Distributed Network Encryption

As security breaches continue to proliferate, enterprise corporations are looking to secure their data and network transmissions on local area networks, in addition to fortifying perimeter defenses.  There have been a multitude of new security solutions and initiatives of late, from Next-Gen firewalls to behavioral-analysis-based endpoint protection.  As corporations strive to protect their data and intellectual property, along with meeting the growing demands of auditory security compliance regulations, encryption continues to be an ongoing topic of discussion for the protection of sensitive data.

Traditionally, encryption has been considered a desirable technology for data security and secure network transmission.  However, when faced with the task of implementing one or more encryption-based security solution, it is soon realized to be complex, impractical and expensive.  Some of the challenges have been implementing the solution in a fashion that does not impede the performance of the applications that use the data targeted for encryption, as well as implementing a secure, but efficient encryption key management platform.

At the recent 2016 RSA Security Conference, VMware spoke about a new feature component of its already growing network and security solution, NSX.  VMware’s Networking & Security Business Unit (NSBU) is looking to implement distributed network encryption, as part of its NSX platform.  Although the data encryption feature is only in technical preview, it shows promise in being able to bridge the traditional gaps in data encryption implementations.  Leveraging NSX on the ubiquity of the vSphere platform, VMware looks to simplify the implementation of data encryption, by enforcing encryption and authentication policies on microsegments, using simple drag-and-drop through its data encryption interface, and rendering network traffic sniffing useless to an attacker.  This feature provides end-to-end encryption of data, including network transit.  Key management is also simplified by the use of the microsegment, as keys are used per microsegment, and isolated in the hypervisor, thus removing the complexity of key management from the security admin.  The possibilities of this feature are promising, even for enterprises looking to push workloads to the cloud.  If VMs are pushed to the cloud in the context of an encrypted logical segment, the fear of placing corporate assets in 3rd-party infrastructure lessen greatly.  If you’re interested in seeing more on this topic, check-out the presentation given by VMware’s Tom Corn, at the 2016 RSA conference.