SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION Encrypt application data and keep it secure across its entire lifecycle no matter where it is transferred, backed up, or copied Rich application encryption and flexible key management interfaces Broad standard and interface support, including web services Easy deployment and management, including built-in key rotation and data re-keying Built-in health checking and multi-tier load balancing Secure authentication, granular authorization, and detailed logging and auditing Large and growing ecosystem Integrates with SafeNet KeySecure to provide: Centralized administration of application encryption policy and keys Ability to offload cryptographic processing to KeySecure for improved performance Deployment Options On-premises Cloud/Virtual SUPPORTED PLATFORMS Web Application Servers Apache Tomcat IBM WebSphere IBM AS/400 Jboss Microsoft IIS Oracle WebLogic SAP NetWeaver Sun ONE And more Cloud/Virtual Infrastructures All public cloud and virtual environments, including Amazon Web Services, Microsoft Azure, and VMware Development Libraries/APIs Java, C/C++,.NET XML open interface, KMIP standard Web services, including SOAP and REST Certificates X509, PKCS1, PKCS8, PKCS12 Export, Import, Monitor
Application Level Encryption Application Server Database Server SafeNet ProtectApp SafeNet KeySecure
SafeNet ProtectApp: Common Use Cases Protect personally identifiable information Protect data in the cloud Meet compliance and regulatory mandates Secure intellectual property Deploy a KMIP-enabled key management solution
SafeNet ProtectDB COLUMN-LEVEL DATABASE ENCRYPTION Deployment Options On-premises Cloud/Virtual Encrypt column-level data in databases transparently in multi-vendor database management systems Define granular access controls by role, user, time of day, and other variables Prevent database administrators (DBAs) from impersonating users with access to sensitive data Increase security of sensitive data with seamless, built-in key rotation and data re-keying Secure communication, logging, and auditing Multi-site support with built-in load balancer Integrates with SafeNet KeySecure to provide: Centralized key and policy management Segregation of data and keys Strong separation of duties Ability to meet compliance mandates SUPPORTED PLATFORMS Databases Oracle Microsoft SQL Server IBM DB2 Operating Systems Microsoft Windows Linux Solaris HP-UX AIX IBM i/os Cloud/Virtual Infrastructures All public cloud and virtual environments, including Amazon Web Services, Microsoft Azure, and VMware
Transparent Database Encryption Application Server Database Server SafeNet ProtectDB SafeNet KeySecure
SafeNet ProtectDB: Common Use Cases Secure financial data Meet compliance and regulatory mandates, specifically PCI DSS Protect data in the cloud Protect personally identifiable information
SafeNet ProtectFile FILE AND FOLDER ENCRYPTION Transparent, comprehensive encryption for file shares and network drives (DAS, NAS and SAN) Granular access controls to ensure only authorized users or processes can view protected data Prevent rogue administrators from impersonating users with access to sensitive data Easy and automated deployment in large environments Comprehensive logging and auditing capabilities Deep and shallow key rotation FIPS 140-2 strength AES algorithms Integrates with SafeNet KeySecure to provide: Centralized key and policy management Segregation of data and keys Strong separation of duties Ability to meet compliance mandates Deployment Options On-premises Cloud/Virtual SUPPORTED PLATFORMS Operating Systems Microsoft Windows Linux: Oracle, Red Hat Enterprise Linux, SUSE, Ubuntu, AIX, Centos Databases Oracle mongodb Cassandra IBM DB2 Microsoft: SQL Server, SharePoint MySQL PostgreSQL Cloud/Virtual Infrastructures All public cloud and virtual environments, including Amazon Web Services, Microsoft Azure, and VMware Big Data Apache Hadoop IBM InfoSphere BigInsights Other Cloud Management: Chef Containers: Docker
File System-level Encryption Applications File Server (On premises/virtual/cloud) SafeNet ProtectFile SafeNet KeySecure
ProtectFile Ecosystem Snippet DATABASE ENCRYPTION CLOUD ENCRYPTION BIG DATA ENCRYPTION Supports all public clouds CLOUD MANAGEMENT TOOLS DOCKER CONTAINERS CRYPTOGRAPHIC OPERATIONS Encryption Decryption Key Rotation ACCESS CONTROL No access Encrypt Decrypt Backup Restore Superuser impersonation
SafeNet ProtectFile: Common Use Cases Protect personally identifiable information Protect data in the cloud Enable separation of duties Segregate departmental data on servers Secure big data implementations Protection of data in SQL/NoSQL databases, mongodb, and Cassandra
SafeNet Tokenization APPLICATION-LEVEL TOKENIZATION Protect high value information by replacing it with a surrogate value, or token, that preserves the length and format of the data No changes necessary to applications, databases, or legacy systems Unlimited data type support Broad token format support, including regular expressions and customized formats Granular access controls ensure only authenticated users or systems can view protected tokens and data Integrates with SafeNet KeySecure to provide: Single, centralized interface for logging, auditing, and reporting access to protected data, keys, and tokens Token Vault Databases Microsoft SQL Server MySQL Oracle Cassandra Application Servers IBM SAP Bea Apache Sun Oracle Java JBoss And more Deployment Options On-premises Cloud/Virtual SUPPORTED PLATFORMS APIs Java.NET Web Services (SOAP, REST/JSON)
Token Handling Token generation: Plaintext (sensitive information) is sent by application with request for tokenization Token Managers Keyed hash is generated using hash key on KS If hash exists: Corresponding token is returned. If no hash exists: Token is generated Value is encrypted Token, cipher text, and hash are written to the token vault Token Vault Protected Zone KeySecure Lookup on hash is performed AES 256 Versioned key De-tokenization: Token is sent by application with request for plaintext value (Get Token) Token is looked up Corresponding ciphertext is decrypted and sent back to the application
SafeNet Tokenization: Common Use Cases Protect personally identifiable information Protect data in the cloud Meet compliance and regulatory mandates, specifically PCI DSS Secure financial data Secure big data implementations Prevent exposure of sensitive data in production databases to nonproduction environments (testing, development, staging, research, etc.)
SafeNet ProtectV ENCRYPTION OF ENTIRE VIRTUAL MACHINE Ensure secure virtualization and cloud migration by encrypting the entire virtual machine, including associated storage volumes (mapped drives), instances (snapshots and backups), and partitions (system/os, data) Deployment Options Cloud/Virtual SUPPORTED PLATFORMS Public/Private Cloud Amazon Web Services Microsoft Azure VMware IBM Softlayer Cloud Maintain ownership and control of data and encryption keys at all times Authorize virtual machine instance launches with ProtectV StartGuard Track and report on key access to all copies of your data Revoke key access in case of a breach Integrates with SafeNet KeySecure to provide: Single, centralized interface for logging, auditing, and reporting access to protected data and keys
SafeNet ProtectV Virtual Machine Encryption SafeNet KeySecure On-premises or Virtual SafeNet ProtectV Manager Virtual SafeNet ProtectV Client Virtual Protected Volumes TLS* TLS Secure Channel Protected Volumes Hypervisor Centralized key management Centralized discovery and management Crypto and pre-boot services *Transport Layer Security
ProtectV: Common Use Cases Enable secure cloud migration Meet compliance and regulatory mandates Enable separation of duties between cloud service provider, storage, security and other administrators Protect data against lawful seizure Support for hybrid cloud environments
Native Database TDE Transparent Database Encryption 04.01.2015
Oracle/SQL Server TDE Application Server Database Server TDE KeySecure Transparent Tablespace / column encryption SafeNet enhancements: Moves master keys into KeySecure, key migration, audit trail
Thank you! Insert Your Name Insert Your Title Insert Date