End-to-end encryption is becoming a popular industry trend while at the same time causing nightmares for the IT department. With the emergence of SD-WAN technology and other private routing strategies, it is getting easier for enterprises to fully direct and encrypt traffic flow between application servers within the enterprise and between an enterprise and its business partners.
While there is no argument over the need to keep private data private, the question becomes who are you keeping it private from?
Increasingly applications are being built using a distributed set of microservices. These services fall into three broad categories:
- microservices the enterprise built for themselves,
- microservices built by third party contractors hired by the enterprise, and
- microservices the enterprise consumes from the public cloud.
This collection of disparate microservices is making it difficult for enterprises to know what information is being exchanged as the application fragments collaborate to build a cohesive solution.
As we were beginning to form Trapize, I had a conversation with a CIO who stated their data center was built out of microservices that they mostly subcontracted out to third parties. Yet given the level of encryption between services, the CIO/IT team/enterprise had no real way of knowing or understanding the data that was flowing across – or out of – their network. While the applications worked, this enterprise had managed to create a data super-highway that was private…even to themselves.
At Trapize, we think the cold-war mantra of ‘trust but verify’ still applies. It is critical for an enterprise to understand the underlying data that is moving in and out of their network. Very few enterprises would bypass email or message scanning but many today have no visibility into the critical data flows from systems they know have access to private or sensitive data. We have built a security proxy designed to specifically address this new threat surface. Check us out.