Often we are asked at which layer in the OSI model should we introduce network encryption and what are the best products; should we use hardware appliances or software? Clearly, there is never a single solution which fits all business requirements.
Many of the corporations we have consulted for have numerous hardware and software based deployments, while a smaller business may have a single IPSec tunnel at layer 3 and 4.
Many corporate customers need Layer 2 standalone network encryption platforms such as:
The Thales Datacryptor IP (DCAP-IP) standalone network encryption appliance.
The SafeNet family of high speed encryption products - possibly with the option to use their “CypherManager7” management feature.
The Centauris product range of high performance Layer 2 wire-speed encryptors might be an attractive option.
The Arcis solution.
The products above are a selection of some the major appliances we have helped evaluate and deploy for our customers.
Often hardware appliance devices at layer 2 are one problem solved.The need for ad hoc encryption for more general point-to-point requirements between business partners often requires something like: Sterling Connect Direct Secure Plus or an alternative SFTP, SSH solution.
The important thing for us is to ensure that we listen to and understand a customer’s requirement in this area, as all of these appliance solutions can be very expensive and they need to be underpinned with robust PKI and key management.
They also have to be configured correctly.They have to be compliant with the appropriate regulatory standards and the licenses purchased have to be fit for purpose.
We are in a position to share what we have learned, and offer vendor neutral advice for hardware and software solutions, so contact us anytime.