Based on proven standards like Secure Sockets Layer (SSL) and Transport Layer Security (TLS), encrypted communication is, unquestionably, growing rapidly. NSS Research found that 25% to 35% of network traffic is encrypted within most organizations today, and will continue to rise 1. Due to growing data security, privacy and compliance concerns, organizations worldwide are utilizing more SSL encrypted traffic. Additionally, Gartner believes that by 2017, more than half of the network attacks targeting enterprises will use encrypted traffic to bypass controls 2. Although the increasing pervasiveness of Cloud and mobile-based services offers significant benefits to enterprises, the encrypted traffic that protects data from being viewed within these modern applications also creates a blind spot that can be exploited by advanced threats and malware.
Research conducted by Canadian broadband management company Sandvine, found that the number of Internet users encrypting their online communications has doubled in North America, and quadrupled in Latin America and Europe over just the past year 3. The rise in SSL encrypted traffic is not restricted to desktops, as the mobile community is also using increasingly more encryption for communications. While the encrypted internet traffic figures are not tremendously large – at 6.1%, 3.8% and 10.4%, respectively – the overall growth is significant to users and businesses worldwide as it may be a harbinger of new security models.
Data breaches and other activities have spawned a renewed interest in privacy and policies protecting confidential user data, so the increased use of encryption is really not that surprising. Web and content service providers like Google, Dropbox and Salesforce.com, as well as application developers such as Yahoo, Amazon Web Services (AWS) and Microsoft, have been migrating to encrypted communications as a default for some time.
Perhaps what’s of greater concern is the rapid increase in advanced persistent threats (APTs) and malware that hide in encrypted traffic and evade detection by conventional security tools. In fact, advanced malware and encrypted traffic played a role in almost every major breach in 2013 and 2014. While more than 25% of outbound web traffic is now encrypted, 80% of security systems do not recognize or prevent threats within SSL traffic 2.
To identify hidden threats to the business, enterprises need complete visibility into the encrypted traffic coming in and out of the network. However, to comply with local privacy regulations that protect certain classes of data — such as financial or health-related — as well as with corporate policies on the acceptable use of applications, organizations must be able to selectively decrypt network traffic. An encrypted traffic management strategy that considers the various business needs, the corporate policies established, and the compliance mandates for your industry is essential. Click here to learn more about Blue Coat’s encrypted traffic management products.
1 W. Pirc, "SSL Performance Problems: Significant SSL Performance Loss Leaves Much Room for Improvement," NSS Labs, June 2013.
2 Jeremy D’Hoinne, Adam Hills, “Security leaders Must address threats from Rising SSL Traffic”, Gartner, December 2013.
3 Sandvine, “Global Internet Phenomena Report,” May 2014.