Network encryption protects data moving over communications networks. The SSL standard (the technology behind the padlock symbol in the browser and more properly referred to as TLS) is the default form of network data protection for Internet communications that provides customers with peace of mind through its familiar icon. Many security-conscious companies go one stage further and protect not only their Internet traffic but also their internal networks, corporate backbone networks, and virtual private networks (VPNs) with network level encryption.
As with any low-level security technique however, network-level data encryption is a fairly blunt instrument. The network is almost completely blind to the value of the data flowing over it and lacking this context is usually configured to protect either everything or nothing. And even when the “protect everything” approach is taken, a potential attacker can glean valuable information from network traffic patterns.
Encrypting data as it moves over a network is only part of a comprehensive network data encryption strategy. Organizations must also consider risks to information at its origin — before it moves — and at its final destination. Stealing a car in a parking lot or private garage is much easier than on the freeway while traveling at high speed!