Trusted Storage. Putting Security and Data Together. Michael Willett Seagate Technology
|
|
- Margaret Webster
- 6 years ago
- Views:
Transcription
1 Trusted Storage Putting Security and Data Together Michael Willett Seagate Technology
2 Why Encrypt Data-At-Rest? Compliance 42+ states have data privacy laws with encryption safe harbors New data breach bills have explicit encryption safe harbors PCI DSS requires rendering stored cardholder data unreadable Exposure of data loss is expensive Data center disk drives are mobile Nearly ALL drives leave the security of the data center The vast majority of decommissioned drives are still readable Not all leave under the owner s control
3 Board of Directors Scott Rotondo, Sun, President and Chairman Marketing Workgroup Brian Berger, Wave Technical Committee Graeme Proudler, HP Best Practices Jeff Austin, Intel Advisory Council Invited Participants Administration VTM, Inc. Public Relations Anne Price, PR Works TPM Work Group David Grawrock, Intel TSS Work Group David Challener, Lenovo Conformance WG Manny Novoa, HP PC Client WG Monty Wiseman, Intel Events Marketing Support VTM, Inc. Mobile Phone WG Panu Markkanen, Nokia Peripherals WG (dormant) Infrastructure WG Thomas Hardjono, SignaCert PDA WG Jonathan Tourzan, Sony Server Specific WG Larry McMahan, HP User Auth WG Laszlo Elteto, Safenet BOLD: Most Relevant to Storage Work Storage WG Robert Thibadeau Seagate Key Management Services Walt Hubis LSI Storage Interface Interactions James Hatfield Seagate Optical Storage Bill McFerrin DataPlay
4 Joint Work T10 (SCSI) and T13 (ATA) TRUSTED SEND/IN (Protocol ID = xxxx..) TRUSTED RECEIVE/OUT T10/T13 defined the container commands TCG/Storage defining the TCG payload Protocol IDs assigned to TCG, T10/T13, or reserved
5 Enterprise Support ISV Application (on the Host) Implementation Overview TCG/T10/T13 Trusted Send and Receive Container Commands (Partitioned) Hidden Memory Security firmware/hardware ATA or SCSI Trusted Send/Receive Commands Assign Hidden Memory to Applications TRUSTED STORAGE Firmware/hardware enhancements for security and cryptography Firmware Hidden Storage Security Providers TRUSTED Assign Hidden Memory to Applications SP FDE Controller Storage
6 Trust System behaves as designed Trust Toolkit : Cryptographic SIGNING CREDENTIALS (eg, signed X.509 Certificates)
7 Trusted Storage with Trusted Platform Trusted Storage Secure Communications Root Of Trust Trusted Platform TPM OR Trusted Element Life Cycle: Manufacture, Own, Enroll, PowerUp, Connect, Use,
8 Why Security in STORAGE (hard drive) 3 Simple reasons Storage for secrets with strong access control Inaccessible using traditional storage access Arbitrarily large memory space Gated by access control Unobservable cryptographic processing of secrets Processing unit welded to storage unit Closed, controlled environment Custom logic for faster, more secure operations Inexpensive implementation of modern cryptographic functions Complex security operations are feasible
9 TCG Storage Use Case Examples Full Disc Encryption -Laptop Loss or Theft -Re-Purposing -End of Life -Rapid Erase DriveLocking ALL Encrypted Crypto Key Management Crypto Chip Personal Video Recorders Forensic Logging DRM Building Blocks
10 Specification Overview TCG Storage Workgroup Specification Overview and Core Architecture Specification Specification Version 1.0 Revision 19 June (DRAFT)
11 TCG Storage WG Core Specification SPs (Security Providers) Logical Groupings of Features SP = Tables + Methods + Access Controls Tables Like registers, primitive storage and control Methods Get, Set Commands kept simple with many possible functions Access Control over Methods on Tables
12 Security Subsystem Classes Storage Security Subsystem Class = SSC Storage Architecture Core Specification HDD SSC - Notebook HDD SSC - Enterprise Optical SSC (OSSC)
13 Home Banking (or Remote Medical, or ) Trusted Platform w/ Trusted Storage - Multi-factor authentication: password, biometrics, dongles - Secure/hardware storage of credentials, confidential financial/medical data -Trusted life cycle management of personal information - Integrity-checking of application software - Cryptographic functions for storage and communications security - Secure computation of high-value functions (protection from viruses/etc)
14 Self-Encrypting Drives For when a drive leaves the owner's control Simple Transparent Integrated Scalable Interoperable Learn more at: - Webcast from architects - Overview whitepaper - On-line performance demo IT policy: All future drive purchases to be selfencrypting drives when available 2008 Insert 14 Copyright Information Here. All Rights Reserved.
15 Self-Encrypting Drive Basics Write Authentication The drive and LOCKS remains Read Key data automatically LOCKED (Password) normally when while Unlocks when it drive is powered the is unlocked drive OFF back ON Authentication Key Management Service Here is the un-encrypted text Write Read Here is the P%k5t$ text #&% 100% performance encryption engine in the drive Data protected from loss, disclosure 2008 Insert 15 Copyright Information Here. All Rights Reserved. 15
16 Enterprise Management of Self-Encrypting Drives SP FDE -Enterprise Server: Key generation and distribution Key/Password archive, backup and recovery -Laptop (Application): Master/User passwords, multi-factor authentication, TPM support Secure log-in, Rapid Erase -Trusted Drive (self-encrypting): Disk or sector encryption, sensitive credential store, drive locking Self-Encrypting Drive
17 NSA-Accepted Security: Sensitive and Secret Govt Data The National Security Agency (NSA) has qualified the Momentus 5400 FDE hard drive, for protection of information in computers deployed by U.S. government agencies and contractors for national security purposes. With the NSA qualification, the Momentus 5400 FDE.2 hard drive meets one of the highest standards for securing sensitive information the National Security Telecommunications and Information Systems Security Policy (NSTISSP) #11. NSTISSP #11 defines requirements for a wide variety of products that satisfy a diversity of security requirements to include providing confidentiality for data, as well as authenticating the identities of individuals or organizations exchanging sensitive information. * The National Institute of Standards and Technology (NIST), the U.S. federal agency focused on promoting product innovation by establishing technical standards for government and business, certified the Advanced Encryption Standard (AES) encryption algorithm that powers the Momentus 5400 FDE.2 hard drive. *More information on NSTISSP #11 is available at Insert 17 Copyright Information Here. All Rights Reserved.
18 Why standards are important Customer choice Best product, best price, long term supplier viability Multiple vendor options Data at rest needs long term recoverability Media lifetime may exceed supplier lifetime Security requires Well tested and examined practices Separation of duties Consistency of policy enforcement
19 -Trusted Storage Specification - Key Management Services Application Notes
20 IEEE P (Key Management)
21 Key Lifecycle Model 21
22 What Does the Future Look Like? Encryption everywhere! Automatic performance scaling, manageability, security Standards-based Multiple vendors; interoperability Unified key management Handles all forms of storage
23 50,000 Hard Drives Leave the Data Center Every Day 90% of returned drives were still readable (IBM study) Decommission system Replace Repair Repurpose Self-Encrypting Drives Remove ALL drives It s Simple, Clean and Complete Send even dead drives through Queue in secure area Transport Offsite Queue in secure area Secure the moment the drive is unplugged Comply with data privacy laws Warranty and expired lease secure drive returns Repurpose drives securely; Cut decommissioning costs People make mistakes Because of the volume of information we handle and the fact people are involved, we have occasionally made mistakes. which lost a tape with 150,000 Social Security numbers stored at an Iron Mountain warehouse, October Overwriting takes days and there is no notification of completion from drive Hard to ensure degauss strength matched drive type Shredding is environmentally hazardous Not always as secure as shredding, but more fun 99% of Shuttle Columbia's hard drive data recovered from crash site S E S C E U C R U E R E Data recovery specialists at Kroll Ontrack Inc. retrieved 99% of the information stored on the charred Seagate hard drive's platters over a two day period. - May 7, 2008 (Computerworld) Insert 23 Copyright Information Here. All Rights Reserved.
24 Disposal Options: Riddled with Shortcomings Format the drive or delete the data Doesn t remove the data - data is still readable Over-writing Takes hours-to-days Error-prone; no notification from the drive of overwrite completion Shredding Very costly, timeconsuming Environmentally hazardous Degaussing Very costly, time-consuming Difficult to ensure degauss strength matched type of drive Smash the disk drive Not always as secure as shredding, but more fun Professional offsite disposal services Drive is now exposed to the tape s falling-off-thetruck issue
25 IBM, LSI and Seagate Lead the Industry to an Enterprise Encryption Solution Authentication Key Management Service IEEE Standard Key Mgmt Protocol Application Server Network TCG /T10/T13 Security Protocol Storage System Authentication Key Flow Data Flow 25
26 Self-Encrypting Drive: Manageability and Security Manageability Don t need to escrow the encryption key to maintain data recoverability Less re-encryption required Security No clear text secrets anywhere on the drive We assume the attacker has complete knowledge of secrets design and location No cipher text exposure The drive can self power down after x authentication attempts Protected firmware downloads No back doors in the Trusted Storage Spec
27 No Performance Degradation Encryption engine speed Matches Port s max speed The encryption engine is in the controller ASIC Scales Linearly, Automatically Storage System Storage System All data can be encrypted, with no performance degradation Less need for data classification 2008 Insert 27 Copyright Information Here. All Rights Reserved.
28 Transparent to the Storage System Key Management Service Application Server Network Storage System At Initialization: Bring in new volume Set up Authentication Key Power-up: Authenticate with the key source Pass key to the disk drive After Power-up: The storage system virtualizes the disk drives and provides: Data protection through RAID and copy services, Availability through redundancy, failover drivers, robust error handling Capacity sharing through partitioning and network connectivity Management reporting Storage systems are optimized for unencrypted data for data compression and de-duplication 2008 Insert 28 Copyright Information Here. All Rights Reserved.
29 Simplify Management Self-Encrypting Drives Encrypting outside the drive Storage Systems Storage Systems Implement Re-key Exposed Keys Recover Data Retire HDD Transparent to OS, applications, databases Automatic Scalability No re-encryption needed Encryption keys don t leave drives. No need to track or manage them. Delete encryption key May need to change OS, applications, databases Re-encrypt all data Track, manage, escrow encryption keys, maintain interoperability Key compromised; Could make data across multiple drives unreadable 2008 Insert 29 Copyright Information Here. All Rights Reserved.
30 Thank You!
Trusted Computing Group Trusted Storage Specification. Michael Willett, Seagate Technology
Trusted Computing Group Trusted Storage Specification Michael Willett, Seagate Technology SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals
More informationTRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Michael Willett, Seagate Technology
TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION Michael Willett, Seagate Technology SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals
More informationClick to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology
Click to edit Master Trusted Storage title style Click Dave to edit Anderson Master subtitle style Seagate Technology - TRUST - system behaves as designed Cryptographic SIGNING PlaintextMessage + Signed(Hash(PlaintextMessage))
More informationDesigning Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America
Designing Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America Introduction Trusted Computing and Cloud Overview of Trusted Computing CSA guidelines and TCG standards Trusted Storage
More informationTrusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1
Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept 2005 TCG Track: SEC 502 1 The Need for Trusted Computing 2 The Real World Innovation is needed: Client software
More informationImplementing. Stored-Data Encryption
Implementing PRESENTATION TITLE GOES HERE Stored-Data Encryption Dr. Michael Willett Independent Consultant SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise
More informationTRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION. Jason Cox, Seagate Technology
TRUSTED COMPUTING GROUP TRUSTED STORAGE SPECIFICATION Jason Cox, Seagate Technology SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals
More informationIBM System Storage Data Protection and Security Chen Chee Khye ATS Storage
IBM System Storage Data Protection and Security Chen Chee Khye ATS Storage chenck@my.ibm.com Information is Exploding Data Types Data Growth Data Impact Structured PB shipped 1TB/4D image Unstructured
More informationConsumerization of. Trusted Computing
Consumerization of PRESENTATION TITLE GOES HERE Trusted Computing Dr. Michael Willett Samsung SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted.
More informationStorage Security Best Practices Martin Borrett, Lead Security Architect NE Europe, WW Tivoli Tiger Team IBM Corporation
Storage Security Best Practices Martin Borrett, Lead Security Architect NE Europe, WW Tivoli Tiger Team 2009 IBM Corporation Agenda What are the threats to your information and business? What are the best
More informationHDD Based Full Disc Encryption
HDD Based Full Disc Encryption Dave Anderson Seagate Technology, M/S SHK233, 1280 Disc Drive Shakopee MN 55379-1863, Ph: +1-952-402-2991 e-mail: david.b.anderson@seagate.com Presented at the THIC Meeting
More informationTrusted Computing Today: Benefits and Solutions
Trusted Computing Today: Benefits and Solutions Brian D. Berger EVP Marketing & Sales Wave Systems Corp. bberger@wavesys.com Copyright 2009 Trusted Computing Group Agenda TCG Vision TCG Benefits Solution
More informationImplementing Stored-Data Encryption (with a bias for self-encrypting drives) Michael Willett SAMSUNG
(with a bias for self-encrypting drives) Michael Willett SAMSUNG SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual
More informationTrusted Computing & Trusted Computing Group. January Claire Vishik, Intel
Trusted Computing & Trusted Computing Group January 15 2008 Claire Vishik, Intel 1 Agenda Technology Introduction Premises for Trusted Computing TCG and Trusted Computing Technology Trusted Computing Group
More informationTrusted Computing As a Solution!
Trusted Computing As a Solution! Brian Berger EVP Marketing & Sales & TCG Director Wave Systems Corp. www.wave.com Trusted Computing Group www.trustedcomputinggroup.org Agenda State of Hardware Security
More informationSEAhawk and Self Encrypting Drives (SED) Whitepaper
Suite 301, 100 Front Street East, Toronto, Ontario, M5A 1E1 SEAhawk and Self Encrypting Drives (SED) Whitepaper This paper discusses the technology behind Self-Encrypting Drives (SEDs) and how Cryptomill
More informationStorage as an IoT Device Roundtable Walt Hubis, CISSP Tom Coughlin
Storage as an IoT Device Roundtable Walt Hubis, CISSP Tom Coughlin Participants Monty A. Forehand Product Security Officer and Technologist Seagate Technology Robert Thibadeau Chairman and CEO Drive Trust
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationChoosing the level that works for you!
The Encryption Pyramid: Choosing the level that works for you! Eysha S. Powers eysha@us.ibm.com IBM, Enterprise Cryptography Extensive use of encryption is one of the most impactful ways to help reduce
More informationWHITEPAPER E-SERIES ENCRYPTION
WHITEPAPER E-SERIES ENCRYPTION INTRODUCTION This paper describes the use-cases and implementation of self-encrypting drive (SED) support in the E-Series V software, implemented in version R011.1204 and
More informationTrusted Optical Disc March 2008
Trusted Optical Disc March 2008 1 Agenda TCG - Trusted Optical Disc mission Overview - 2 minute drill Target Features/Platforms/Markets Optical SSC Details 2 Trusted Optical Disc Mission Encrypt data on
More informationVirtual Machine Encryption Security & Compliance in the Cloud
Virtual Machine Encryption Security & Compliance in the Cloud Pius Graf Director Sales Switzerland 27.September 2017 Agenda Control Your Data In The Cloud Overview Virtual Machine Encryption Architecture
More informationChallenges Managing Self-Encrypting NAND Flash Devices
Challenges Managing Self-Encrypting NAND Flash Devices Sandler Rubin Senior Product Manager, Symantec Corp. Santa Clara, CA 1 Agenda 1 Business Case for Encryption 2 What s Wrong with Self-Encrypting Flash?
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individuals may
More informationTable of Contents. Table of Figures. 2 Wave Systems Corp. Client User Guide
2 Wave Systems Corp. Client User Guide Table of Contents Overview... 3 What is the Trusted Drive Manager?... 3 Key Features of Trusted Drive Manager... 3 Getting Started... 4 Required Components... 4 Configure
More informationHP NonStop Volume Level Encryption with DataFort
HP NonStop Volume Level Encryption with DataFort Agenda About NetApp Storage Security Background Introduction to DataFort Focus on Key Management About NetApp Delivering Customer Success $3.0B $2.0B $1B
More informationProduct Brief. Circles of Trust.
Product Brief Circles of Trust www.cryptomill.com product overview Circles of Trust is an enterprise security software system that eliminates the risks associated with data breaches from a hacker attack
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! What s new from Microsoft?! Compliance, standards, and
More informationTrusted Computing Group
Trusted Computing Group Backgrounder May 2003 Copyright 2003 Trusted Computing Group (www.trustedcomputinggroup.org.) All Rights Reserved Trusted Computing Group Enabling the Industry to Make Computing
More informationImplementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide
Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide Securing sensitive client and company data is becoming an IT task of paramount importance. Often
More informationDeploying Simple Secure Storage Systems
Deploying Simple Secure Storage Systems Chris Allo System and Drive Security Lead Overview Why Key Management? Key Management Landscape Conventional Key Management Problems Facing Simple Data storage Primary
More informationEnova X-Wall MX Frequently Asked Questions FAQs Ver. 4
Enova X-Wall MX Frequently Asked Questions FAQs Ver. 4 Q: What is X-Wall MX? A: X-Wall MX is the seventh generation of the X-Wall real-time full disk encryption technology. X- Wall MX equips with both
More informationExpert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.
Expert Reference Series of White Papers BitLocker: Is It Really Secure? 1-800-COURSES www.globalknowledge.com BitLocker: Is It Really Secure? Mark Mizrahi, Global Knowledge Instructor, MCSE, MCT, CEH Introduction:
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationDELL EMC DATA DOMAIN ENCRYPTION
WHITEPAPER DELL EMC DATA DOMAIN ENCRYPTION A Detailed Review ABSTRACT The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers
More informationWHITE PAPER. Data Erasure for Enterprise SSD: Believe It and Achieve It
WHITE PAPER Data Erasure for Enterprise SSD: Believe It and Achieve It Solid state drives possess traits that make end of life data erasure absolutely necessary. But SSD data erasure also presents unique
More informationATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V
ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V WHITE PAPER 4 Ways to Weave Security and Storage Into 1
More informationGoogle Cloud Whitepaper September Data deletion on Google Cloud Platform
Google Cloud Whitepaper September 2018 Data deletion on Google Cloud Platform Table of contents Overview 3 CIO-level summary 3 Introduction 4 Data storage and replication 5 Secure and effective data deletion
More informationSecure Government Computing Initiatives & SecureZIP
Secure Government Computing Initiatives & SecureZIP T E C H N I C A L W H I T E P A P E R WP 700.xxxx Table of Contents Introduction FIPS 140 and SecureZIP Ensuring Software is FIPS 140 Compliant FIPS
More informationForensics Challenges. Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation
Forensics Challenges Windows Encrypted Content John Howie CISA CISM CISSP Director, Security Community, Microsoft Corporation Introduction Encrypted content is a challenge for investigators Makes it difficult
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationDisk Encryption Buyers Guide
Briefing Paper Disk Encryption Buyers Guide Why not all solutions are the same and how to choose the one that s right for you.com CommercialSector Introduction We have written this guide to help you understand
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationWhy Implement Endpoint Encryption?
Why Implement Endpoint Encryption? James Christiansen October 21,2013 Table of Contents Part I Why Implement Endpoint Encryption?... 2 Introduction... 2 Series Key Points... 2 Why Implement Endpoint Encryption?...
More informationAccelerate with ATS Encrypting Data at Rest with the DS8000
Accelerate with ATS Encrypting ata at Rest with the S8000 Hank Sautter sautter@us.ibm.com Paul Spagnolo pgspagn@us.ibm.com Agenda Advanced Technical Skills (ATS) North America Why encryption Encryption
More informationWhat Storage Security Will Users Tolerate and What do they Need?
What Storage Security Will Users Tolerate and What do they Need? Tom Coughlin Coughlin Associates www.tomcoughlin.com 2006 Coughlin Associates 1 Outline Security definition Data security trends and customer
More informationCisco Storage Media Encryption for Tape
Data Sheet Cisco Storage Media Encryption for Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives and virtual tape libraries (VTLs) in a SAN environment
More informationA QUICK PRIMER ON PCI DSS VERSION 3.0
1 A QUICK PRIMER ON PCI DSS VERSION 3.0 This white paper shows you how to use the PCI 3 compliance process to help avoid costly data security breaches, using various service provider tools or on your own.
More informationGoogle Cloud Platform: Customer Responsibility Matrix. December 2018
Google Cloud Platform: Customer Responsibility Matrix December 2018 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationA NEW MODEL FOR AUTHENTICATION
All Rights Reserved. FIDO Alliance. Copyright 2016. A NEW MODEL FOR AUTHENTICATION ENABLING MORE EFFICIENT DIGITAL SERVICE DELIVERY Jeremy Grant jeremy.grant@chertoffgroup.com Confidential 5 The world
More informationGoogle Cloud Platform: Customer Responsibility Matrix. April 2017
Google Cloud Platform: Customer Responsibility Matrix April 2017 Introduction 3 Definitions 4 PCI DSS Responsibility Matrix 5 Requirement 1 : Install and Maintain a Firewall Configuration to Protect Cardholder
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationFDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements
FDEiTC-EE-English-00 v0. 0-0- 0 0 FDE itc: Encryption Engine (EE) cpp Functional and Assurance Requirements BEV (Border Encryption Value) - the key(s) (or secret(s)) that is passed from the AA to the EE
More informationNo Country for Old Security Compliance in the Cloud. Joel Sloss, CDSA Board of Directors May 2017
No Country for Old Security Compliance in the Cloud Joel Sloss, CDSA Board of Directors May 2017 Emerging Threats Specific/sequential targeting Effective reconnaissance Practiced tool usage Sophisticated
More informationTrusted Computing Group
Trusted Computing Group Making Computing Safer and More Secure Through Industry Standards Copyright 2005 Trusted Computing Group - Other names and brands are properties of their respective owners. Slide
More informationSeagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy
Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy Security Level 2 Rev. 0.9 November 12, 2012 Seagate Technology, LLC Page 1 Table of Contents 1 Introduction...
More informationDocument No.: VCSATSP Restricted Data Protection Policy Revision: 4.0. VCSATS Policy Number: VCSATSP Restricted Data Protection Policy
DOCUMENT INFORMATION VCSATS Policy Number: VCSATSP 100-070 Title: Restricted Data Protection Policy Policy Owner: Infrastructure Manager Effective Date: 5/1/2013 Revision: 4.0 TABLE OF CONTENTS DOCUMENT
More informationAN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP
AN IPSWITCH WHITEPAPER The Definitive Guide to Secure FTP The Importance of File Transfer Are you concerned with the security of file transfer processes in your company? According to a survey of IT pros
More informationTokenisation: Reducing Data Security Risk
Tokenisation: Reducing Data Security Risk OWASP Meeting September 3, 2009 Agenda Business Drivers for Data Protection Approaches to Data Security Tokenisation to reduce audit scope and lower risk Examples
More informationData safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.
WHITE PAPER Data safety for digital business. One solution for hybrid, physical, and virtual environments. It s common knowledge that the cloud plays a critical role in helping organizations accomplish
More informationFirmware Updates for Internet of Things Devices
Firmware Updates for Internet of Things Devices Brendan Moran, Milosch Meriac, Hannes Tschofenig Drafts: draft-moran-suit-architecture draft-moran-suit-manifest 1 WHY DO WE CARE? 2 IoT needs a firmware
More informationThe Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation
The Intel SSD Pro 2500 Series Guide for Microsoft edrive* Activation Solutions Blueprint January 2015 Order Number: 330880-002US INFORMATION IN THIS DOCUMENT IS PROVIDED IN CONNECTION WITH INTEL PRODUCTS.
More informationSecuring Data-at-Rest
Securing Data-at-Rest Robert A. (Bob) Lockhart NeoScale Systems, Inc. 1655 McCarthy Blvd, Milpitas, CA 95035-7415 Phone:+1-408-473-1300 FAX: +1-408-473-1307 E-mail: rlockhart@neoscale.com Presented at
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationSensitive Data and Key Management for DBAs
Sensitive Data and Key Management for DBAs Encryption Key Management Simplified Jonathan Intner 13 December, 2011 NYOUG, New Yorker Hotel Agenda Introduction Audience Sensitive Data > What makes data sensitive?
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationTrusted Platform Module (TPM) Quick Reference Guide
Trusted Platform Module (TPM) Quick Reference Guide System builders/integrators should give this Guide to the system owners to assist them in enabling and activating the Trusted Platform Module. Warning
More informationPCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationQuickSpecs. Key Features and Benefits. HP C-Series MDS 9000 Storage Media Encryption (SME) Software. Overview. Retired
Overview MDS 9000 Storage Media Encryption (SME) secures data stored on tape drives and virtual tape libraries (VTLs) in a storage area network (SAN) environment using secure IEEE standard Advanced Encryption
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationIntel and Symantec: Improving performance, security, manageability and data protection
Intel and Symantec: Improving performance, security, manageability and data protection Terry Cutler Enterprise Solution Architect Omid Meshkin Strategic Business Development 1 Session Objectives By the
More informationFiXs - Federated and Secure Identity Management in Operation
FiXs - Federated and Secure Identity Management in Operation Implementing federated identity management and assurance in operational scenarios The Federation for Identity and Cross-Credentialing Systems
More informationAdvances in Storage Security Standards
Advances in Storage Security Standards Jason Cox Security Architect, Intel Corporation Co-Chair, TCG Storage WG Objectives Provide background on Trusted Computing Group (TCG) Storage Work Group Goals How
More informationNational Identity Exchange Federation. Trustmark Signing Certificate Policy. Version 1.0. Published October 3, 2014 Revised March 30, 2016
National Identity Exchange Federation Trustmark Signing Certificate Policy Version 1.0 Published October 3, 2014 Revised March 30, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents
More informationRecommendations for Implementing an Information Security Framework for Life Science Organizations
Recommendations for Implementing an Information Security Framework for Life Science Organizations Introduction Doug Shaw CISA, CRISC Director of CSV & IT Compliance Azzur Consulting Agenda Why is information
More informationData-at-Rest Encryption Addresses SAN Security Requirements
Data-at-Rest Encryption Addresses SAN QLogic 2500 Series Fibre Channel Adapters Meet Enterprise Security Needs QLogic Fibre Channel Adapters from Cavium provide a secure solution that works well with SEDs
More informationProtecting Your Data in the Cloud. Ulf Mattsson Chief Technology Officer ulf.mattsson [at] protegrity.com
Protecting Your Data in the Cloud Ulf Mattsson Chief Technology Officer ulf.mattsson [at] protegrity.com Ulf Mattsson 20 years with IBM Development & Global Services Inventor of 22 patents Encryption and
More informationIs your privacy secure? HIPAA Compliance Workshop September Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner
Is your privacy secure? HIPAA Compliance Workshop September 2008 Presented by: Andrés Castañeda, Senior Manager Steve Nouss, Partner Agenda Have you secured your key operational, competitive and financial
More informationSECURE CLOUD BACKUP AND RECOVERY
SECURE CLOUD BACKUP AND RECOVERY Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile data protection, and
More informationECA Trusted Agent Handbook
Revision 8.0 September 4, 2015 Introduction This Trusted Agent Handbook provides instructions for individuals authorized to perform personal presence identity verification of subscribers enrolling for
More informationUsing SimplySecure to Deploy, Enforce & Manage BitLocker
Whitepaper Using SimplySecure to Deploy, Enforce & Manage BitLocker Organizational management plus access control managed through the cloud Rob Weber February 2019 What is BitLocker? Microsoft s BitLocker
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2012 Roadmap: Trusted Computing Motivation Notion of trust
More informationTable of Contents. PCI Information Security Policy
PCI Information Security Policy Policy Number: ECOMM-P-002 Effective Date: December, 14, 2016 Version Number: 1.0 Date Last Reviewed: December, 14, 2016 Classification: Business, Finance, and Technology
More informationXerox Product Data Overwrite Security Whitepaper
Xerox Product Data Overwrite Security Whitepaper Month 00, 0000 June 29, 2017 2017 Xerox Corporation. All rights reserved. Xerox, Xerox and Design and FreeFlow are trademarks of Xerox Corporation
More informationPCI Compliance Whitepaper
PCI Compliance Whitepaper Publication date: July 27 th, 2009 Copyright 2007-2009, LINOMA SOFTWARE LINOMA SOFTWARE is a division of LINOMA GROUP, Inc. Table of Contents Introduction... 3 Crypto Complete
More informationEnabling compliance with the PCI Data Security Standards December 2007
December 2007 Employing IBM Database Encryption Expert to meet encryption and access control requirements for the Payment Card Industry Data Security Standards (PCI DSS) Page 2 Introduction In 2004, Visa
More informationInternet of Things Toolkit for Small and Medium Businesses
Your Guide #IoTatWork to IoT Security #IoTatWork Internet of Things Toolkit for Small and Medium Businesses Table of Contents Introduction 1 The Internet of Things (IoT) 2 Presence of IoT in Business Sectors
More informationCASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer
CASE STUDY - Preparing for a PCI-DSS Audit using Cryptosense Analyzer v1.0 December 2017 pci-dss@cryptosense.com 1 Contents 1. Introduction 3 2. Technical and Procedural Requirements 3 3. Requirements
More informationLecture Embedded System Security Introduction to Trusted Computing
1 Lecture Embedded System Security Prof. Dr.-Ing. Ahmad-Reza Sadeghi System Security Lab Technische Universität Darmstadt (CASED) Summer Term 2015 Roadmap: Trusted Computing Motivation Notion of trust
More information95% of business information is now digital. 80% of this critical data is stored on laptop or desktop computers, and is not properly backed up.
95% of business information is now digital. 80% of this critical data is stored on laptop or desktop computers, and is not properly backed up. New in Retrospect 8 Instant Scan technology cuts backup and
More informationPCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90
PCI PA-DSS Implementation Guide Onslip PAYAPP V2.1.x for Onslip S80, Onslip S90 Revision history Revision Date Author Comments 0.1 2013-10-04 Robert Hansson Created 1.0 2014-01-14 Robert Hansson Review
More informationTerra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)
Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006) Trusted Computing Hardware What can you do if you have
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationTrusted Platform Module explained
Bosch Security Systems Video Systems Trusted Platform Module explained What it is, what it does and what its benefits are 3 August 2016 2 Bosch Security Systems Video Systems Table of contents Table of
More informationEnterprise Cybersecurity Best Practices Part Number MAN Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More information