The cloud and mobility are disrupting how IT builds and delivers value to the organization. Whether you are moving computing workloads to the cloud with your data now on a network outside your corporate perimeter, or an increasingly large portion of your employees are now accessing data outside of your corporate network, you no longer have control over networks or devices. Security teams need to adapt their security models to protect data. For details see our recent Future of Security research.
But this isn’t the only reasons organizations are being forced to adapt security postures. The often discussed yet infrequently addressed insider threat must be addressed. Given how attackers are compromising devices, performing reconnaissance to find vulnerable targets and sniffing network traffic to steal credentials, at some point during every attack the adversary becomes an insider with credentials to access your most sensitive stuff. Regardless of whether an adversary is external or internal, at some point they will be inside your network.
Finally, tighter collaboration between business partners means people outside your organization need access to your systems and vice-versa. You don’t want this access to add significant risk to your environment, so those connections need to be protected somehow to ensure data is not stolen.
Given these overarching trends, organizations have no choice but to encrypt more traffic on their networks. Encrypting the network prevents adversaries from sniffing traffic to steal credentials, and ensures data moving outside the organization is protected from man-in-the-middle attacks. But no good deed goes unpunished. Encrypting network traffic impacts traffic inspection and enforcement of security policies. Encrypted networks also complicate security monitoring because traffic needs to be decrypted at wire speed for capture and forensics. Encrypted traffic also presents compliance issues and raises human resources considerations around decryption, which must be factored into your plans as you contemplate driving network encryption deeper into the network.
In our new series, Security and Privacy on the Encrypted Network, we will discuss how to enforce security policies to ensure data isn’t leaking out over encrypted tunnels, and employees adhere to corporate acceptable use policies, by decrypting traffic as needed. Then we will dive into the security monitoring and forensics use case to discuss traffic decryption strategies to ensure you can properly alert on security events and investigate incidents. Finally we will wrap up with guidance about how to handle human resources and compliance issues as an increasing fraction of network traffic is encrypted.
We would like to thank Blue Coat Systems for potentially licensing the paper when this project is complete. Without our clients willingness to license our research you wouldn’t be able to access this research for the low low price of $0…