The Fast Mode spoke to Vincent Lomba, Chief Technical Security Officer, Alcatel-Lucent Enterprise on new encryption technologies and their impact on today's networks. Vincent joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How has encryption impacted network and traffic visibility?
Vincent: Within an enterprise, certain network protocols are in place to protect overall network security (authentication, encryption); this can mean restrictions to certain sites and downloadable content. Encryption hinders the visibility of this traffic and makes it more difficult to apply the correct protocol: all network access across every connected device (PCs, smartphones, tablets, and more) must be monitored to ensure everything is under compliance with the network rules.
Encryption requires you to identify the packet content, this means going deeper into the analysis of the traffic and being able to tag accordingly all the packets that are transmitted over the full infrastructure. This allows you to prioritise and apply Quality of Service (QoS) to your traffic so that, for example, you don’t experience loss of audio or video during online meetings. However, the extra facilities needed in the encryption process also requires dedicated complex equipment managed by people with the relevant skills.
Employing the best team for the task will enable you to manage the network dynamically, but, in order to do so, you must first confront the encryption and determine what the traffic consists of. Aiming to allocate the correct packet or traffic size for any given sub network before verifying the type of traffic may lead to greater risk in loss of control of the dynamic management.
Choosing to encrypt the network packet without assessing the traffic content, while following certain aspects of business cybersecurity protocol, ultimately leads to a compromise in overall security and increased exposure to risk. You must find the balance between control, strong encryption algorithm that induce costly equipment, and compliance. The standard approach that, first, unencrypt the packet, identify the traffic content, and then re-encrypt once the content has been allowed, significantly increase the overall complexity.
Put simply, the major benefit of encrypting traffic is that you are able to secure the traffic on the network. However, the process of encrypting means that it increases the technical complexity and cost of the overall network operations.
Tara: What can be enterprises’ biggest network-related issues with encrypted traffic?
Vincent: Utilising a multitude of ‘flavours,’ encryption is not a standalone piece of technology. Technically speaking, different algorithms offer varying degrees of protection and the most secure encryption protocols demand the more expensive equipment. Additionally, if you have a larger network, you can never be certain that all of your hardware and equipment is of the latest spec and up-to-date.
The questions then arise on what exactly is unencrypted traffic over a very big network, and what are the consequences of that? When managing the traffic, the network security officer must have a holistic view of the network in its entirety, ensuring that each and every node, network controller, and router are compliant with the same levels of security.
The major issue here is that the oldest piece of equipment will most probably also be the weakest point, and this is particularly noteworthy in relation to businesses with offices and equipment around the globe using various different types of hardware. To securely encrypt traffic as a whole, you must know precisely what equipment is involved and ensure all components support the protocol you wish to apply.
Any old equipment, for example, above 10 years old, will have poor encryption algorithm, and will negatively impact the integrity of security across the entire network. To avoid this, you must need to apply network segregation, which means you consider each site as independent and can therefore apply security protocols which each individual site is able to sustain.
Another challenge is local regulation, which can vary considerably around the world and is often different depending on the use in various vertical markets. For example, data in a retail setting would not be expected to have encryption standards as high as those within an application of government. Therefore, for large enterprises with global operations, the holistic approach is critical from both a technical and a compliance point of view.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.
