ADVA Moves Encryption Into Software to Protect Cloud-Based Apps
AUSTIN, Texas -- Big Communications Event -- ADVA today announces an expansion of its encryption capabilities to the software level, which will allow network operators and enterprises to encrypt data at rest and in transit in the hybrid cloud environment, bringing a new level of security.
The company claims to be the first to offer virtualized encryption end-to-end for the multicloud world in which everyone is living today. By moving encryption into software, ADVA is offering a higher level of security for cloud-based applications that hasn't been possible before, says Prayson Pate, CTO of the company's Ensemble unit.
"If you can do encryption in software as opposed to appliances, now you can have end points in the cloud, whether it is all the way out in the public data center or in your own hybrid deployment on site, or out at a branch office," he says. "You can now do full end-to-end encryption."
Until now, securing cloud-based applications meant relying on the application software itself, Pate says, and trying to enforce best practices in use of that software across an entire enterprise is daunting. Most security assessments point to the failure of companies to have blanket enforcement of security best practices -- things like software patches and updates regularly done -- as a primary cause of data breaches.
"If you are an enterprise, you may not have the discipline or experience or enforcement to make sure everybody's following best practices," Pate says. "If you can encrypt things at the network level, then you can create a secure infrastructure where people can deploy their applications."
Other current options, such as using IPSec, are much less efficient because they come with heavy overhead, Pate adds. ADVA's approach is based on its Ensemble Connector and offers zero-touch provisioning of software-based encryption to thousands of endpoints in minutes, according to the company. The software can be hosted in the cloud or at the customer premises, in a universal CPE appliance, gaining all the benefits of being a virtual machine or container deployment on a COTS server. And it enables encryption at Layer 2, Layer 3 or Layer 4, giving an enterprise flexibility on its approach.
"It gives you a toolbox to match the encryption to the applications," Pate says. "You really need a layered approach, there is no silver bullet. This is a piece of the puzzle and it does provide a broad swath of protection."
— Carol Wilson, Editor-at-Large, Light Reading