Organizations that depend on the Internet must go beyond firewalls and intrusion detection systems to anticipate and protect against potential threats. V-ONE Corp. has been designing, developing and marketing next-generation network security software since 1993 and holds eight patents. Using open standards and application layer technology, the company’s product lines integrate encryption, authentication and access control services to allow creation of highly secure virtual private networks (VPNs). VPNs enable secure access to sensitive information eliminating the need for a private telecommunications infrastructure. V-ONE’s security technology is designed to work efficiently over IP and satellite networks with virtually no impact on performance.

Margaret Grayson, CEO, president and director of V-ONE Corp. recently spoke with Via Satellite Editor Nick Mitsis and shared her insights regarding how satellite-enabled encryption services are gaining importance in today’s broadband world.

Via Satellite: What encryption standards are most in demand in today’s satellite communications world?

Margaret Grayson: As an industry, we have witnessed some progress. Today, the two widely-accepted strong encryption standards are triple DES and AES or Rijndael. We offer both to our customers. Satellite, however, brings an interesting complexity to the encryption world. Sending data up to a satellite and back down to receiving stations creates latency that can dramatically affect the performance of IP Protocol VPNs when certain encryption schemes such as IPSec are employed. This can cause a big problem for users when the communication link is dropped.

What is happening today is that new application layer security software products and services are making it easier to safely connect people to their data. For IT managers, this is good news. Their major concern however, is to protect the integrity of their networks and control the information streaming in and out of their corporations. Satellite platforms must not be relegated to the position of "weakest link". Application layer access security products now allow satellite customers to be included in secure end-to-end solutions.

Via Satellite: What new encryption demands are facing military customers in regard to satellite-delivered communications?

Grayson: They need higher levels of security for their data and communications transmissions. In many cases, military and government customers may require multi-factor authentication. In addition, military clients may also require a biometric layer of security. For example, they have the ability to use many layers of identity verification– retinal scans, fingerprints or voice prints. This is a security capability that must be integrated into satellite and wireless and wireline environments.

Via Satellite: How has the VSAT market changed in regard to site growth, data transmission complexity and needs by enterprise clients?

Grayson: Corporations with VSAT networks in place are becoming more aware of new encryption layers for added security. With increasing numbers of remote users being linked back to headquarters, many are now seeking high-performance end-to-end security so no data is dropped or exposed along the transmission route. Secure communications for propriety data are increasing in importance. Satellite brings inherent strengths in its flexibility to reach remote sites and its ability to provide business continuity in times of disaster.

Via Satellite: What specific impact does encryption have on a satellite network performance, then, in regard to degradation of a VPN over a VSAT system?

Grayson: It adds overhead, no doubt about it. But if you are running a security program on the network level, the real problem rests in the inability of the IPSec protocol to capitalize on the satellite network’s protocol spoofing capabilities to avoid the adverse effects of a high latency link. We are seeing an increase in incorporating encryption software on the application layer that is compatible with protocol spoofing and thus provides good performance, making satellite transport more competitive.

Via Satellite: In paid VPN environments where clients are submitting financial information for purchases or participating in real-time online gambling, how complex does an encryption layer have to become?

Grayson: The difference really lies in the mind of the user. The bits and bytes are agnostic in regard to the content of the feed. If you can protect data traffic, then encryption applications do not change too much in intensity and can be effective for a wide variety of implementations. For sensitive data, however, it is very important that users have software in place that can authenticate who is coming in and clients can verify the identity of that person so as to protect high-value transactions.

Via Satellite: What more needs to be done on the global open standards arena?

Grayson: This environment is continually evolving. We need to get to a standards base that is interoperable because users need to maintain security across multiple platforms.

Via Satellite: Which enterprise applications are most driving demand for secure broadband connections?

Grayson: First responders, healthcare and the banking sectors are among the most significant sectors in need for encryption technology. Authenticating network users is really the key for all sectors.

Via Satellite: With the growth of Wi-Fi, hybrid and wireless networks, how can companies truly secure content that is now traveling through such transparent transmission pipes?

Grayson: This absolutely does open up a new layer of vulnerability. People are mobile and so is today’s information. What companies have to do is ensure that encryption and user authentication mechanisms for their wireless transmissions are in place. The end-to-end security provided by an application layer solution can be extremely effective for a wireless environment.

Via Satellite: What do you see as the biggest growth challenge for satellite broadband content security in 2005?

Grayson: Most probably it will be the rate of adoption of high-performance end-to-end encryption schemes that work across networks. Clients today are located virtually anywhere in the world and they all need access to data. Access to content has to be quick, easy and flexible and the encryption technology has to be adaptable between satellite, terrestrial and wireless.