Adding Agility to Cyber Security
27th April 2020
It may sound obvious, but not all encryption solutions are the same. Different solutions offer different degrees of data protection assurance. Those that offer the greatest level of assurance are, naturally, favoured by security-aware organisations.
The trouble is, not all these organisations could be considered “the good guys”. Hence, the calls in recent years by law enforcement to mandate backdoors in what the FBI itself referred to as “unbreakable” encryption.
In our experience, government and commercial organisations alike mandate “unbreakable” encryption as it also typically offers an independently certified standard of data protection.
If resources like the Thales Data Threat Report have taught us anything, it’s that data breaches are inevitable. When breach prevention technologies fail, the best way to ensure your data doesn’t fall into the wrong hands is to protect the data itself with what the GDPR calls “strong and effective” encryption”.
High-assurance encryption solutions (like those developed by Senetas) provide end-to-end, authenticated encryption and feature client-side-only key management and standards-based algorithms. They help protect data in motion across networks operating at anything from modest 10Mbps to ultra-fast 100Gbps bandwidths.
Adding agility to security
The cybersecurity landscape is a diverse one, with threat vectors constantly evolving. In addition to high-assurance encryption security, we are seeing an increased demand for scalable, flexible solutions that offer a degree of future-proofing against these emerging threats. Something we call crypto-agility.
Agility is as much about choice as anything else. When it comes to data encryption, there is no single “right” answer. Customers may have any number of reasons why they require their own external source of entropy (randomness) for key generation.
They may want to “draw” their own elliptic curves, utilise a specific type of algorithm or use S-Box to produce substitute values in the tables to obscure the relationship between keys and ciphertext. That’s why we use an FPGA encryption engine; so, our clients can customise their encryption solution to meet their specific security needs.
Network Independent Encryption
Senetas hardware has set the standard for secure Layer 2 encryption for many years. However, as networks have evolved to become increasingly visualised and borderless, there is a greater demand to add encryption security at Layers 3 and 4.
Developed specifically for today’s multi-layer networks, Network Independent Encryption provides end-to-end encryption security without the typical performance and bandwidth costs associated with IPSec encryption solutions.
With Network Independent Encryption it’s possible to implement a single, best-of-breed solution that delivers a number of benefits including:
- High-performance, end-to-end encryption
- A single solution for both Ethernet and Internet networks
- Flexibility and ease of use, independent from the underlying carrier network
- Destination and security policy-based encryption
- Tunnel-free, data flow encryption efficiencies
- Reduced management and bandwidth costs
- Near zero latency and data overheads
Quantum-Safe Cryptography
As we approach the dawn of a new, quantum computing era, we are increasingly being asked how today’s encryption technologies will fare in the face of an exponential increase in processing power. The long-term value of sensitive data, including everything from military secrets to personal medical records, means that data stolen today could be stored and decrypted sometime in the future.
Our crypto-agile hardware and software encryption solutions are compatible with a range of quantum-safe encryption technologies, including quantum-resistant algorithms and quantum key distribution (QKD).
QKD has already proved itself in real-world applications and is being used to guard against eavesdropping and ensure provable forward secrecy of data in a variety of government, telecommunications and financial services applications.
IT security professionals should be planning for the impact of the quantum computer by introducing crypto-agility today.