There is an emerging network encryption strategy that uses a defense-in-depth approach implemented using two nested, independent encryption tunnels to protect the confidentiality and integrity of data as it transits an untrusted network. These nested encryption solutions reduce the risk of data exposure in the event that one of the encryption layers is compromised.
Additionally, using two independent encryption layers helps to protect against certain types of attacks that may target a single encryption layer such as replay attacks, man-in-the-middle attacks, or quantum attacks. This strategy has been adopted by the Commercial Solutions for Classified (CSfC) Multi-Site Connectivity (MSC) solution. CSfC MSC solutions use a combination of IPsec and MACsec to protect the data in transit. However, many existing CSfC solutions are complex to configure and use protocols that negatively impact performance and efficiency.
Thales High Speed Encryptors (HSE) offer an MSC solution that not only provides the multiple layers of encryption, but does so while providing significant performance benefits over typical IPsec / MACsec solutions. HSE delivers deterministic wire speed encryption with microsecond latency and supports up to 100 Gbps throughput per device. Furthermore, the HSE is also quantum safe and is FIPS 140 certified to operate in a hybrid classic/quantum mode of operation.
Download this solution brief to learn more.