We’re well past the point where the majority of internet traffic—from simple web browsing to email, web applications, and cloud-based services—is encrypted. That happened back in 2017. Today, encrypted traffic makes up about 80% of all web traffic.
While encryption is good for privacy and security, it comes at a cost. Fast, scalable security requires a lot of computing power because traffic—including lDs, passwords, and account numbers—is encrypted and transported using SSL.
Given this reality, it’s critical for organizations to ensure that the ever-growing number of SSL connections doesn’t impact web server performance, which could in turn impact operational performance.
Together, F5 and nCipher create a complete SSL ecosystem, purpose-built to deliver resource-heavy encryption capabilities that remove friction and delays for end users. This ecosystem starts with F5 BIG-IP application delivery controllers (ADCs), which efficiently manage SSL traffic in a dedicated appliance. And because more SSL traffic means more keys and certificates, nCipher’s hardware security module (HSM), is deployed on premises or as a service alongside BIG-IP to protect and manage these components.
While BIG-IP operators can terminate SSL connections in a BIG-IP appliance, keys handled inside the cryptographic boundary of a certified HSM like nShield Connect are even less vulnerable to attack.
BIG-IP provides load balancing, performance acceleration, and security for hardware platforms or virtual instances to ensure applications are fast, secure, and available. SSL management and orchestration are among the many services enabled by BIG-IP.
F5 SSL Orchestrator makes sure encrypted traffic can be decrypted, inspected by security controls, then re-encrypted. This process delivers enhanced visibility so organizations can mitigate threats traversing their networks, strengthen next-generation firewalls (NGFW), and protect against malware, data loss, ransomware, and other inbound and outbound threats like exploitation, callback, and data exfiltration.
The nShield Connect HSM from nCipher works with BIG-IP systems to provide Federal Information Processing Standards (FIPS) and Common Criteria certified protection of SSL certificates and associated encryption/decryption keys. The nShield architecture includes a Remote File System (RFS) that stores and manages encrypted key files to support BIG-IP platforms. As a result, nCipher not only reduces the workload on BIG-IP systems but also increases overall security because keys handled inside the cryptographic boundary of a certified HSM are less vulnerable to attack.
Together, F5 and nCipher provide a complete SSL ecosystem that’s purpose built to deliver resource-heavy encryption capabilities that remove friction for end users. Our joint solution increases overall security and improves regulatory compliance.
For more information about the F5 and nCipher partnership and solution integration, visit F5 SSL Orchestrator
nCipher Solution briefs & data sheets