Nadradený pojem:
High-Speed Encryption
Description
As explained in the geopolitical section on page 65, end-to-end
encryption will remain a topic of much debate and consternation between
governments and industry for the foreseeable future. Regardless of any
tension stemming from this issue, however, user demand for end-to-end
data encryption with customer-held keys is increasing.
Cisco geopolitical experts anticipate that some streams and pools of data will likely remain encrypted with vendor-managed keys at least for the short term, particularly in ad-driven business models. Elsewhere, however, we should expect to see the use of end-toend encryption with customer-held keys gaining more traction, absent a legal mandate to the contrary.
Meanwhile, look for organizations to also seek more control over how they protect their data while it is in transit, particularly as it moves at high speed from one data center to another. This was once an arduous task for enterprises due to the limitations of legacy technologies and the impact on network performance. However, new approaches are making this process easier.
One solution is application-layer security, where applications are modified to encrypt data. Deploying this type of security can be very resource-intensive, complex to implement, and operationally expensive depending on how many applications an organization uses.
Another approach seeing increased traction is encryption capabilities built in to a network or cloud service to protect data in transit. This is an evolution of the traditional gateway VPN model, a solution that addresses the dynamic nature of networks and the high-speed transmission rates of data center traffic. Enterprises are using the operational and cost efficiencies provided by the new capabilities to protect data coming from any application in that environment as it travels at high speed to another location.
Network-based encryption is only one tool for protecting data, however. To ensure they are doing enough to protect their data while it is in transit or at rest, organizations should look at the challenge holistically. A good place to begin is by asking technology vendors basic but important questions such as:
Again, these questions are only a starting point for a broader dialogue about data protection that should evolve to include a discussion of topics such as data resiliency and availability.
Cisco geopolitical experts anticipate that some streams and pools of data will likely remain encrypted with vendor-managed keys at least for the short term, particularly in ad-driven business models. Elsewhere, however, we should expect to see the use of end-toend encryption with customer-held keys gaining more traction, absent a legal mandate to the contrary.
Meanwhile, look for organizations to also seek more control over how they protect their data while it is in transit, particularly as it moves at high speed from one data center to another. This was once an arduous task for enterprises due to the limitations of legacy technologies and the impact on network performance. However, new approaches are making this process easier.
One solution is application-layer security, where applications are modified to encrypt data. Deploying this type of security can be very resource-intensive, complex to implement, and operationally expensive depending on how many applications an organization uses.
Another approach seeing increased traction is encryption capabilities built in to a network or cloud service to protect data in transit. This is an evolution of the traditional gateway VPN model, a solution that addresses the dynamic nature of networks and the high-speed transmission rates of data center traffic. Enterprises are using the operational and cost efficiencies provided by the new capabilities to protect data coming from any application in that environment as it travels at high speed to another location.
Network-based encryption is only one tool for protecting data, however. To ensure they are doing enough to protect their data while it is in transit or at rest, organizations should look at the challenge holistically. A good place to begin is by asking technology vendors basic but important questions such as:
- How is data protected when it’s in transit?
- How is it protected when it’s at rest?
- Who has access to the data?
- Where is the data stored?
- What is the policy for deleting data, when and if it must be deleted?
Again, these questions are only a starting point for a broader dialogue about data protection that should evolve to include a discussion of topics such as data resiliency and availability.
Importance
High