Featured on Cloud28: Encryption – why it matters for cloud-based businesses

Why does encryption matter? Even if hackers gain access to systems, strong encryption obscures valuable data. Data passes through the public internet, shared environments, and many hands. Make sure it is as secure as possible with strong encryption.

Locks

In the era of massive cybersecurity data breach news, not even PCI or the Data Protection Directive compliance could have save Yahoo, TalkTalk or EU banks from attack. Merely complying with checklists is no longer a valid security strategy.

Is there anything left that can save our data? Strong encryption.

this article was originally posted on Cloud28+ on 8 March 2017

Encryption can make raw data significantly less valuate to hackers and criminals. Full end-to-end encryption can protect data as it travels across networks, data centres, the public internet and in the cloud.

Strong encryption obscures our valuable data so that even if malicious hackers “sniff” the data as it passes through the public internet. Without a key to decrypt the data, hackers must continue to work to understand the data. As Bruce Schneier wrote, “Encryption doesn’t protect your computer or phone from being hacked…but encryption is the most important privacy-preserving technology we have, and one that is uniquely suited to protect against bulk surveillance.”

Why does encryption matter?

Encryption is very important for your data, no matter where it is. Everything from banking to your mobile phone’s contact backup uses the public internet to connect you to your data. But the public internet is just that – public. For everything travelling across the internet encryption ensures your data is secure.

Data is at risk when it travels across the public internet as well as when it is saved on a server or on a hard drive (aka, data at rest). To guard your data as it travels across the public internet and sits on servers, encryption ensures no one else can transcribe (or “sniff”) the contents. Encryption ensures that even if third parties have access to your data, it will still be encoded and unreadable.

I’m sure you remember the Heartbleed security issue from April 2014. The vulnerability allowed programs to receive more data from servers than requested. If that data was unencrypted, hacker immediately had access to that data. But, encrypted data was more difficult to decode.

How does encryption work?

Encryption is best illustrated through an email exchange. You agree on a certain exchange a “key” or code with your trusted connections. As you send a message, your device encrypts the contents. Only your intended receiver can decode the contents.For more on the basics, check out How Stuff Works.

A quick history of encryption

Encryption has been in use for centuries to secure military documents in case messages fall into enemy hands. In World War II, the now-famous codebreakers at Bletchley Park cracked the Nazi encryption device, the Enigma machine.* The Enigma looked like a typewriter and used a series of rotor cipher, which predated other rotor machines and eventually computers.

In the 1950s, encryption became more common in businesses. In the 1970s, encryption took off with advances in both computing and an invitation from the National Bureau of Standards (now NIST) to develop better security for electronic communications.

For example, the AES cipher became popular after a 1997 NIST competition to combat brute-force attacks. In 2002, AES became a US government standard. AES was the first publicly accessible and open cipher approved by the US National Security Agency (NSA) for top secret information cryptography. Today, 192- or 256-bit key lengths are required for “Top Secret” information.

Encryption in cloud computing

Similarly to email, most cloud providers offer secure transit for data at rest in their cloud, but not traveling in and around the cloud. So if you save valuable company data in a public cloud, your provider guarantees it is safe “at rest” in the cloud but once it moves between cloud providers, data centres, and regions it could be saved “in plain text” or not encrypted. For example, the Computer Security Institute reported that 71% of companies surveyed utilised encryption for some of their data in transit, and 53% utilised encryption for some of their data in storage. That’s 29% of corporate information traveling around without any data security.

How can encryption help EU enterprises?

Some cloud providers offer encrypted data at rest, but not data in motion encryption. Amazon AWS, for example, doesn’t provide stronger AES 256-bit encryption.

VNS3 is a virtual appliance available in the Cloud28+ Cloud of Clouds service hub. European cloud users seeking stronger encryption and cloud network connectivity can use VNS3 to add strong encryption, cipher key ownership, and greater network control.

Secure your Cloud Networks with VNS3

We’re proud to announce VNS3 virtual appliance in the Cloud28+ Cloud of Cloud service hub.  The Cloud28+ catalogue brings together European cloud providers, builders, and developers and is a centralised resource for our European customers.

VNS3 can add value to European customers seeking enhanced cloud network connectivity and security solutions. European-focused security regulation, such as the EU Data Protection Directive, require additional focus on strong encryption, cipher key ownership, and greater network control.

With over 2,100 connected customers in more than 22 countries, VNS3 has provided more than 500 million devices hours of application networking for the cloud. VNS3 offers customers enhanced network services on top of the cloud platform network including VLAN peering, encryption of data in motion, firewall, multicast support and region peering.

How it works:
VNS3 is a hybrid overlay networking appliance of six devices in one: router, switch, firewall, VPN concentrator, protocol redistributor and extensible network container system. The networking appliance features mean you can do even more with VNS3 in public Cloud:

  • Multiple IPsec connections – connect back to a corporate network through an edge device, as well as connect and route to multiple edge devices. CenturyLink Cloud deployments can connect existing data centres, CenturyLink Cloud regions, or partner networks through the VNS3 networking appliance.
  • Overlay network – ensure all traffic moves through encrypted tunnels between VMs, existing networks, and across CenturyLink Cloud regions.
  • Use multicast – connect your multicast applications that use UDP and other protocols for discovery and messaging. With VNS3 overlay networks, CenturyLink Cloud allows previously unavailable protocols.
  • Federate physical data centres and CenturyLink Cloud – configure VNS3 managers in a mesh to ensure higher availability and geographic distribution across regions and nodes.

Get started – configure VNS3 with any Cloud provider in minutes through either REST API or web-based interface. From the Cloud28+ service hub, you can find deployment options and resources for getting started.

Plus, VNS3 doesn’t require new knowledge or training to implement, so you can integrate with other network equipment and your existing cloud deployments.

With added security and connectivity from VNS3, our customers easily connect flexible, secure networks to customers and partners around the globe.

Get started: find out more about the technology at and launch a free or BYOL edition of VNS3 directly from theCloud28+ Cloud of Cloud Catalogue. VNS3 has 3 editions available in Cloud28+ to match your use case.

About Cohesive Networks’ VNS3 Virtual Appliance:
VNS3 is a software-only virtual appliance that allows you to control access and network topology and secure data in motion. Control a secure, scalable, HA, meshed network distributed across multiple public and private clouds to create one logical group of federated resources.

About Cohesive Networks:
Cohesive Networks provides cloud-class security and networking software for enterprises. Over 2,100 customers use VNS3 virtual appliances to secure products and services at the application layer. With VNS3, enterprises can extend networks into public, private and hybrid clouds to provide security, connectivity, and integration.

Cohesive is a member of the Amazon Partner Network, an Amazon Marketplace Seller, a member of the Microsoft Partner Network, Microsoft Azure certified, a Google Cloud Platform authorised Technology Partner, a CenturyLink Cloud Marketplace Provider, certified HPE Helion Ready, a GovCloud provider, Cloud28+ Partner, and an IBM Business Partner. To find out more, visit our partner page

this article was originally posted on Cloud28+ on 8 March 2017

By: Margaret Valtierra