Layer 2 encryption can offer high-assurance data protection without compromising network or application performance unlike IPSEC (Layer 3) encryption that will still add unnecessary network overhead and impact on network speed and bandwidth.
More agile than some might think, the best modern encryption solutions are not only suitable for networks of all shapes and sizes, from modest 10Mbps to ultra-fast 100Gbps speeds. they occupy a barely perceptible presence on the network, are transparent to all other devices and result in minimal latency (frequently less than 4µs at higher speeds).
Crypto-agility, however, is much more than simple performance statistics. It comes from compatibility and interoperability, from FPGA-based flexibility and from the ability to support custom cryptographic elements. It even enables a choice of encryption algorithms and standards.
Truly high-assurance encryption solutions are based on standards-based algorithms, typically AES 128 or 256bit. However, If you are able to provide your own, you may prefer to use those; there’s nothing that says you must use the manufacturer’s standard algorithm.
An encryption platform should offer support for as many of these algorithms as possible. For example, CFB (Cipher Feedback) mode, CTR (Counter) mode and GCM – an authenticated encryption mode.
That’s true agility.
Beyond encryption modes, agility should extend to support for other custom components, such as user-defined curves, external certificate authorities and sources of randomness.