/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow Us/ciol/media/post_banners/wp-content/uploads/2016/09/Sanjai-G.jpg)
Soma Tah
e-Commerce business is booming in India with the increased access to internet and smartphones. Hence, it is needless to say that the success is highly dependent on fast, always-on and secure user experience. According to an Internet and Mobile Association of India (IAMAI) report, India's e-commerce market is expected to cross Rs 2 lakh crore by the end of 2016 to cater to the growing base of online shoppers which is expected to reach 40 million.
Today’s e-commerce business success highly dependent on fast, always-on and secure user experience. On the one hand, webpage downloads are measured in sub-seconds, and downtime is equivalent to a wrecking ball in the brick-and-mortar world, while on the other hand, inadequate security could spell disaster – not only in a loss of immediate revenue, but in brand reputation, customer confidence and compliance violations. Sanjai Gangadharan, Regional Director, SAARC, A10 Networks discusses how IT decision makers of these e-commerce companies can avoid the security-performance tradeoff as they set an ambitious goal to meet the user-expectation to a T.
Network security and performance are pre-requisites for e-commerce firms. How can this be ensured?
The increase in e-commerce adoption has led to a new generation of associated security threats such as fraud, theft, disruption of service, or illegal theft of customer data. Instance of performance hiccups are also abundant. there were several instances also where e-commerce websites have slowed down, or crashed during flash sales when the network was not able to cope with the traffic spike.
To meet the scaling, security and availability demands of the e-commerce companies, A10 Thunder Application Delivery Controllers (ADC) offers a host of features. Particularly relevant to e-commerce business include security solutions such as WAF, SSL traffic inspection and DDoS protection to ensure website and application availability. At the same time, to ensure fast and smooth transactions and downloads, application acceleration and infrastructure optimization features like HTTP compression, traffic steering, SSL offload, etc, free up backend servers from repetitive and processor-intensive tasks.
For e-commerce businesses with content hosted in distributed data centres, global server load balancing (GSLB) should be another feature to consider to optimize network performance as it ensures that content is delivered from the data centre in the closest proximity to the user. Built on a platform that optimizes both user experience and the business’s bottom line, A10 Thunder ADC offloads CPU-intensive tasks to enable servers to do more, faster.
Network visibility and network performance- a case of chalk and cheese?
Increased security does not have to be at the expense of performance or vice versa. Network visibility and performance can work hand in hand to provide a fast, always-on and secure experience for customer satisfaction in the e-commerce business.
Web and key infrastructure servers need to scale seamlessly to cope with spikes in network traffic to meet customer demand, as well as to ensure business continuity to maximize revenue and ensure network performance and uptime. Alongside that, by having visibility to network traffic, one can understand the network traffic and its patterns which in turn helps with traffic analysis, capacity planning and making policy decisions.
To protect against advanced and emerging attacks for uninterrupted operations, e-commerce business should also take into consideration full visibility in encrypted traffic. While dedicated security devices provide in-depth inspection and analysis of network traffic, they are rarely designed to decrypt and re-encrypt SSL traffic at high speeds. Blind spots in traffic can leave e-commerce firms open to security vulnerabilities and poor network performance which could result in sensitive data breaches and slow responses, which is detrimental to the company.
Is encrypted traffic a new concern for organizations now? If yes, what's the way out then?
Encryption allows hackers to conceal their exploits from security devices like firewalls, intrusion prevention systems, and data loss prevention platforms. According to Gartner, by 2017 more than half of the network attacks targeting enterprises will use encrypted traffic to bypass inspection, both inbound and outbound. This is because most enterprises employ network security devices that lack the ability to inspect SSL traffic, allowing attacks in these encrypted traffic to remain undetected by network monitoring. Most organizations blindly trust encrypted communication, and do not or cannot decrypt SSL traffic, allowing attackers to use it to their advantage, hiding behind encryption to evade network security defenses.
Without SSL inspection in place, enterprises could fall victim to the cyber-attacks hidden behind encrypted traffic. To counter the threat posed by SSL encryption, organizations must decrypt and inspect inbound and outbound traffic.
A10’s SSL Insight technology enables e-commerce businesses to inspect potential threats hidden in SSL-encrypted traffic. A10’s Thunder SSLi decrypts such traffic, and forwards it to one or more third-party security devices such as a firewall, intrusion detection system or forensics tool. Once the traffic has been analysed and scrubbed, Thunder SSLi re-encrypts it and forwards to the intended destination. Equipped with powerful, dedicated SSL security processors that can scale to meet high-volume traffic demands, Thunder SSLi delivers near parity performance between 1024-bit and 2048-bit key sizes and has the extreme power needed to handle 4096-bit keys at high-performance production levels to keep e-commerce firms performance fast and secured for customer and employee satisfaction.
Is decryption the only answer to combat these concerns?
While Secure Sockets Layer (SSL) encryption is the most popular cryptographic protocol for securing the privacy of web, email, and instant messaging communications, this makes it an attractive attack point also.
Decryption is the answer to combat these concerns by providing visibility. Visibility allows malicious attacks to be blocked before reaching the intended web server. However to note, it is not advisable to decrypt traffic at every point or network performance will suffer. To provide visibility effectively, e-commerce firms will need to determine what type of traffic to decrypt, and why, taking into consideration local authorities’ privacy regulations. With the right tools in place, e-commerce firms can combat SSL concerns and not fear hidden threats brought on by encryption.