Home > Technology > Secure Information Sharing
Print PagePrint this Page

Secure Information Sharing

Secure information sharing is a concept widely used in government circles to describe the main point, or purpose of network security. Not overly concerned with protecting the network for its' own sake, the idea behind the concept is that networks exist to aid or enhance communications between people and or devices. Therefore, network security should be primarily focused on securing those communications.

The Hierarchy
We can think of Secure information sharing (SIS) as having a hierarchy analogous to the model made famous by Abraham Maslow, with the "Basic Needs" which are easy to obtain at the bottom, and the higher order needs at the top.

The First Three Levels
At the very bottom of the hierarchy is "clear text" which is not really secure at all it is how most enterprises, financial institutions and government agencies share information. This is even true when network traffic is sent over "private" third party networks. Secure Information Sharing

The next level is basic point-to-point encryption. This "tunnel" method of encryption is only for a specific data stream, which must be set up and torn down on a case-by-case basis.

The third layer is traditional network encryption, which would provide secure information sharing on a broad level, except for some fatal flaws which limit its usefulness.

The limiting factor with traditional encryption is that the method used to establish encryption keys locks every pair of end points into a "binding" relationship. This results in what is most often referred as a "VPN tunnel". The limitations of network wide encryption are quickly revealed in large network architectures.

The three main problems/limitations are complexity, incompatibility with networking best practices, and decreased network performance/functionality:
  • Increased Complexity: Traditional network encryption is extremely complex to manage due to the number of encryption keys and security associations involved. Just the keys alone grow at a rate of n(n-1) where n is equal to the number of encrypted points, usually the "edge" routers in a mesh network. This complexity increases the management burden for router-based encryption methods. It's because of this complexity that the term "brute force" is used to describe network wide encryption.
  • Incompatibility with Networking Best Practices: In addition to the complexity issues, traditional encryption is not compatible with networking best practices such as dynamic load balancing or multicast/broadcast.
  • Decreased Performance: While there may be some network operators willing to put up with increased complexity and the inability to efficiently network, there are very few who would justify decreased network and application performance.
Over the gap
CipherEngine has overcome all of the traditional limitations of network wide encryption by removing the need for the "binding" relationship between the encrypted endpoints. CipherEngine allows encryption and all it benefits without the need for tunnels. The net result is that encryption is no longer complex, becomes compatible with networking best practices and does not negatively impact network performance. What's more, CipherEngine works over any Layer 2 or Layer 3 topology including full mesh, hub and spoke and even hybrid configurations. This means that network operations can determine what network architecture works best for their particular mission, without sacrificing the ability to securely share information.

At the top
The final layer of the secure information sharing hierarchy puts additional intelligence into the process. Rather than encryption taking place at the network level, it can take place at the device or client level, and be based on a user's login credentials. This future state of secure information sharing, called intelligent secure information sharing is not out of the realm of current technology, however the ability to implement this type of solution is predicated on the ability of a solution, such as CipherEngine, to solve the management issue of network wide encryption at the node level. With the CipherEngine solution now available and gaining adoption, the nascent market for intelligent secure information sharing can now develop as well.

Summary
The challenge to implementing a network wide secure information sharing strategy is no longer based on technical limitations. Rather it is a matter of overcoming long held "truths" that are no longer valid. "Man can't fly", "There is a worldwide market for about five computers" and "64k should be enough memory for anyone" were once all widely held truths. Technology breakthroughs, and their eventually market adoptions, have shown them all to be false - to the point of being laughable. It is now time to put another false truth to rest. Encryption does scale, it is economical, and is the best solution for secure information sharing, both in theory and in practice.

What's more, implementing a secure information sharing strategy is a sound solution for a top of mind business problem with the additional benefit of being a simple, complete, and comprehensive way to address information security requirements.

Click to open larger diagram

The CipherOptics network encryption solutions easily integrate into your network. For more information or to speak directly with a CipherOptics encryption specialist about your security concerns, call us at 1-877-878-6655 or feel free to ask us a question.

Learn More About:
Application Domain Security
Network Encryption
Our Products and Services