The Fast Mode spoke to Patrick MeLampy, Juniper Fellow, Juniper Networks on new encryption technologies and their impact on today's networks. Patrick joins us in a series of discussions with leading vendors in the traffic management, service assurance, traffic monitoring, analytics, policy control and network security space, assessing various attributes of encryption, its benefits as well as the challenges it poses, specifically loss of visibility that makes networking increasingly complex.
Tara: How has encryption impacted network and traffic visibility?
Patrick: No one can argue against the importance of encryption. Organizations must protect the traffic traversing the network – and, of course, the network itself. That said, encryption also takes up bandwidth and adds overhead, both of which add additional costs to the bottom line.
As traffic moves through tunnels to get from one location to another, the tunnel adds encryption. Tunnel-based encryption reduces the visibility of network traffic. When tunnels are used, there is visibility into the overall performance of that tunnel, but not into the performance of individual applications.
Taking a session-oriented approach to your network traffic eliminates any extra encryption, enables end-to-end, fine-grained control and visibility of all traffic, and helps make segmentation and prioritization easier for network teams.
Tara: How does encrypted traffic impact networking functions such as routing, switching, load balancing, network slicing, etc?
Patrick: When traffic travels through tunnels to get to its destination, the tunnel adds encryption. This ensures that all traffic is protected and secure, no matter where it originated from or where it’s headed. Along the way, every tunnel that traffic enters adds protection or encryption.
Encryption also adds bandwidth, increasing overhead and costs – and ultimately slows traffic on its journey. Those additional costs and bandwidth requirements can frustrate network teams, while the slowing down of traffic can frustrate end users, especially when that traffic is critical to supporting remote or hybrid work.
Tara: How does encryption affect network security?
Patrick: The reality is that not all traffic needs to be encrypted when it crosses the organization’s network. Most traffic is already encrypted at the application level. If all traffic is sent through a tunnel, and encrypted again, then most of it has now been double encrypted, wasting precious time and resources with an unnecessary process.
Taking this a step further, since voice and video traffic are latency and jitter sensitive, double encryption can have an undesirable impact on business operations – an effect that is even more visible given the nature of work today.
Tara: What technologies/techniques can potentially help in delivering visibility into encrypted traffic?
Patrick: The way to gain insight as needed, without limiting security protections is quite simple - it comes down to eliminating unnecessary double encryption.
By incorporating smart routing technology into your network instead, tunnels can be eliminated and network teams can gain visibility into the type of traffic that traverses their networks. This enables teams to prioritize important traffic over other traffic – and re-route specific traffic as needed to ensure top performance and an excellent end-user experience.
Understanding the traffic on your network also means you can detect if traffic has already been encrypted – and then direct said traffic to not be re-encrypted. This process empowers organizations to give different traffic different security and encryption policies, based on what that traffic is. By doing so, bandwidth, overhead and costs are improved as well.
This interview is a part of The Fast Mode's Real-time Visibility for Encrypted Traffic segment, featuring 34 leading IP networking solution providers and their views on the impact of encryption on traffic visibility. A research report on this topic will be published in February 2023 - for more information, visit here.