Following on its recent acquisition of SafeNet, security specialist Gemalto has announced a multi-link, high-speed Layer 2 encryption solution designed to better protect data traveling on the networks of telcos, data center operators, cloud service providers and enterprises.
Amsterdam-based Gemalto announced the SafeNet Inc. (Nasdaq: SFNT) acquisition last August with an eye toward expanding its security capabilities further into the network core, one of Maryland-based SafeNet's areas of specialty. The $890 million deal closed in January, and this week, Gemalto unveiled its CN8000 SafeNet Multi-Link High Speed Encryptor solution, which supports encryption for up to ten 10Gbit/s links for total encrypted bandwidth up to 100G. The solution also supports multi-tenant network protection, "near zero" latency, and doesn't rely on bandwidth-diminishing network overhead to achieve encryption. (See Gemalto Launches 100G Multi-Link Encryption and Gemalto to Buy SafeNet for $890M.)
The solution arrives as high-speed network encryption, once most common in the private networks of big financial services firms, is quickly moving into the lower layers of the networks operated by telcos, data center operators and cloud service providers, as well as enterprises in other industry verticals.
"Financial services companies were the first big early adopters of encrypting data in networks, but now with growing concerns of surveillance and data breaches we are seeing increased interest across the board especially with Internet service providers, cloud providers, and telcos as well as healthcare, energy and retail companies," says Todd Moore, vice president of product management for data encryption at Gemalto.
Gemalto isn't the only on with its eyes on this trend. Broadening demand also has influenced network equipment vendors to start integrating more advanced encryption technology into their own transmission platforms. ADVA Optical Networking arguably has led the charge, extending encryption once aimed at financial networks into public transport networks and upgrading it to support 100G paths. Some vendors have been pursuing similar developments, while others have chosen to partner up with standalone product specialists. Ciena Corp. (NYSE: CIEN), for example, has an Ethernet encryption partnership with Safenet that pre-dates the Gemalto acquisition (See ADVA Opens Up Its Security Umbrella and Ciena, SafeNet Team Up.)
Moore advises potential buyers to carefully evaluate network transmission gear with embedded encryption technology. For example, regarding network overhead, he says some network equipment vendors "that offer encryption are only doing so at Layer 3, and that has a serious impact on network efficiency. These bundled solutions that have an encryption component can reduce throughput by as much as 30%. Our products are a Layer 2 encryption solution and there is very little, if any, degradation to network performance."
Also, Moore says routers that having encryptors embedded could increase overall network vulnerability if the router gets hacked. In addition, he feels that independent security specialists like Gemalto are better positioned than network equipment vendors to provide consistent, end-to-end, edge-to-core network encryption. "Most networks utilize multiple equipment vendors at the metro and long-haul portions of the networks, and our products provide a way to deploy uniform encryption platform across the entire network regardless of the switching and routing vendors they use," he says.
Naturally, however, equipment vendors who are integrating encryption with their own products feel they have the winning approach. Michael Ritter, vice president of technical marketing and analyst relation at ADVA, comments, "What we've learned from many of our customers is that they prefer integration with the transport and Carrier Ethernet equipment to benefit from the networking features. Standalone solutions typically do only encrypt the data. They do not offer networking features such as service testing and monitoring, service assurance, minimized rack space consumption, simplified operations due to integration and lower cost."
Ritter also says ADVA's gear with encryption also supports a greater mix of protocols beyond Ethernet, like Fibre Channel, Infiniband and others that are typical in the storage area networking world. He adds that ADVA now works with some reseller partners that once developed their own standalone encryption gear, but have come to see the integrated model as a better one.
It sounds like competitive game on between network equipment vendors and standalone security specialists.
— Dan O'Shea, Managing Editor, Light Reading