Silver Peak Systems Inc. is boosting the level of integrated security on its WAN optimization products, upgrading from AES-128 to AES-256 encryption. The upgrade will give IT organizations more protection when they encrypt data in transit between sites without using a separate IPsec VPN appliance.
Enterprises typically implement IPsec VPN tunnels with routers or a dedicated appliance, but this approach can add latency. By consolidating IPsec encryption on WAN optimization appliances, IT organizations can secure data without impacting performance.
IPsec VPN appliances typically add a layer of overhead that complicates transactions moving across the WAN, said Steve Borba, network security engineer for Silver Peak customer Citizens Business Bank. With IPSec functionality integrated into the WAN optimization appliance, enterprises can compress and accelerate encrypted data, unlike a router or a standalone appliance. As a result, users don't experience the same performance hits as they would if deploying IPsec on a separate appliance. "You want IPSec and acceleration right at the border of the network," Borba said. "Encryption and acceleration don't have to fight one another."
Silver Peak boosts security, offers AES-256 encryption
Silver Peak's new offering -- Accelerated IPsec -- uses AES-256 encryption, an upgrade from the AES-128 encryption that was previously offered. The addition of 256-bit encryption on Silver Peak appliances that data between data centers, remote offices and the cloud makes them more secure and in line with Federal Government best practice standards for data in flight, said Everett Dolgner, director of product management for Silver Peak. "Accelerated IPSec [with AES-256 encryption] has been driven by customer requests in light of the NSA revelations, and many users are very interested in boosting security and data protection."
"Accelerated IPsec allows IT to take advantage of data acceleration from WAN optimization, with a high level of security too," said Bob Laliberte, senior analyst at Milford, Mass.-based Enterprise Strategy Group (ESG).
Many organizations have been passing large amounts of unencrypted data between their data center and office locations across private network connections, but some enterprises are now rethinking the risks of transferring and storing data, said Andrew Lerner, networking research director for Stamford, Conn.-based Gartner. "The recent press surrounding the Snowden ordeal has some organizations very concerned about the confidentiality and integrity of their data in these scenarios. Thus, adding IPsec capability to the existing WAN optimization products is a natural progression for the market to ensure confidentiality and integrity of data in motion," he said.
More on AES-256 encryption
CipherCloud adds AES 256-bit encryption to Box
SSL acceleration, encryption questions answered
How to prevent OS cloning with AES 256-bit encryption
But offering higher levels of encryption on network devices such as routers can come along with configuration difficulties for IT, and application performance can suffer. "When you start to encrypt data -- whether at rest or in motion, there is a performance impact," Silver Peak's Dolgner said. The consolidation of site-to-site VPN security and WAN optimization addresses any potential performance issues for customers and allows applications to move securely and perform consistently, regardless of distance, according to Silver Peak.
Accelerated IPsec software with AES-256 encryption and Secure Hash Algorithm (SHA)-1 authentication -- a function used in Secure Sockets Layer (SSL) encryption -- is now available for free download onto Silver Peak WAN optimization products -- both virtual and hardware appliances -- running its Virtual Acceleration Open Architecture, the company said.
Citizens Business Bank, headquartered in Ontario, Calif., has been using WAN optimization from Silver Peak for the past few years and has recently enabled Accelerated IPsec across its virtual appliances via Silver Peak's global management console.
The bank's security auditors are happy with the more secure AES-256 encryption, and adding IPsec was a simple process for IT, Citizens' Borba said.
"Because it was so easy to enable across our entire environment, and [it was] already part of the operating system, it was a no-brainer to deploy," he said.
Consolidation in the WAN optimization space benefits the enterprise
Using Silver Peak's Accelerated IPsec for establishing a VPN eliminates the cost of a separate alliance, which aligns with the greater consolidation trend happening in the WAN optimization market and the networking space in general, Gartner's Lerner said. "[Other] traditional WAN optimization vendors -- like Riverbed and Ipanema -- are also adding features like IPsec VPN and WAN Path Control, which used to be delivered via separate and dedicated appliances," he said.
"IT has been trying to reduce or move away from relying on as many physical platforms as they can, and adding secure VPN capability alongside WAN optimization is potentially both a money-saving and space-saving opportunity," ESG's Laliberte said.