Encryption In The Enterprise
|
|
- Nicholas Parker
- 6 years ago
- Views:
Transcription
1 Encryption In The Enterprise Twin Cities Oracle User s Group Chris Olive, Sales Engineer Vormetric, Inc.
2 Agenda Modern Encryption & Cryptography What Should Be Encrypted and Why Encryption in Enterprise Architecture Tokenization Versus Application Encryption Key Management Handling Oracle TDE The Vormetric Encryption Platform Solution Q&A
3 Modern Encryption & Cryptography Hashes/Hashing Not encryption but used in cryptography Computationally independent Symmetric Keys Based on a secret key Stream Ciphers: RC4, Fish, Pike, Rabbit, etc. (many others) Block Ciphers: DES, 3DES, Blowfish, RC5, AES, IDEA, etc. (many others) Primary focus here on block ciphers and AES has popular attention right now Asymmetric Keys Based on key pairs Examples: RSA, DSA, others Most popular right now is RSA and based on PKCS#1 Generally used for short messages and key exchange Protocols using Asymmetric Keys S/MIME, PGP, OpenPGP, SSL, TLS, Bitcoin, others Certificates Metadata around a public key Data-In-Motion vs. Data-At-Rest
4 Strength of Algorithms For AES-128: combinations of the key Brute force of ½ of the key combinations (2 127 ) at 1,000,000,000 per second would take approximately 10,000,000,000,000,000 (quadtrillion) years For AES-256: combinations of the key Brute force of ½ of the key combinations is infinitely more than AES (Not enough space on this slide for the zeros!) There are known attacks that cut down on these numbers: Related Key, Known Key Distinguishing, Key Recovery, Tau Statistic, Side-Channel NIST (National Institute of Standards & Technology) Approval should be sought Some vendors use algorithms that aren t NIST approved
5 What should be encrypted and why? Focus here is on Data-At-Rest (DAR) High motivation for Data-In-Motion to be always encrypted Recent push for all Web sites to use SSL/TLS Should be considered inside all organizations as well, not just on the perimeter BUT! Causes issues with traffic and layer 7 inspection huge issue right now Two lines of thought around encryption of DAR: Encrypt (only) sensitive data Encrypt everything Encrypting only sensitive data has issues: What defines sensitive? The definition tends to change and move over time. What is actually sensitive? Actual sensitive data tends to change and move. All the above tends to be expensive both in time and in money. Meanwhile your data continues to grow/shift/move and remain exposed. Constantly trying to hit a moving target.
6 Encrypt Everything Recommendation now is to encrypt everything Why? Easy to do now whereas in the past it was much harder all main obstacles have been removed! Initial, On-Going, Transparency, Keys Commercial solutions now make encryption ubiquitous Data is the real gold: It used to be only financial payloads were considered valuable now ALL data is valuable! Data should be protected the moment it s born then doesn t have to be analyzed for sensitivity (since now ALL data has become sensitive.) The cost of data analysis and classification is reduced or evaporates altogether. All data is valuable when married to the right economy
7 Encryption In Enterprise Architecture Laptop End Point/DLP Complexity SSL/TLS App Security App/Token Database Server Web DB Storage/FDE Storage
8 Tokenization Versus Encryption Tokenization & Encryption are related: Tokens are essentially format preserving encryption (best vaultless) Tokens are encrypted in commercial tokenization solutions (vaulted) Typically used in PCI compliance scenarios where servers are taken out of scope Commercial tokenization solutions tend to come with data masking capabilities Encryption used to be non-format preserving (non-fpe) Generally lead or leads to changes to database schemas as Encrypted values would inflate and not preserve format SSN is a great example Most commercial encryption products have or are coming out with FPE In tokenization, same token always returned; in encryption you don t want this!
9 Sample Tokenization Versus Encryption Current commercial tokenization solutions usually come in two flavors: Vaulted/Stateful: Tokens stored in a backend database and encrypted more secure but not as performant Vaultless/Stateless: Tokens stored in memory and encrypted very performant but not as secure Home-grown tokenization solutions are all over the map. Sample token table versus encryption: SSN Tokenized Encrypted iegh0caediemahng iec4lai0ainooloh Ahv0quaaseoG8hua
10 Considerations Tokenization & Application Encryption Full Data Analysis Data Points: Do you know every data element size, where, etc.? Application Matrix: Do you know every application touching every one of those data elements? Searching: Will it break searching, especially for encryption? Software Architecture: Generally executed by software architect(s) with little to no security experience or know how Time To Implement Relative to full, robust SDLC Unit, integration, customer, performance, QA and Production, usually governed by change management PER APPLICATION Both easier if done earlier in the SDLC or green field
11 Key Management Most point solutions have little or no key management Great example: Encrypting a MacBook hard drive Without access to keys, your data is toast! This is the premise behind Ransomware, right?! Great Key Management needs to be: Centralized Easy to manage but still SECURE! All types of keys: SSL/TLS, CAs, other generated keys generally from symmetric or asymmetric algorithms like OpenSSL, ssh-keygen, key appliance, etc.
12 TDE With Vormetric Key Agents TDE Master Encryption Key Vormetric DSM acts as Network HSM for Database Master Encryption Keys Vormetric Key Agent is installed on the database server SSL Network Connection Key Agent* Oracle / Microsoft TDE Database TDE Tablespace Encryption Key Encrypted Data Files TDE Tablespace Encryption Key Encrypted Data Files 12 * PKCS-11 for Oracle and MSCAPI for MSSQL
13 Commercial Key Management Generally implement KMIP or should (Key Management Interoperability Protocol) When deployed as hardware appliances, can also house HSMs or Hardware Security Managers Necessary for FIPS and FIPS compliance (gov t) Tamper-proof Capable of at least storing, reporting and alerting (expirations) on keys stored in the device Solutions in the industry vary in complexity and pricing
14 Questions & Answers
15 Vormetric Data Security Simplifying Data Security for the Enterprise John Murakami - Regional Sales Manager Chris Olive Sales Engineer
16 Vormetric Customers Founded 2001 Customers Include 17 of the Fortune 30 Top names in Banking, Retail, Outsourcing, Manufacturing & Insurance Used by the US Government including US Intelligence Community IP Protection, Compliance, Client Data & Consumer Information Protection Recently acquired by Thales
17 Leverage Existing Investments Vormetric gives our customers best in class security controls needed for compliance, data breach protection and for safeguarding critical intellectual property through powerful data-at-rest encryption. Rod Hamlin Vice President Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
18 One Platform One Strategy Data-at-rest security that follows your data Physical Virtual Outsourced Enterprise Data Centers Private, Public, Hybrid Clouds Sources Nodes Analytics Remote Servers Big Data
19 Vormetric Encryption Use Cases Database Encryption Usage: Encrypt Tablespace, Log, and other DB files Common Databases: Oracle, MSSQL, DB2, Sybase, Informix, MySQL Unstructured Data Encryption Usage:Encrypt and Control access to any type of data used by LUW server Common Data Types: Logs, Reports, Images, ETL, Audio/Video Recordings, Documents, Big Data Examples:FileNet, Documentum, Nice, Hadoop, Home Grown, etc Cloud Encryption Usage: Encrypt and Control Access to data used by Cloud Instances Common Cloud Providers: Amazon EC2, Rackspace, MS Azure
20 Vormetric Data Security Tools Data Encryption Access Control Key Management Audit Encrypts file system data transparently to: Applications Databases Storage Infrastructure Integrated Key Management High Efficiency Encryption Firewall-like access controls for data access Separate data access from data management for systems privileged users(root, SA, etc ) Key Management for Vormetric keys and 3 rd Party Encryption Products Provide Network HSM for other encryption solutions PKCS#11 (Oracle 11gR2) EKM (MSSQL 2008 R2) Granular data access logging Denied Access Events Expected Access Events
21 Vormetric Transparent Encryption Protects structured/unstructured data Encryption with integrated key management Policy-based access control Security Intelligence Privileged Users - _}?$%-:>> Approved Processes and Users John Smith 401 Main Street Vormetric Security Intelligence Logs to SIEM User Encrypted & Controlled Clear Text User Application DSM DSM Vormetric Data Security Manager virtual or physical appliance Database File Systems File Systems Application Database Storage Server Volume Managers Volume Managers Allow/Block Encrypt/Decrypt Big Data, Databases or Files Cloud Admin, Storage Admin, etc Transparent data protection for any app, OS, data type, and storage - _}?$%-:>>
22 Vormetric Application Encryption Encrypts specific fields or columns in files and databases Privileged Users - _}?$%-:>> root SA DBA user Approved Users John Smith 401 Main Street Vormetric Security Intelligence Logs to SIEM Database User Application Database Allow/Block Encrypt/Decrypt Cloud Provider / Outsource Administrators DSM Vormetric Data Security Manager on Enterprise premise or in cloud virtual or physical appliance File Systems Storage Volume Managers Name: Jon Dough SS: if030jcl PO: Jan Big Data, Databases or Files *$^!@#)( - _}?$%-:>>
23 Vormetric Application Encryption Workflow Web Server Workflow: 1 Credit Card# 2 Credit Card# 1. User submits personal information to purchase items. 2. Web server sends personal information to application server. 3. Application calls into Vormetric Application Encryption (VAE) library to encrypt data. (NOTE: VAE obtains keys from the DSM only once) 4. VAE returns the value back to the application. 5. Application then stores the encrypted value in the database server. Application Server 3 Credit Card# Application 4 Encrypted Credit Card# VAE Agent Encrypted Keys DSM Vormetric Data Security Manager (Key Management) 5 Encrypted Credit Card# Database, Big Data or File Storage Vormetric Confidential
24 Vormetric Tokenization w/ Dynamic Data Masking use case 1 Request 3 4 DSM Accounts Payable App Servers REST API 6 Mask Data Sent Vormetric Token Server Customer Service 7 Response Database (production data tokenized) 5 Token Vault ((CC)e, Token) Lookups AD/LDAP Server Credit Card Token or mask Slide No: 24 Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
25 Vormetric Cloud Gateway Encrypting and controlling SaaS data Security Intelligence Personal Computers Mobile Devices DSM Vormetric Cloud Gateway Q Future Servers Enterprise SaaS Slide No: 25 Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
26 One Platform One Strategy Data-at-rest security that follows your data Physical Virtual Outsourced Enterprise Data Centers Private, Public, Hybrid Clouds Sources Nodes Analytics Remote Servers Big Data
27 Questions?
Vormetric Data Security
Vormetric Data Security Simplifying Data Security for the Enterprise www.vormetric.com Agenda! Introductions! Vormetric Overview! Data Security Architecture Challenges! Product Architecture & Use Cases!
More informationVormetric Data Security
Vormetric Data Security September 2015 George H. Chew AVP for Asia Pacific and Japan Vormetric, Inc gchew@vormetric.com Sensitive Data is Dispersing and Growing Becoming harder to secure Physical Virtual
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationVormetric Data Security Platform
Data Sheet Vormetric Data Security Platform The efficiently manages data-at-rest security across your entire organization. Built on an extensible infrastructure, the is comprised of several products that
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationVormetric Data Security Platform
Vormetric Data Security Platform The efficiently manages data-at-rest security across your entire organization. Built on an extensible infrastructure, products can be deployed individually, while sharing
More informationSensitive Data and Key Management for DBAs
Sensitive Data and Key Management for DBAs Encryption Key Management Simplified Jonathan Intner 13 December, 2011 NYOUG, New Yorker Hotel Agenda Introduction Audience Sensitive Data > What makes data sensitive?
More informationSafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION
SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION Encrypt application data and keep it secure across its entire lifecycle no matter where it is transferred, backed up, or copied Rich application encryption
More informationADDRESSING PCI DSS 3.0 REQUIREMENTS WITH THE VORMETRIC DATA SECURITY PLATFORM
ADDRESSING PCI DSS 3.0 REQUIREMENTS WITH THE VORMETRIC DATA SECURITY PLATFORM How Solution Capabilities Map to Specific Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationMove Cyber Threats On To Another Target. Encrypt Everything, Everywhere. Imam Sheikh Director, Product Management Vormetric
Move Cyber Threats On To Another Target Encrypt Everything, Everywhere Imam Sheikh Director, Product Management Vormetric State of the Market Evolving Threats Today s spectrum of Insider Threats TRADITIONAL
More informationTHALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION
www.thalesesecurity.com THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION Enterprises are committing to a digital transformation initiative by embracing new opportunities and building
More informationProtegrity Vaultless Tokenization
Protegrity Vaultless Tokenization Protegrity Vaultless Tokenization employs a patent-pending approach to tokenization that improves security and efficiency by eliminating the need for a token vault. By
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationVormetric Data Security Platform
www.thales-esecurity.com Vormetric Data Security Platform VORMETRIC DATA SECURITY PLATFORM As devastating security breaches continue to happen with alarming regularity and compliance
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationAlliance Key Manager A Solution Brief for Partners & Integrators
Alliance Key Manager A Solution Brief for Partners & Integrators Key Management Enterprise Encryption Key Management This paper is designed to help technical managers, product managers, and developers
More informationVormetric Data Security Platform
www.t halesesecurity.com Vormetric Data Security Platform VORMETRIC DATA SECURITY PLATFORM As devastating security breaches continue to happen with alarming regularity and compliance
More informationThales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen
Thales e-security Security Solutions PosAm, 06th of May 2015 Robert Rüttgen Hardware Security Modules Hardware vs. Software Key Management & Security Deployment Choices For Cryptography Software-based
More informationCloud FastPath: Highly Secure Data Transfer
Cloud FastPath: Highly Secure Data Transfer Tervela helps companies move large volumes of sensitive data safely and securely over network distances great and small. Tervela has been creating high performance
More informationUnbound and Oasis KMIP Interoperability
Unbound and Oasis KMIP Interoperability Thad Roemer, Solutions Architect April 2018 What does KMIP do? Security Applications or Appliances Key Material & Metadata Transport KMIP Key Management Server Create,
More informationChannel FAQ: Smartcrypt Appliances
Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationVormetric Data Security Platform
www.t halesesecurity.com Vormetric Data Security Platform VORMETRIC DATA SECURITY PLATFORM As devastating security breaches continue to happen with alarming regularity and compliance
More informationAlliance Key Manager A Solution Brief for Technical Implementers
KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key
More informationProtecting Data and Transactions with Encryption and Tokenization. Rich Mogull Securosis
Protecting Data and Transactions with Encryption and Tokenization Rich Mogull Securosis What We ll Cover Encryption and Tokenization for the financial services data center. How the technologies work. How
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationTLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
More informationAzure SQL Database. Indika Dalugama. Data platform solution architect Microsoft datalake.lk
Azure SQL Database Indika Dalugama Data platform solution architect Microsoft indalug@microsoft.com datalake.lk Agenda Overview Azure SQL adapts Azure SQL Instances (single,e-pool and MI) How to Migrate
More informationOracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero
Oracle Security Products and Their Relationship to EBS Presented By: Christopher Carriero 1 Agenda Confidential Data in Corporate Systems Sensitive Data in the Oracle EBS What Are the Oracle Security Products
More informationTransKrypt Security Server
TransKrypt Security Server Overview Security of transactions is critical as the volume of payments are growing at a faster pace from new generation mobile and broadband based IP payment terminals and devices.
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More information2 Me. 3 The Problem. Speaker. Company. Ed Breay Sr. Sales Engineer, Hitachi ID Systems.
1 2 Me Speaker Ed Breay Sr. Sales Engineer, Hitachi ID Systems. Company Hitachi, Ltd.: a 100 year old Fortune 100 conglomerate. Hitachi ID Systems, Inc.: a 19 year old IAM software subsidiary. Headquarters
More informationWhat you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered
What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered Over the last decade, cloud backup, recovery and restore (BURR) options have emerged
More informationTRANSPARENT ENCRYPTION ARCHITECTURE
VERISEC TRANSPARENT ENCRYPTION ARCHITECTURE WHITEPAPER Scalable Flexible Encryption Gateway Transparent Encryption Application Encryption Security Intelligence Data Security Manager Tokenization KMaaS
More informationSECURE CLOUD BACKUP AND RECOVERY
SECURE CLOUD BACKUP AND RECOVERY Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile data protection, and
More informationExposing The Misuse of The Foundation of Online Security
Exposing The Misuse of The Foundation of Online Security HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are like HLA tags But,
More informationKeep your fingers off my keys today & tomorrow
SIGS SE February 2017 Keep your fingers off my keys today & tomorrow Marcel Dasen VP Engineering Securosys SA Keys? Encryption keys asymmetric e.g. RSA, ECC public/private key pairs for wrapping symmetric
More informationLaunch Smart Products With End-to-End Solutions You & Your Customers Can Trust
Solution Brief: Launch Smart Products With End-to-End Solutions You & Your Customers Can Trust DeviceTone, our ready to run "connect, manage and enable" solution for product companies, makes secure connectivity,
More informationPayment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios
Payment Card Industry and Citrix XenApp and XenDesktop Deployment Scenarios Overview Citrix XenApp, XenDesktop and NetScaler are commonly used in the creation of Payment Card Industry (PCI), Data Security
More informationVormetric NIST Mapping
Vormetric NIST 800-53 Mapping Detailed Mapping of Vormetric Data Security Platform Controls to NIST 800-53 Requirements Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationMitigating Risks with Cloud Computing Dan Reis
Mitigating Risks with Cloud Computing Dan Reis Director of U.S. Product Marketing Trend Micro Agenda Cloud Adoption Key Characteristics The Cloud Landscape and its Security Challenges The SecureCloud Solution
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationDealing with Risk and Compliance to secure your growth 16th May 2018
Dealing with Risk and Compliance to secure your growth 16th May 2018 John Bycroft, SVP Sales Europe Top drivers for Data Security Investment Reputation and brand protection Compliance Regulations Customer
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationIBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ]
s@lm@n IBM Exam 00M-662 Security Systems Sales Mastery Test v2 Version: 7.1 [ Total Questions: 72 ] Question No : 1 What lists of key words tell you a prospect is looking to buy a SIEM or Log Manager Product?
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationAxway Validation Authority Suite
Axway Validation Authority Suite PKI safeguards for secure applications Around the world, banks, healthcare organizations, governments, and defense agencies rely on public key infrastructures (PKIs) to
More informationData Encryption with ServiceNow
Data Encryption with ServiceNow Encryption Technologies for Data Protection on the ServiceNow Platform Table of Contents Executive summary... 3 Edge Encryption...4 Common use cases... 5 Perspectives on
More informationAccelerating the HCLS Industry Through Cloud Computing
Accelerating the HCLS Industry Through Cloud Computing Use cloud computing to accelerate life sciences and healthcare specific workloads, and meet the unique computation, storage, security, and compliance
More informationDeploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)
Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP) May 16, 2016 Speakers Ron Moser, Managing Director, Moserhaus Consulting, LLC and Sr. Consultant,
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017
ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS December 1, 2017 Table of Contents Oracle Managed Security Database Encryption Service for Oracle IaaS... 3 Oracle Managed Security Database
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationFeatures Comparison Sheet
ManageEngine Password Manager Pro Vs Thycotic Secret Server Features Comparison Sheet (As per information available on Thycotic Secret Server s website on March 23, 2018.) Feature ManageEngine Password
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationCompleting your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT
Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT Introduction Amazon Web Services (AWS) provides Infrastructure as a Service (IaaS) cloud offerings for organizations. Using AWS,
More informationThe Realities of Data Security and Compliance: Compliance Security
The Realities of Data Security and Compliance: Compliance Security Ulf Mattsson, CTO, Protegrity Ulf.mattsson @ protegrity.com Bio - A Passion for Sailing and International Travel 2 Ulf Mattsson 20 years
More informationVORMETRIC TRANSPARENT ENCRYPTION ARCHITECTURE
www.thalesesecurity.com VORMETRIC TRANSPARENT ENCRYPTION ARCHITECTURE White Paper Contents EXECUTIVE SUMMARY 4 INTRODUCTION 4 VORMETRIC TRANSPARENT ENCRYPTION SOLUTION INTRODUCTION 5
More informationAGILE AND CONTINUOUS THREAT MODELS
SESSION ID: DEV-R04 AGILE AND CONTINUOUS THREAT MODELS Nancy Davoust Vice President, Security Architecture and Technology Solutions Comcast CONTEXT FOR AGILE AND CONTINUOUS THREAT MODELING The Landscape
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Securing Privileged Accounts with an Integrated IDM Solution Olaf.Stullich@oracle.com Product Manager, Oracle Mike Laramie Oracle Cloud for Industry Architecture Team Buddhika Kottahachchi OPAM Architect
More informationTeradata and Protegrity High-Value Protection for High-Value Data
Teradata and Protegrity High-Value Protection for High-Value Data 12.16 EB7178 DATA SECURITY Table of Contents 2 Data Centric Security: Providing High-Value Protection for High-Value Data 3 Visibility:
More informationMicrosoft Office 365 TM & Zix Encryption
Microsoft Office 365 TM & Zix Email Encryption A Natural Fit www.zixcorp.com INTRODUCTION IT managers and decision makers are being pressured from all sides to find ways to safely migrate to cloud-based
More informationnshield GENERAL PURPOSE HARDWARE SECURITY MODULES
www.thalesesecurity.com nshield GENERAL PURPOSE HARDWARE SECURITY MODULES Contents 1. SECURITY YOU CAN TRUST 3 2. THE nshield FAMILY 4 3. SUPPORT FOR WIDE VARIETY OF USES 5 4. FEATURES
More informationThe Secret to Secrets Management BSides PDX, October 27, 2018
The Secret to Secrets Management BSides PDX, October 27, 2018 MARK B. COOPER PRESIDENT & FOUNDER MARK@PKISOLUTIONS.COM @THEPKIGUY 2014-2018 The PKI Guy President and Founder, PKI Solutions Known as The
More information1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7
1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7 ORACLE PRODUCT LOGO 20. oktober 2011 Hotel Europa Sarajevo Platform
More informationRandtronics Data Privacy Manager
Randtronics Data Privacy Manager 1 Randtronics Data Privacy Manager Securing your business A business that only encrypts their data is more secure than businesses with everything else Randtronics DPM de-risks
More information5 OAuth EssEntiAls for APi AccEss control layer7.com
5 OAuth Essentials for API Access Control layer7.com 5 OAuth Essentials for API Access Control P.2 Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More informationEncrypting Data-at-Rest and in-motion for Pivotal Greenplum
Encrypting Data-at-Rest and in-motion for Pivotal Greenplum by Ian Redzic Overview Business Challenge Data warehouses and other data stores have become prime targets for threat actors Cloud and VM environments
More informationPCI DSS Compliance. White Paper Parallels Remote Application Server
PCI DSS Compliance White Paper Parallels Remote Application Server Table of Contents Introduction... 3 What Is PCI DSS?... 3 Why Businesses Need to Be PCI DSS Compliant... 3 What Is Parallels RAS?... 3
More informationTransforming IT: From Silos To Services
Transforming IT: From Silos To Services Chuck Hollis Global Marketing CTO EMC Corporation http://chucksblog.emc.com @chuckhollis IT is being transformed. Our world is changing fast New Technologies New
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationSee the unseen. CryptoAuditor SSH.COM. Control and audit encrypted 3rd party sessions. What is CryptoAuditor?
SSH.COM CryptoAuditor What is CryptoAuditor? SSH.COM CryptoAuditor is a centrally managed virtual appliance for monitoring, controlling and auditing encrypted privileged access and data transfers. Control
More informationKey Management in a System z Enterprise
IBM Systems IBM z Systems Security Conference Business Security for today and tomorrow > 27-30 September Montpellier Key Management in a System z Enterprise Leo Moesgaard (lemo@dk.ibm.com) Manager of IBM
More informationFeatures Comparison Sheet
ManageEngine Password Manager Pro Vs Thycotic Secret Server Features Comparison Sheet (As per the information available in Thycotic Secret Server s website on April 24, 2017) Feature ManageEngine Password
More informationCrypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationMulti-Vendor Key Management with KMIP
Multi-Vendor Key Management with KMIP Tim Hudson CTO & Technical Director tjh@cryptsoft.com 1 Abstract Practical experience from implementing KMIP and from deploying and interoperability testing multiple
More informationWelcome to IBM Security Guardium Analyzer!
Welcome to IBM Security Guardium Analyzer! To help you get started with IBM Security Guardium Analyzer, please refer to these frequently asked questions: What is IBM Security Guardium Analyzer? Guardium
More informationSecuring Data in the Cloud: Point of View
Securing Data in the Cloud: Point of View Presentation by Infosys Limited www.infosys.com Agenda Data Security challenges & changing compliance requirements Approach to address Cloud Data Security requirements
More informationBlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module
BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE Cryptographic Appliances with Integrated Level 3+ Hardware Security Module The BlackVault hardware security platform keeps cryptographic material
More informationData Encryption with ServiceNow
Data Encryption with ServiceNow Encryption Technologies for Data Protection on the ServiceNow Platform Table of Contents Executive summary... 3 Edge Encryption...4 Common use cases... 5 Perspectives on
More informationLEARN HOW TO SECURE THE BREACH! SECURE THE BREACH: BREACH PREVENTION DOES NOT WORK A THREE-STEP APPROACH TO BOOST DATA PROTECTION
SECURE THE BREACH: A THREE-STEP APPROACH TO BOOST DATA PROTECTION Reality as it was BREACH PREVENTION DOES NOT WORK LEARN HOW TO SECURE THE BREACH! Reality as it is The numbers do not lie whether internal
More informationReady Theatre Systems RTS POS
Ready Theatre Systems RTS POS PCI PA-DSS Implementation Guide Revision: 2.0 September, 2010 Ready Theatre Systems, LLC - www.rts-solutions.com Table of Contents: Introduction to PCI PA DSS Compliance 2
More informationSECURE DATA EXCHANGE
POLICY-DRIVEN SOLUTIONS FOR SECURE DATA EXCHANGE Sending and receiving data is a fundamental part of daily business for nearly every organization. Companies need to share financial transaction details,
More informationBusting the top 5 myths of cloud-based authentication
Busting the top 5 myths of cloud-based authentication Insert Your Name Jason Hart CISSP CISM Vice President, Cloud Solutions SafeNet, Inc. Insert Your Title Insert Date Overview Cloud benefits Agility
More informationEvolved Backup and Recovery for the Enterprise
Evolved Backup and Recovery for the Enterprise with Asigra technology Working gives me confidence in my data protection plan. I know that if I ever need to restore, it will take a few minutes rather than
More informationState of the Dolphin Developing new Apps in MySQL 8
State of the Dolphin Developing new Apps in MySQL 8 Highlights of MySQL 8.0 technology updates Mark Swarbrick MySQL Principle Presales Consultant Jill Anolik MySQL Global Business Unit Israel Copyright
More informationWhich compute option is designed for the above scenario? A. OpenWhisk B. Containers C. Virtual Servers D. Cloud Foundry
1. A developer needs to create support for a workload that is stateless and short-living. The workload can be any one of the following: - API/microservice /web application implementation - Mobile backend
More informationLessons from the Human Immune System Gavin Hill, Director Threat Intelligence
Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence HLA ID: 90FZSBZFZSB 56BVCXVBVCK 23YSLUSYSLI 01GATCAGATC Cyber space is very similar to organic realm Keys & certificates are
More information5 OAuth Essentials for API Access Control
5 OAuth Essentials for API Access Control Introduction: How a Web Standard Enters the Enterprise OAuth s Roots in the Social Web OAuth puts the user in control of delegating access to an API. This allows
More informationSOLUTION BRIEF RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD
RSA NETWITNESS SUITE & THE CLOUD PROTECTING AGAINST THREATS IN A PERIMETER-LESS WORLD THE CLOUD MAKES THREAT HUNTING HARDER The explosion in cloud workloads is driving real, substantial business value.
More information