Channel FAQ: Smartcrypt Appliances

Similar documents
SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Who s Protecting Your Keys? August 2018

VMware, SQL Server and Encrypting Private Data Townsend Security

VMware, SQL Server and Encrypting Private Data Townsend Security

Evolved Backup and Recovery for the Enterprise

Intermedia s Private Cloud Exchange

THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION

Carbonite Availability. Technical overview

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

MaaS360 Secure Productivity Suite

Security Architecture Models for the Cloud

Active Directory Services with Windows Server

IBM Compose Managed Platform for Multiple Open Source Databases

Comprehensive Agentless Cloud Backup and Recovery for the Enterprise

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Virtual Machine Encryption Security & Compliance in the Cloud

Vaultive and SafeNet KeySecure KMIP Integration Guide v1.0. September 2016

Verizon Software Defined Perimeter (SDP).

Comprehensive Database Security

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Deliver Data Protection Services that Boost Revenues and Margins

Dyadic Security Enterprise Key Management

Government IT Modernization and the Adoption of Hybrid Cloud

Hybrid Cloud Data Protection & Storage

Supporting the Cloud Transformation of Agencies across the Public Sector

Hybrid Data Security Overview

Virtual KeySecure for AWS

Cloud Confidence: Simple Seamless Secure. Dell EMC Data Protection for VMware Cloud on AWS

Acronis Hybrid Cloud Architecture Unified Centralized Data Protection Web-based User Interface Deployed On-premises or in the Cloud.

Perfect Balance of Public and Private Cloud

Microsoft Active Directory Services with Windows Server

Inventory and Reporting Security Q&A

Data Protection Everywhere. For the modern data center

GLOBAL PKI TRENDS STUDY

Archiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention

Licensing & Pricing FAQ

the SWIFT Customer Security

Why is Office 365 the right choice?

Configuring Advanced Windows Server 2012 Services

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

How unified backup and cloud enable your digital transformation success

Go Cloud. VMware vcloud Datacenter Services by BIOS

Implementing Microsoft Azure Infrastructure Solutions (20533)

HPE Hyper Converged. Mohannad Daradkeh Data center and Hybrid Cloud Architect Hewlett-Packard Enterprise Saudi Arabia

Next-Generation HCI: Fine- Tuned for New Ways of Working

Countering ransomware with HPE data protection solutions

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

BUYER S GUIDE TO AWS AND AZURE RESERVED INSTANCES

IPMA State of Washington. Disaster Recovery in. State and Local. Governments

SHA-1 to SHA-2. Migration Guide

P a g e 1. Teknologisk Institut. Online kursus k SysAdmin & DevOps Collection

PCI DSS Compliance. White Paper Parallels Remote Application Server

Hybrid Cloud 1. ebookiness created by the HPE Europe Division of Ingram Micro

VMWARE VSAN LICENSING GUIDE - MARCH 2018 VMWARE VSAN 6.6. Licensing Guide

Veritas Backup Exec. Powerful, flexible and reliable data protection designed for cloud-ready organizations. Key Features and Benefits OVERVIEW

Getting Started with AWS Security

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

2017 THALES DATA THREAT REPORT

Active Directory Services with Windows Server

arcserve r16.5 Hybrid data protection

Virtustream Cloud and Managed Services Solutions for US State & Local Governments and Education

PUT DATA PROTECTION WHERE YOU NEED IT

WHITE PAPER SEPTEMBER VMWARE vsphere AND vsphere WITH OPERATIONS MANAGEMENT. Licensing, Pricing and Packaging

Microsoft Configuring Advanced Windows Server 2012 Services

Vembu Service Provider Program

Cloud Transformation: Data center usage models driving Cloud computing innovation. Jake Smith, Advanced Server Technologies Data Center Group Intel

Configuring Advanced Windows Server 2012 Services

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

hcloud Deployment Models

Gain Control Over Your Cloud Use with Cisco Cloud Consumption Professional Services

ENCRYPTION IN USE FACT AND FICTION. White Paper

Implementing Microsoft Azure Infrastructure Solutions

[MS20533]: Implementing Microsoft Azure Infrastructure Solutions

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

VMware vcloud Air Accelerator Service

MySQL Enterprise Security

The Nasuni Security Model

White Paper. Deploying CKMS Within a Business

Hosted Azure for your business. Build virtual servers, deploy with flexibility, and reduce your hardware costs with a managed cloud solution.

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Windows Server The operating system

Transform Availability

"Charting the Course... MOC B Active Directory Services with Windows Server Course Summary

DATACENTER AS A SERVICE. We unburden you at the level you desire

THE THALES SECURITY WORLD ARCHITECTURE

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Partner Center: Secure application model

The CISO s Guide to Deploying True Password-less Security. by Bojan Simic and Ed Amoroso

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

Windows Server : Configuring Advanced Windows Server 2012 Services R2. Upcoming Dates. Course Description.

Data Protection for Cisco HyperFlex with Veeam Availability Suite. Solution Overview Cisco Public

VMware Join the Virtual Revolution! Brian McNeil VMware National Partner Business Manager

This course prepares the student for Exam : Configuring Advanced Windows Server 2012 Services.

Transcription:

Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise Manager 200v: a virtual appliance for encryption and key management Smartcrypt Enterprise Manager 300h: a hardware appliance with a FIPS 140-2 Level 3 hardware security module (HSM) Smartcrypt Enterprise Manager 300r: a hardware appliance with a full-entropy quantum random number generator (RNG) Smartcrypt Enterprise Manager 350: a hardware appliance with both the HSM and RNG Q: What do the Smartcrypt appliances do? A: The Smartcrypt appliances allow security managers to define encryption policies and monitor encryption and decryption activity across the organization. Smartcrypt automates key management, eliminating the complexity of key generation, exchange, synchronization, and rotation. It also applies security policy, provisions encryption functionality for users, devices, and servers, and controls the data discovery features. Both Smartcrypt Enterprise Manager 200v and 300 series contain the Smartcrypt Enterprise Manager software with a built-in key store and a hardened operating system. They offer automatic failover, high availability, support for agents in multiple geographies, and multitenancy. The 300h adds a FIPS 140-2 Level 3 HSM, the 300r adds a full-entropy quantum RNG, and the 350 adds both the HSM and RNG. The 300 series also provide the ability to store, create, and manage third party keys that conform to the KMIP standard. These are plug-andplay offerings for companies who don t want to spend the time or effort to connect their key management software to their own app and database infrastructures. Q: What is the value proposition for an HSM? A: A Hardware Security Module (HSM) stores master keys for designated encryption keys that Smartcrypt uses for its encryption. Each HSM has multiple secure cryptoprocessor chips to prevent tampering, and the HSM will also delete the key upon detecting tampering. The HSM provides not assurance that keys will remain safe, but also is FIPS 140-2 Level 3 validated, which is required by many financial and government organizations to protect their data, and has the ability to store, create, and manage third party keys that conform to the KMIP standard.

Q: What is FIPS 140-2 Level 3? A: FIPS 140 is a standard published by NIST to apply requirements for cryptographic modules for use by the U.S. federal government. FIPS 140-2 Level 3 requires physical tamper resistance, authentication, and separation between the different interfaces in the cryptographic modules. Cryptographic modules must meet Level 3 requirements in order to be authorized for purchase by many government agencies (and other commercial organizations, especially in finance). Also, be aware that FIPS 140-2 Level 3 certifications are for the HSMs, not for the entire appliance. Q: Does virtual appliance have any FIPS rating? A: The virtual appliance has not yet been submitted for FIPS 140-2 Level 1 compliance. Please let your Channel Account Manager know if/when customers are asking for this. Q: Do the software clients (Smartcrypt Agent or clients) have any FIPS rating? A: Smartcrypt for Windows does have a FIPS mode option that when enabled will cause the agent to use FIPS certified algorithms and modules. Find more information on meeting FIPS 140-2 Requirements with Smartcrypt here: https://www.pkware.com/solutions/bymandate/fips-140-2-compliance Q: Are there any regulations for data protection that require FIPS that customers might not be aware of? A: Many government entities require encryption to be performed in accordance with FIPS. Many financial services institutions that take their queues from the US federal government have adopted the use of FIPS 140-2 as well. That said, PCI-DSS, HIPAA/HiTech, DFS-500, GDPR, etc. do not specifically mandate encryption be performed in accordance with FIPS. Q: Can a virtual and physical appliance work together? A: This configuration is not supported, although there are no known technical limitations. If you get requests for this, please reach out to your Channel Account Manager. Q: Can someone migrate from a hardware appliance to a virtual appliance in the future? A: This is supported and the process to migrate is as simple as adding additional nodes to the existing cluster and then promoting them to master while disconnecting the original (hardwarebased) nodes. Q: Is there any way to share keys between physical and virtual? E.g. if a customer wants a physical appliance on premise but wants a virtual appliance in the cloud or in a remote data center, is this possible? A: All keys are shared between all appliances in the same cluster, regardless of whether or not they are physical or virtual. For hybrid environments where customers wish to run an Appliance in a cloud like AWS or Azure, please consult with your Channel Account Manager before discussing.

Q: Should I lead with hardware? A: does not have a preference to lead with hardware. Provide customers with the hardware and virtual options first and then software as the last option. 1. Lead with hardware security mandates / actual value and perceived value by customer 2. Virtual appliance if hardware isn t required what type of VM environment is required? 3. Software version mention if customers have issue with 1 and 2 Q: What is the value proposition for an RNG? A: Almost all random number generators (RNGs) use algorithms to produce strings of data that appear to be random. However, all these strings of data can be determined from much shorter initial values, known as a seed. Therefore, if the seed is compromised, so too are all the random numbers. In contrast, Smartcrypt Enterprise Manager 300r and 350 appliances uses quantum measurements of an internal laser. The strings of data not appear to be random, but don t come from a seed that could be compromised. This is often called true RNG or full-entropy RNG. In practice, seed-based RNGs (often called pseudo-random RNGs ) are generally considered sufficient, even for high-security applications. However, some government and financial customers may desire the extra security of not having seeds. Q: If customers don t use an HSM or qrng, does that mean their virtual or software solution is less secure? A: If they don t have a hardware root of trust, or a full-entropy random number generator, it is decidedly less secure. Specifically, if the Smartcrypt Manager s master password is not stored in an HSM, it must be stored on the file system. While this can be encrypted on the file system with a key that the application server can access, this process can be reversed by an administrator with sufficient privileges. An HSM allows for separation of duties and adds an additional layer of security that must be compromised during an attack. Q: If hardware fails what is the RMA/Support process? A: DOA units will be immediately replaced from inventory. Post deployment failures will be handled by /Q-Labs support staff. All servers are on 24x7 w/ 4hr response time for parts replacement. To date, Q-Labs has not experienced a single HSM (Thales) failure or a qrng card failure. Q: Can a secure back-up be easily restored to new appliance? A: Smartcrypt Appliances have 1-click restore functionality for database/system backups that have been stored offline.

Q: What type of network ports and configurations have to be done with hardware? A: See Support Site: https://support.pkware.com/display/appl/smartcrypt+infrastructure+ports+and+protocols Q: Is it 2U or 1U power consumption, hardware specs A: Units are currently 2U. Next year s chassis will be 2U. Sizing guides for the 200v and Software Only manager can be found in the sizing guide: https://support.pkware.com/display/smar/sizing+guide Q: How do I sell the Smartcrypt appliances? A: Ask your Channel Account Manager for the current price list. On the price list, you ll see the following: Smartcrypt Enterprise Manager 200v virtual appliance Smartcrypt Enterprise Manager 300h appliance Smartcrypt Enterprise Manager 300r appliance Smartcrypt Enterprise Manager 350 appliance For customers who will be installing these in production environments, you must sell at least two of the same appliance (for automatic failover; we will not sell companies a single point of failure in their production environments). Usually a separate appliance will be needed for lab or disaster recovery (and installed in a different location). Therefore, we expect customers to need a minimum of three appliances to be ordered in most cases. Customers cannot cluster physical appliances with virtual appliances. Q: What are our channel discounts for hardware? A: The Smartcrypt Enterprise Manager 200v is software, so channel partners can get their existing software discounts on the 200v. Please contact your Channel Account Manager to get details of channel discounts on the Smartcrypt hardware appliances. Q: Are there volume discounts for multiple appliances? A: No, we will not publish volume discount pricing for these appliances. If you have an opportunity to sell more than 50 appliances to a single customer, contact your Channel Account Manager and we ll work on the pricing with you. Q: What kind of customers should we target? A: The Smartcrypt Enterprise Manager 200v is suited for any customer that wants to take advantage of a turnkey virtual appliance (saving time and effort on setup and deployment), and who don t need the rigor of an HSM or a true RNG. The Smartcrypt Enterprise Manager 300 series is suited for organizations that need or desire the higher rigor of an FIPS 140-2 Level 3-validated HSM or a true RNG. This includes many financial services organizations and most government agencies. The 300 series also

include the ability to store, create, and manage third party keys that conform to the KMIP standard. Of course, each customer is different and may have more or less stringent requirements. Q: Do I need to be certified to sell the Smartcrypt appliances? A: No. But you will need to have a services organization that can properly prepare the customer s infrastructure. We encourage channel partners to charge for assessments and setup where appropriate. Q: How should we help a customer choose between the Smartcrypt Enterprise Manager as a Software Application vs a Virtual Appliance vs a Hardware Appliance? A1: Use this flash card: SEM as Software Application vs Virtual Appliance Windows Software Version Preferred by customers that have significantly invested in their application and database infrastructure. They typically: Have dedicated resources for PKI, networking, app/database management and system recovery. Have standardized on application delivery via IIS and SQL Server Have existing solutions for high availability and load balancing Are using SQL clustering / Always on Technology (AOT) Are comfortable being responsible for service availability and recovery Need to manage 10K to 100K+ Agents that connect to centralized infrastructure Hardware/Virtual Appliance Preferred by customers that prefer to push availability and recovery closer to the vendor. They typically: Prefer to deploy solutions that are selfcontained and turnkey. Have overlapping resources for PKI, networking, app/database management and recovery. Have made a significant investment in vsphere or Hyper-V as part of their business application delivery strategy Prefer to use vendor provided high availability and failover Prefer to have vendor provided replication and backup Need to manage < 50K Agents or support Agents connected to highly decentralized locations (e.g. 7K users in Japan, 7K in UK, 7K in US, etc.) Need an HSM or TRNG

Q: How do Smartcrypt appliances compare to the competition in terms of features? A: /, and Thales/Vormetric, and Micro Focus/Voltage all have appliances. Their high-end hardware appliances all have FIPS 140-2 Level 3 HSMs. When used with Smartcrypt agents, the Smartcrypt Appliances are the key management appliances that: Support true persistent encryption: the protection stays with the data wherever it travels, not just when it resides on a particular drive or server Can manage endpoint (desktop, laptop, and mobile device) and email encryption Can manage both discovery of sensitive data and the remediation of it Of our biggest competitors, we also offer the appliance with a true, full-entropy quantum RNG /, Thales/Vormetric, and Micro Focus/Voltage don t offer this. Our reporting and policy management capabilities are also superior: much more can be controlled through the dashboard than our competitors (who often require CLI work for some basic functionality), and our dashboard is easier to use and more intuitive. Virtual Offerings Smartcrypt Enterprise Mgr 200v k150v k170v k450v Vormetric DSM Voltage SecureData virtual appliance Keys supported 1,000,000 25,000 25,000 1,000,000 10,000+ Not specified FIPS 140-2 support No Level 1 Level 3 (AWS) Level 3 (AWS) Level 1 Level 3 (HPE HSM) Cloud marketplaces AWS AWS AWS, Azure AWS AWS, Azure No KMIP support Coming soon Yes No Price Contact $12,500 Unknown $28,500 $25,000 Unknown

Hardware Offering Smartcrypt Ent Mgr 300h / 300r Smartcrypt Enterprise Mgr 350 k250 k460 Vormetric DSM 6000 Vormetric DSM 6100 Keys supported 1,000,000 1,000,000 25,000 1,000,000 10,000+ Not specified FIPS 140-2 support HSM/ QRNG? Level 3 / None HSM (300h) QRNG (300r) Level 3 Level 1 Level 3 Level 1 Level 3 Both None HSM None HSM KMIP support Yes Coming soon Yes Yes Price Contact $48,950 $25,000 $38,000 $35,000 $45,000 Q: How do our appliances compare to the competition in terms of price? A: requires the purchase of KMIP connectors in addition to the appliances, which can add tens of thousands in costs for the customer (and make price comparisons difficult). As you can see from the above table, we believe our prices are competitive with /, Thales/Vormetric, and Micro Focus/Voltage. Q: Do the appliances include any encryption agents for files, users, etc.? A: No. The appliances are just the brains of the operation very similar to and Vormetric offerings. Customers will still need to purchase and implement Smartcrypt user, desktop, mobile, TDE, server, SDK, or other agents. Q: Since the 300 series is hardware, what s the time needed for delivery? A: Please set the expectation with customers that six weeks will be required for delivery. Q: How do channel partners address customer support for the hardware appliances? A: If you get a call on support and it is related to the software (either the 200v or the Smartcrypt software on the hardware box), support is handled as you handle software support today. If the call is related to hardware or any non-smartcrypt software (for the HSM or the RNG, for example), contact and open a support ticket.

Q: How quickly can we replace a failed appliance? A: will deal with all replacements for failed appliances. We will expedite these processes when appropriate, so customers are offline as little as possible. (Customers should purchase multiple appliances and set up automatic failover and high availability to reduce the risk of downtime, even if one of their appliances fails.) Q: Can I mix and match virtual and physical appliances? A: In most scenarios, customers who order the 300 series usually have to prove compliance (with HSMs, it s often FIPS 140-2 Level 3 validation) throughout their environments. Therefore, companies who mix and-match will likely be unable to prove compliance, which undermines their purchase of the HSM (or qrng) in the first place. There are some edge-case scenarios, but generally speaking, mixing-and matching FIPS-certified and non-fips-certified appliances does not follow best practices, and we ll likely flag quotes that include both physical HSM and virtual or physical non-hsm appliances.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback