Two ongoing industry trends are in conflict with each other. On the one hand, networks are increasingly being consolidated into shared infrastructure utilized by many different clients. From converged hardware networks, through virtualized IT shops, into the cloud, more and more traffic is being merged and intermixed on this shared infrastructure. Conversely, industry regulatory and compliance bodies require that sensitive data, whether it is personally identifiable, financial, or otherwise private, must be segregated and protected with rigorous cryptographic controls. Addressing both of these concerns within the same shared infrastructure is challenging. This talk presents a novel approach for segregating and securing sensitive data on a need-to-know basis, while it is in motion through shared networks, without changing existing network hardware, across any network topology, using industry standard protocols.
