When was the last time you had an exceptional online experience? One that truly rocked? Was it when you planned your vacation, or maybe when you filed an insurance claim? While no one looks forward to having to file a claim, having done so recently, I was truly impressed.
It was fast, I quickly found what I needed, was able to enter the details required, and felt reassured that everything was transacted securely – an outstanding user experience. Behind all of this, there needs to be a system that is always available no matter the traffic load, and always secured. So let’s get down to the fundamentals that enable reliable, high-performing, and secured web services.
Performance and security
SSL/TLS (referred to simply as SSL from here forward) is not just for e-commerce anymore. Any enterprise with an online presence creates customer accounts and authenticates users as they log in to utilize services. Customers don’t have to be making purchases, just doing the kind of things we now do online; like social media, checking our bank accounts, and doing homework if we are students. With the expansive growth of the Internet and online transactions, sensitive data exchanged online and in the cloud can be increasingly a target of attack.
Online services use login mechanisms to connect end-user browsers to web servers, and these connections are protected by SSL. To deliver trusted and reliable web services, enterprises must address confidentiality, integrity, and availability of the data processed by the service. Online users are impatient, and unresponsive services will quickly sour the experience. Users are also concerned about privacy. Widely publicized attacks can cripple a business, and a data breach can shatter corporate reputation. Trusted web services therefore must always be available and offer appropriate levels of security.
Challenges and critical factors
For enterprises and government agencies providing web services, having more online users is good – they can reach more of their customers, and can do so at reduced costs. But increased usage can also pose challenges. As more online users are added to a system, increased traffic can choke web services and impact performance. Growing numbers of users also means there are more connections and SSL keys that need to be safeguarded and managed. The availability and security of web services, and the success of many enterprise and government online ventures, depends on system availability and security. To ensure an exceptional online experience, three critical factors must be addressed:
- Capability to manage increasing number of users
- Capacity to distribute traffic flow and balance load
- Ability to safeguard and manage cryptographic keys
First, the capability to manage increasing number of users is particularly important. Online systems are designed for mass use, and they must scale to accommodate increased demand without impacting the user experience. SSL is a resource-intensive protocol and it demands high utilization of servers to meet application performance and availability requirements. Using more high-performing servers can addresses this challenge.
Second, the capability to distribute traffic flow and balance load is imperative to ensure high availability. Application Delivery Controllers (ADC) are designed to optimize web service performance by managing SSL traffic in a scalable manner, while supporting increased demand. SSL uses cryptography, and cryptography uses keys. As you can imagine, more SSL connections means more SSL keys to safeguard and manage.
Third, an increasing volume of SSL-encrypted traffic over multiple simultaneous connections can also create a key management challenge. Web servers must protect the keys they need, and must know which key they need to use for which application. Encryption keys must be protected and managed in a trusted manner for security as well as regulatory compliance. This is why hardware security modules (HSMs) are an integral part of a high performing and secure solution. HSMs safeguard and manage the underpinning SSL encryption keys used to protect the connections between web servers and the end-user browsers. Multiple HSMs deployed in the customer environment ensure resilience, and their dual control features protect against potential insider attacks. The integration of ADCs with HSMs deliver a hardened solution that supports high performance and security.
Today, enterprise and government organizations must also comply with data security regulations that dictate different levels of protection depending on the sensitivity of the information handled. As these organizations seek to enhance the security of their SSL sessions, they must protect the SSL keys and key management process. HSMs safeguard and manage the keys within a certified security boundary that facilitates compliance and auditing requirements.
Creating an online experience that rocks is no coincidence. It requires hardware and software that enables smart load distribution and balancing, and robust protection and management of the cryptographic keys. To learn more on how to create exceptional online experiences contact Citrix and Thales – and take a look at our video.