Security and Privacy on the Encrypted NetworkBy Mike Rothman
We have been writing extensively about the disruption currently hitting security, driven by cloud computing and mobility. Our Inflection: The Future of Security research directly addresses the lack of visibility caused by these macro trends. At the same time great automation and orchestration promise to enable security to scale to the cloud, in terms of both scale and speed. Meanwhile each day’s breach du jour in the mass media keeps security topics at the forefront, highlighting the importance of protecting critical information.
These trends mean organizations have no choice but to encrypt more traffic on their networks. Encrypting the network prevents adversaries from sniffing traffic to steal credentials and ensures data moving outside the organization is protected from man-in-the-middle attacks. So we expect to see a much greater percentage of both internal and external network traffic to be encrypted over the next 2-3 years.
Our Security and Privacy on the Encrypted Network paper tackles setting security policies to ensure that data doesn’t leak out over encrypted tunnels, and that employees adhere to corporate acceptable use policies, by decrypting traffic as needed. It also addresses key use cases and strategies for decrypting network traffic, including security monitoring and forensics, to ensure you can properly alert on security events and investigate incidents. We included guidance on how to handle human resources and compliance issues because increasing fraction of network traffic is encrypted.
We would like to thank Blue Coat for licensing the content in this paper. Without our licensees you’d be paying Big Research big money to get a fraction of the stuff we publish, free.