The challenges of enterprise network encryption and security

In a blog I posted last week, I described that enterprise organizations are encrypting more of their network traffic. This is a mixed blessing in that it can protect data confidentiality and integrity but it also opens a camouflaged threat vector back into the organization. To address this risk, a majority (87%) of organizations decrypt and then inspect SSL/TLS traffic looking for things like reconnaissance activity, malware, and C2 communications, according to ESG research (note:  I am an ESG employee).

Yup, over the past five years, many organizations have slowly increased their use of SSL/TLS in homegrown web applications and adopted cloud-based SaaS applications instrumented with Layer 5/6 encryption. As this occurred, security and network professionals followed on, implementing a variety of SSL/TLS decryption and inspection tools on various network segments and multiple locations across global enterprise networks. This resulted in rather haphazard SSL/TLS decryption and inspection performed by an army of technologies and operational processes/procedures. 

Decrypting/inspecting SSL/TLS traffic has also created a number of challenges for security and networking teams. For example, 26% of security professionals claim that it is difficult to integrate SSL/TLS encryption/decryption technologies with assorted network security packet filtering technologies, 24% say that the networking team is suspicious of any technology that may impact/disrupt the network, and 22% point to collaboration problems between the networking and infosec teams at their organizations.

Why are organizations experiencing so many problems? It may be because most firms decrypt and inspect encrypted network traffic on an ad-hoc tactical basis leading to organizational and operational problems. In fact, ESG research found that: 

• 14% of organizations say that they inspect encrypted SSL/TLS traffic tactically by implementing technologies on the network on an ad-hoc or as-needed basis.
• 21% of organizations say that they currently inspect encrypted SSL/TLS traffic tactically by implementing technologies on the network on an ad-hoc or as-needed basis, but they are interested in creating a more comprehensive enterprise strategy in the future.
• 21% of organizations say that they currently inspect encrypted SSL/TLS traffic tactically by implementing technologies on the network on an ad-hoc or as-needed basis, but they are planning on creating a more comprehensive enterprise strategy in the future.
• 24% of organizations say that they currently inspect encrypted SSL/TLS traffic tactically by implementing technologies on the network on an ad-hoc or as-needed basis, but they are in the process of implementing a more comprehensive enterprise strategy in the future.
• Only 20% of organizations say that they have already implemented a comprehensive enterprise strategy for the inspection of encrypted SSL/TLS traffic.

So most organizations are decrypting/inspecting network traffic on a tactical basis today but the trend seems to point toward a more strategic approach in the future.  This begs an obvious question:  Just what does a comprehensive SSL/TLS decryption and inspection solution and strategy look like?  More on this in an upcoming blog.