dcsimg
RealTime IT News

Bob Weinschenk, CEO, Britestream

Bob WeinschenkBob Weinschenk is on a mission to change (for the better) the industry's focus on security, one little piece of hardware at a time. Make that one more Secure Sockets Layer (SSL) Network Interface Card at a time. And a piece of silicon at a time and fewer CPUs , to boot.

Britestream's bright idea: security-on-a-chip products in order to offload the heavy lifting of current secure transaction protocol, SSL , as well as Transport Layer Security , by processing the transaction data in real time in the network stream.

Chip-based and ASIC-based security system providers, such as Britestream, look at data breaches, hacks, phishing outbreaks and other spots on the Internet experience and instead see bright opportunities to change the industry's approach to security. Weinschenk recently chatted with internetnews.com about why he thinks offloading SSL's time has arrived.

Q: How would you frame the current landscape in terms of security threats facing businesses and consumers?

Internet security breaches occur daily and the frequency and rate at which these breaches are occurring is rising and will continue to increase as broadband Internet adoption, e-commerce and communication via the Internet (i.e. e-mail, VoIP) continue to grow. No individual computer user or business is entirely protected from Internet security breaches.

Deploying security that works is an enormous headache for IT organizations. Most solutions are costly and theyre difficult to install and maintain. In addition, because they require so much capacity, software solutions also tend to place an extra burden on CPUs, resulting in a performance impact.

Q: You see more encryption coming to address these issues. Can you talk about why?

Different factions in the marketplace are competing. First, there is a need to protect information (for compliance and regulatory reasons, as well as business continuity and consumer privacy reasons) and then there is a growing need to share information (with supply chain partners, for EDI and outsourcing, and on mobile devices). Both trends are valid and require that information be secure.

But encrypting data has been expensive because of the way it's been done. Now it is truly possible to create more secure environments at a reasonable cost using a hardware-based SSL solution like Britestream's.

Q: So what's the problem with SSL?

For starters, it's slow. Applications can experience a slowdown of 10 to 100-fold. Because of that secure "handshake" that's necessary to ensure a secure transaction, such as when you're buying online, only so much data can be passed back and forth as part of the security layer. So it's rationed. Now, when you have increasing volume of SSL-encrypted traffic going through a network, this presents major challenges for architects and engineers. Performance slows, and it's running over equipment that, frankly, wasn't designed to handle encrypted information.

On the other hand, co-processors are evolutionary ways of implementing SSL, because they make it faster than software alone. However, they can be very hard to integrate, and then you have to deal with private key information being stored on software that may be vulnerable. Plus, they can consume valuable CPU cycles.

Q: Hence the term "SSL offloading"?

While SSL is mission critical, it often results in penalty performances for servers and computers. With most software-based solutions, systems will see the available percentage of CPUs drop as the number of SSL transactions increases. These performance problems will only increase as the number of Web-based transactions increase. By offloading SSL, we can take all of the processing off the CPU, so that there is not a drop in performance.

Q: Do you want to go with a lockbox-type approach to securing transactions over the Web?

We think there's more of the industry trend toward more encryption in the security layer. It's just going that way. We often tell customers using a software-based security system is like hiding the key under the doormat or a rock in the garden. A hacker will eventually find it -- they'll find a way to get at it. But with hardware, only you and those you authorize can get at it. We want to take the CPU out of the equation.

Q: Chips are pricier and harder to integrate or upgrade with other network systems. You're more locked in.

By reducing the number of servers needed, you're lowering your acquisition costs for both hardware and software. Plus there's less ancillary equipment needed, such as load balancers, firewalls and switches.

Our dual instream TCP/IP processing engines eliminate the need for host CPU cycles. Plus, it's Plug and play so it's delivered as an industry standard PCI NIC, solving the network integration problem. You don't have to patch, and it's operating-system independent.

The bottom line is this: sensitive information is stored in hardware, which is a hacker-proof, tamper-proof vault for the entire enterprise. Plus, the existing application base is even more demanding of SSL security. When we do the SSL offload, you can't even tell, but we've definitely reversed the bottleneck.

The trend is clear anyway, IDC has published studies that show more IT professionals are interested in buying hardware-based security for their networks rather than software, the first time it has eclipsed software in this category.

Q: So, we're heading to a more blended approach with security?

We're driving towards more encryption, with cards that look like what you'd see on an Intel chip. [We sit behind the market leaders]. We're in a world where we have to manage a thousand PINS. But today, the SSL capability is kept inside the chip. We take a sluggish system laboring with SSL encryption and the slow data transfer and make it the equivalent of five or six Itanium servers.

Security is like graphics. You have more compute levels. More complication algorithms, it's a larger key size. Our goal is to not have to ration security.



×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.