryption and all it benefits with out the need for tunnels. The net result is that encryption is no longer complex, is compatible with networking best practices, and does not negatively impact network performance. What's more, CipherEngine works over any layer 2 or layer 3 topology including full mesh, hub and spoke and even hybrid configurations. This means that network operations can determine what network architecture works best for their particular mission, without sacrificing the ability to enable SIS.
At the top
The final layer of the SIS hierarchy puts additional intelligence into the process so that rather than encryption taking place at the network level, it can take place at the device or client level, and be based on a users login credentials. This future state of SIS, called Intelligent Secure Information Sharing (ISIS) is not out of the realm of current technology, however the ability to implement this type of solution is predicated on the ability of a solution such as CipherEngine to solve the management issue of network wide encryption at the node level. With this solution now available and gaining adoption, the nascent market for ISIS can now develop as well.
Summary
The challenge to implementing a network wide SIS strategy is no longer based on technical limitations. Rather it is a matter of overcoming long held "truths" that are no longer valid. "Man can't fly", "There is a worldwide market for about five computers" and "64k should be enough memory for anyone" were once all widely held truths. Technology breakthroughs, and their eventually market adoptions, showed them all to be false to the point of being laughable. It is now time to put another false truth to rest. Encryption does scale, it is economical, and is the best solution for SIS both in theory and in practice.
What's more, implementing a SIS strategy is a sound solution for a top of mind business problem with the additional benefit of being a simple, complete, and comprehensive way to address information security requirements.
Learn More about CipherEngine
Learn more about CipherOptics' products
The CipherOptics Network-wide Encryption Solutions easily integrate into your network. For more information or to speak directly with a CipherOptics representative about your security concerns, call us at 1-877-878-6655 or feel free to ask us a quick question.
Trademark and Legal Notices | Privacy Policy | Site Map