Encryption on the chip to boost security online
On-processor encryption now provides an opportunity to add value with strategic advice for all users, says Calum Macleod
Hardware manufacturers are beginning to embrace the concept of chip-level encryption, and the related reduction in transaction processing loads this will bring is very good news indeed.
Previous attempts to integrate encryption at the chip level have increased processor overheads. These latest moves are based on the concept of supporting hardware-based cryptographic acceleration for increased security, without affecting availability or business continuity.
This new breed of chip will help tackle one of internet communication's weak points: the fact that most data is exchanged without any protection against eavesdroppers, hackers or thieves.
At the moment it is used only in some communications, such as credit card payments and online banking, where the industry standard is to encrypt the information that users and websites send each other. Encrypting communications requires extra work, processing information from web servers and software.
This advance centres on the use of dedicated instruction sets and on-processor computing engines. As such, the overall effect on the host processor will be negligible.
The larger the company and the more ubiquitous encryption becomes for both in-motion and static data, the more difficult it becomes to manage the growing volumes of encryption keys and digital certificates.
In the enterprise, key management processes start to assume major significant and operational focus in IT departments that are almost certainly already running at full stretch. The move to processor-based encryption will gather pace.
The opportunities for the channel are good. Not only is there a good business to be made in on-processor chipsets from established vendors, but new vendors are emerging. Reducing the cost of securing web traffic will encourage encryption and there will be more development of applications that require encryption.
Chip-level encryption could perhaps even allow all traffic to be encrypted. The new designs can support extremely fast and efficient calculations. And applications are more vulnerable when they reside online instead of on a hard drive.
Intel and other chip manufacturers are also adding encryption cores to chips designed for use in web servers. Some companies may consider it more practical to use regular chips with limited encryption functionality than to buy additional, specialised processors.
Resellers need to engage with the market quickly and target the higher-value SMBs.
At the same time, the effective management of encryption keys and certificates is also likely to become a headache for those IT departments that have not implemented sound encryption management processes and automation.
With automation comes the ability to enforce security policies, ensure proper segregation of duties, secure critical information, and assist in the continual process of achieving regulatory compliance.
With Basel III, the Companies Act and PCI DSS version 3 (which is just around the corner), it has never been more attractive to automate the discovery, monitoring, security and management of these mission-critical security instruments such as keys and certificates from the datacentre to the cloud and beyond.
So long as the channel markets creatively around this advice and shows potential buyers where the real value lies, there is money to be made.
Calum Mcleod is EMEA director at Venafi