The fierce growth in cybercrime and the increased proliferation of network-hacking has left networks at greater risk than ever before. Cybercriminals are demonstrating a higher degree of collaboration and technical competency than ever before, resulting in increased plans for protection and regulation around the collection, storage and use of information along with severe penalties. The wide-scale adoption of cloud services in almost all industry verticals introduces additional threats originating from third-party service providers. Organizations have to consider the consequences of a supplier providing accidental, but harmful, access to their private information. Surprisingly, network connectivity services are commonly viewed as secure and are therefore overlooked by security specialists and auditors, who typically concentrate on protecting areas further up the OSI stack.
High-speed Carrier Ethernet services provide fast and cost-effective connectivity, particularly for voice, video and other latency-sensitive traffic. Accelerated by the increased availability and popularity of Carrier Ethernet services, organizations and network operators are embracing the benefits of encrypting their data in motion on Layer 2, which is faster and simpler to manage compared to traditional Layer 3 IPsec encryption. An additional major advantage is the native support of Layer 2 network segmentation for isolation of data and traffic into zones. This limits the reach of potential security leakage and isolates incidents.
Because it operates below the network layer, Layer 2 network encryption is protocol agnostic and is very attractive for high-speed data transmission. It encrypts everything – including data, control and management traffic – and sharply reduces the overhead required by IPsec by as much as 50 percent of the available bandwidth. Layer 2 network encryption is a high-performance security option that offers advantages over IPsec, particularly in unified communication environments that require superior network performance and protection of the entire connection. It can encrypt Ethernet frames at wire speed from a few Megabits per second all the way up to 10 Gigabits per second without any performance degradation.
Another benefit of Layer 2 network encryption is its simplicity. It does not require exposing routing information details to service providers, which may appeal to organizations whose policies prohibit releasing this kind of information. Management of Layer 2 network encryption is a further advantage. It generally requires only initial configuration, reducing the risk of misconfiguration and related security risks. Creating Layer 3 IPsec security policies in very large networks can get very complex and is prone to misconfiguration.
Last but not least, the integration of Layer 2 network encryption with Carrier Ethernet performance monitoring and assurance functionality enables organizations and network operators to establish a new class of secure network connectivity. Encrypted network connections carrying latency, throughput and loss-sensitive data can be tested before activation and continuously monitored while in service, guaranteeing that the desired performance characteristics are met. This capability, intrinsic to Carrier Ethernet, makes Layer 2 network encryption a superior solution to Layer 3 IPsec for all organizations relying on performance-critical communication services.