Pssst! Can You Keep a Secret?

Paul Griffiths

SteelHeads can. In fact, they have been doing so ever since the early days of 2007 when they were first able to optimise encrypted traffic.

It started out with SSL and a Riverbed patented method of ensuring that certificates used in the secure communication of applications never left the confines of the data centre. Using this technique enabled thousands of Riverbed customers around the world to accelerate their most confidential traffic all the way from client to server and back again, without compromising their security.Private Confidential

Expanding all the productivity and cost saving benefits of WAN optimisation beyond data “in the clear” to include encrypted traffic as well, meant IT leaders could continue to justify their investment in the technology. Not only that, but businesses as a whole could continue reaping the rewards of application acceleration, whilst maintaining encryption and remaining compliant.

Over the last ten years, as always, Riverbed continued to develop the capability, supporting newer versions of SSL and encryption ciphers, but also signed and encrypted SMB filesharing, encrypted email (both for Microsoft Outlook-Exchange as well as IBM Lotus Notes), and even encrypted terminal services like Citrix ICA.

Without diving into the technical details, it is simply a case of telling the SteelHead what encrypted protocols it is expected to optimise and giving it the tools for the job (certificates and keys).

Great! But that was yesterday, what about today and tomorrow?

As we all know, security is a constantly changing environment. To remain secure means a constant monitoring of our surroundings and looking out to the horizon, at the same time as ensuring the latest measures are in place to keep everything safe and sound.

As an example, the impact to productivity, cost of recovery, loss of faith, customer loyalty and just plain embarrassment that came with last year’s WannaCry outbreak, has forced those who continually postponed their security updates to finally get their house in order.

Don’t forget your SteelHeads!

When you update the security mechanisms across your IT systems, make sure your SteelHeads are still properly equipped to handle all the latest dialects and ciphers. They can, and do, support TLS1.2, Elliptic Curve Cryptography, as well as signed and encrypted SMB3.1.1. SteelHeads just have to be given the tools to do the job. In most cases it’s simply a case of installing the latest software and checking the configuration settings. In other words, it’s just like you have done on your applications, clients, servers, firewalls, IDS/IPS, VPNs, etc. etc.

What happens if your SteelHeads aren’t prepared?

Wan Optimisation SteelHeads Aren't PreparedWell, imagine you arrive at your place of work to find that over the weekend the old padlock on the front door has been replaced with a nice new electronic lock attached to a keypad? If you don’t know the combination and all you have in your pocket is a key to the padlock that is no longer there, there’s nothing you can do but wait outside until somebody tells you the entry code so you can get in and start working. Same thing for the SteelHead, keep it updated and it will continue to provide all the optimisation goodness and remain a valuable asset to the business and your users. Otherwise, it’ll spend its days loitering aimlessly outside with less and less to do. What a waste!

Don’t compromise on security or performance.

In a world where more and more applications are cloud hosted and accessed via internet connectivity by users and client devices that could be anywhere, getting good performance using WAN optimisation is even more vital than it was in the past. But productivity and global connectivity should not come at the expense of security. You shouldn’t be forced to use weaker encryption just because your WAN optimisers can’t do the job. In some cases, there will soon be no choice. But remember, it’s no secret, SteelHeads can.

No Responses to “Pssst! Can You Keep a Secret?”

Leave a Reply

Your email address will not be published. Required fields are marked *