Certes Networks Releases Virtual Security Appliance - the Industry's First Scalable Network Encryption Solution for the Cloud


Encryption solution makes the cloud safe for sensitive workloads by protecting network traffic inside IaaS clouds and between customer locations

Pittsburgh, PA, April 17, 2012 Certes Networks, the leader in scalable network encryption solutions, today announced the vCEP (virtual Certes Enforcement Point), the industry's first scalable network encryption solution for the cloud. The solution will fill a gap in the market for Enterprises and Government organizations that are looking to move to off-premise cloud environments, but view the lack of security as a blocking issue.

"Encryption is seen as a way to protect critical information as it moves from private clouds to public cloud-based services; however, the need to encrypt network traffic among servers in the cloud to protect it from attacks within the cloud is equally important," said Gartner Analyst Neil MacDonald. "Organizations increasingly realize that in addition to controlling the encryption keys and what is encrypted, they need to authenticate the source of the data and to maintain its integrity as it traverses the shared cloud network."

The vCEP is a virtual appliance that allows organizations to protect sensitive network traffic among virtual servers and between clouds without using tunnels. It encrypts network traffic from Infrastructure as a Service (IaaS) cloud infrastructures to data centers across the WAN, and from server to server within the cloud.

While the cloud provides a compelling case for cost savings and operational efficiency, the lack of a cloud-compatible security solution has kept IaaS off limits for sensitive and regulated workloads. The Certes Networks vCEP solution promises to open up the benefits of the cloud to all classes of data, allowing companies to adopt these emerging technologies based on cost and efficiency models without the added complexity of regulatory considerations.

Existing solutions typically use tunnel technologies such as IPSec or SSL/TLS to protect network traffic to the edge of the cloud network, but traffic among servers within the cloud network often remains unprotected. Tunnel-based solutions have limited applicability within cloud networks due to issues with scalability, management and performance.

The vCEP is enabled by Certes Networks' Group Encryption technology, which the company pioneered six years ago and has been proven on hundreds of production customer networks. The solution is ideally suited for network encryption in virtualized and cloud environments due to its elegant scalability, easy management and ability to allow policies and keys to be controlled centrally by the cloud tenant. Group encryption eliminates the need to negotiate keys on a point-to-point basis, which becomes intractable as the number of endpoints grows. The vCEP allows for highly scalable, full-mesh encrypted network protection among servers, no matter where they reside.

"Our group encryption and policy and key management technologies, that enable this exciting breakthrough in cloud security, have been proven in over ten years of deployments in Wide Area Network encryption for government agencies, financial organizations, and global enterprises," said Thomas Gill, CEO of Certes Networks. "Certes Networks has leveraged these proven technologies to provide a solution that makes the cloud safe for sensitive workloads. Our customers have identified security as an enabling technology for adoption of cloud based infrastructures and we are proud to be able to provide a solution that can both protect data and enable overall reductions in IT costs."

Certes takes a revolutionary approach to cloud security by protecting network traffic inside and between IaaS clouds. The vCEP solution focuses on four key areas:

Scalable Group Encryption: With TrustNet group encryption, keys are centrally generated and securely distributed to all of the authorized group members (as defined in Certes TrustNet Manager). Each group member can communicate securely with the other members without the performance and maintenance overhead of tunnels. Unlike tunnel-based solutions, group encryption is designed to scale to protect thousands or even tens of thousands of servers. Scalability is an essential consideration when designing cloud security solutions today, as many analysts expect twenty to fifty percent annual growth in the number of servers deployed in IaaS clouds in the coming years.

Encryption without Unprotected Gaps: As a virtual appliance that resides on the same server as the virtual servers that it protects, the vCEP protects sensitive network traffic inside the cloud provider's network without leaving gaps where the data is not protected.

Secure Isolation from other Cloud Tenants: As part of the Certes TrustNet solution, the vCEP provides persistent authentication to ensure continuous data integrity. The combination of authentication and encryption provide cryptographic isolation among cloud tenants. Cloud providers today typically offer only logical separation that can break down and allow one tenant to attack another due to misconfiguration, unauthorized wiretaps or man-in-the-middle attacks. Data that is encrypted and authenticated using keys managed by the cloud customer is not susceptible to these types of attacks.

Client Control of Encryption Keys: An important benefit of the vCEP is its ability to allow the client to maintain control of their own policies and encryption keys. This is essential for regulatory compliance, and it protects both the data owner and the infrastructure provider. The vCEP provides a safe harbor for most data privacy regulations by leveraging Certes TrustNet standards-based encryption that has been deployed and proven across a broad range of industries to achieve compliance for data privacy including finance, healthcare, government, retail and utilities. Client control of policies and keys also benefits the cloud provider by removing the potential legal burden associated with being in possession of the encryption keys.

The vCEP is interoperable with existing Certes Networks Variable Speed Encryptors (VSEs), which gives customers the choice of using a physical or virtual appliance. New and existing Certes customers can securely adopt or migrate to cloud infrastructures and expand or contract virtual resources seamlessly, without creating security gaps in existing data center and enterprise networks. Using Certes TrustNet Manager security for all networks can be managed from a central web-based management console.

About Certes Networks
Certes Networks protects data in motion. The company provides advanced data protection solutions for both physical and virtual networks that enable secure connectivity over any infrastructure without compromising performance or availability. Customers rely on Certes Networks to protect data, decrease risk and reduce the cost of compliance by enabling secure connectivity to critical infrastructures. Learn more about Certes Networks by visiting www.CertesNetworks.com.