How to Avoid Crypto Chaos – An interview with Adam Boone of Certes Networks


Adam Boone mugshot pic3Brilliance Security Magazine had the pleasure recently of spending some time chatting with Adam Boone, Chief Marketing Officer, Certes Networks.  Always with an eye looking for people and companies that provide a unique and valuable service to the security industry, we think we found one in Certes Networks

Adam, although relatively new to Certes Networks, is a veteran of the IT and Infosec world.  His background includes expertise in networking, fraud detection, intrusion detection, and encryption technologies.  He says he joined Certes Networks, about a year ago, because he was particularly impressed with the technologies they have created for protecting data in motion.

What They Do

A 15 year old company, Certes Networks does one thing and one thing only.  They provide software solutions for protecting data in motion.  As readers of this publication will clearly understand, data is always in one of three states; Rest (storage), Use (computation), or In Motion (moving between the other two states).  Certes Networks focuses only on the protection of data in this state of being in motion.

Adam describes the company’s focus as “providing solutions that allow an enterprise to very tightly control how data is moving between their data center, or the cloud, and their other computing and storage resources… data moving between those things and the users.”

How They Do It

Certes Networks protects data in motion with the only tried and true method Certes_Logo_Blueavailable – encryption.  Encrypted data, with well managed and protected keys, is as safe as data is going to get.  Infosec professionals understand this and sophisticated users understand this, but still many are slow to adopt and embrace encryption.  This is likely attributable to what Adam calls “Crypto Chaos”; the often fragmented use and application of encryption.  It can be an arduous task to encrypt data end-to-end and when you’re done you will likely find that the performance loss is unacceptable.  Adam was careful not to disclose too much about their “secret sauce” but the following will give you an idea of what they are all about.

But, What About Performance?

The bane of encryption technologies has always been the high price paid in reduction of performance on the network.  Certes Networks’ website describes it as being “like buying a sports car that can go 150 miles an hour, but if you put on your seat belt it can only go 40.  What’s the point of speed if you can’t also be safe?”

Certes claims to have found a solution to this dilemma thanks to two innovations in cryptography they have pioneered.  The first is distributed policy enforcement that is segregated and separate from the network.  Policy enforcers are distributed along the network in such a way that no individual enforcer is required to assume the full computational burden.  Policy definition is managed centrally but then broken up into bits and pieces that are then distributed to where they are required.  

The second performance innovation is encryption key management.  Certes Networks uses group keying wherein keys are generated and managed centrally but a component of the key is distributed to each enforcement point.  In this way, no full key exchange has to take place at any point and no full key ever traverses any link, yet each point can be fully authenticated and share in the group key.  Keys can also be rotated on a universal schedule.

Use Cases

An example of a typical use case for their Cryptoflow B2B solution is a large enterprise that needs to manage a work order process.  An enterprise of this type will need to share data with contractors and vendors in order to get support operations completed and information about those operations reported back to the enterprise.  The Cryptoflow solution allows the enterprise to designate which external applications they will share data with and, regardless of where they reside, these applications can be controlled and viewed from a single interface.  Even beyond their firewall, authorization and access are managed, data is encrypted, and collaboration with a third party vendor is allowed while data is protected.  

A use case that illustrates their Cryptoflow LAN solution would be centered around the idea that, in an effort to protect against an insider threat, an enterprise can treat their internal network similar to a non-trusted network.  With great granularity, the enterprise can determine where users are allowed to access and where they are not.  They can set up Cryptoflows that allow each user access to the enterprise’s various applications based on their role and work process.  Role based access can be enforced in real-time and can be applied across any authorized device, including personal devices.

Certes By The Numbers

Certes Networks provides real-time access control and strong encryption.  They boast over

  • 7300 products deployed in
  • 84 countries around the world.  Their solutions are used by
  • 130 governments to protect their most sensitive communications and data flows.  
  • 158 of the world’s largest banks and credit card companies are using their solutions for compliance issues.  They own
  • 13 patents (10 granted and 3 pending) protecting their innovations.

 

As always, Brilliance Security Magazine disclaims that we have not tested products and solutions from Certes Networks so this article is not a product endorsement.  We can say, however, with complete confidence that anyone concerned with protecting data in motion will be well served by looking deeper into what Certes Networks has to offer.  You’ll find their website full of video presentations and useful documentation.  Take a look!