Who s Protecting Your Keys? August 2018

Similar documents
Bringing Core-Level Data Protection Solutions to the Tactical Field. January 2018

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from Slide 7

An Enterprise Guide to Understanding Key Management

VMware, SQL Server and Encrypting Private Data Townsend Security

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Channel FAQ: Smartcrypt Appliances

Single Secure Credential to Access Facilities and IT Resources

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

Vaultive and SafeNet KeySecure KMIP Integration Guide v1.0. September 2016

Dyadic Security Enterprise Key Management

PKI Credentialing Handbook

Adding value to your MS customers

Encrypt Everything. How to unshare and secure your sensitive data wherever it resides SAFENET-INC.COM

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

HARDWARE SECURITY MODULES (HSMs)

VMware, SQL Server and Encrypting Private Data Townsend Security

Unstructured Data. Stored & Archived Data. Customers + Partners

Identity Management as a Service

HARDWARE SECURITY MODULES DEPLOYMENT STRATEGIES FOR ENTERPRISE SECURITY

THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION

EBOOK The General Data Protection Regulation. What is it? Why was it created? How can organisations prepare for it?

The Current State of Encryption and Key Management

Unbound and Oasis KMIP Interoperability

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Identity and Authentication PKI Portfolio

Getting to Grips with Public Key Infrastructure (PKI)

MobilePASS. Security Features SOFTWARE AUTHENTICATION SOLUTIONS. Contents

WHITE PAPER Complying with the Payment Card Industry Data Security Standard

SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION

Comprehensive Database Security

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Key Management in a System z Enterprise

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

Dissecting NIST Digital Identity Guidelines

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

U.S. E-Authentication Interoperability Lab Engineer

SHA-1 to SHA-2. Migration Guide

Virtual KeySecure for AWS

SafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer

Secure & Unified Identity

Security Solutions for Microsoft Applications

How Secured2 Uses Beyond Encryption Security to Protect Your Data

HOW SNOWFLAKE SETS THE STANDARD WHITEPAPER

Charting Your Path to Enterprise Key Management

nshield GENERAL PURPOSE HARDWARE SECURITY MODULES

Axway Validation Authority Suite

6 Vulnerabilities of the Retail Payment Ecosystem

SafeNet Authentication Client

Endpoint Protection with DigitalPersona Pro

Data Security Overview

Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos

Bull Trustway DataProtect. Securing your end to end infrastructure with unified encryption

IMPLEMENTING A SOLUTION FOR ASSURING KEYS AND CERTIFICATES

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

BUILDING SECURITY INTO YOUR DATA CENTER MODERNIZATION STRATEGY

LEARN HOW TO SECURE THE BREACH! SECURE THE BREACH: BREACH PREVENTION DOES NOT WORK A THREE-STEP APPROACH TO BOOST DATA PROTECTION

Planning for and Managing Devices in the Enterprise: Enterprise Mobility Suite (EMS) & On-Premises Tools

How do you decide what s best for you?

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Contents. Notices Terms and conditions for product documentation.. 43 Trademarks Index iii

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Watson Developer Cloud Security Overview

Digital signatures: How it s done in PDF

ProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Verizon Software Defined Perimeter (SDP).

Secure Lightweight Activation and Lifecycle Management

Intel and Symantec: Improving performance, security, manageability and data protection

Delivering Complex Enterprise Applications via Hybrid Clouds

Securing Your Cloud Introduction Presentation

Deliver Data Protection Services that Boost Revenues and Margins

THALES DATA THREAT REPORT

Introduction to Device Trust Architecture

The SafeNet Security System Version 3 Overview

The Road to a Secure, Compliant Cloud

White Paper. Deploying CKMS Within a Business

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Storage as an IoT Device Roundtable Walt Hubis, CISSP Tom Coughlin

IBM Tivoli Directory Server

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

GLOBAL ENCRYPTION TRENDS STUDY

Next Generation Authentication

Leveraging HSPD-12 to Meet E-authentication E

SecurityFirst DataKeep

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

2017 THALES DATA THREAT REPORT

Creating Trust in a Highly Mobile World

Google Identity Services for work

Multi-Vendor Key Management with KMIP

Building a More Secure Cloud Architecture

Keep your fingers off my keys today & tomorrow

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski

KeyOne. Certification Authority

Security in NVMe Enterprise SSDs

SMARTCRYPT CONTENTS POLICY MANAGEMENT DISCOVERY CLASSIFICATION DATA PROTECTION REPORTING COMPANIES USE SMARTCRYPT TO. Where does Smartcrypt Work?

Contents. Notices Terms and conditions for product documentation.. 45 Trademarks Index iii

Transcription:

Who s Protecting Your Keys? August 2018

Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and support exclusive, trusted data security solutions in the U.S. that easily integrate into an existing cyber security infrastructure. from the core to the cloud to the field Our solutions enable agencies to deploy a holistic data protection ecosystem where data and cryptographic keys are secured and managed, and access and distribution are controlled. addressing the most pressing use cases. Our solutions address many pressing use cases including PKI, digital signatures, TLS Private Key Protection, dataat-rest and in motion protection, information sharing and authentication. SafeNet AT 2

Trusted, U.S. Based Source for Cyber Security Solutions Support Trusted data security solutions in the U.S. that easily integrate into an existing cyber security infrastructure Develop Design core solutions for U.S. Federal agencies with code maintained and compiled by SafeNet AT Provide U.S. federal agencies with solutions that have a U.S. supply chain lifecycle Maintain required federal government approvals and certifications to develop, support and sell products to federal agencies Sell Manufacture SafeNet AT 3

Agenda Cyber Security Landscape Key Management Fundamentals Enterprise Key Management 4

Cyber Security Landscape SafeNet AT 5

Breachlevelindex.com SafeNet AT 6

SafeNet AT 7

Key Management Fundamentals 8

Importance of Cryptographic Keys Encryption process generates cryptographic keys used to lock and unlock data. If these keys are stolen or copied, they can be used to decrypt sensitive data. Cryptographic keys are the keys to the kingdom. The more you encrypt, the more encryption keys you have to store & manage. SafeNet AT 9

What is Cryptographic Key Management 10

Security & Deployment Effort Encryption Layers Application Database File Virtual Machines Storage/Disk There is not a best layer to do encryption Depends on the threat vector Complexity varies Often encrypt at multiple layers Principles of CSfC They ALL need key management! 11

Key Management Components Hardware Security Modules (HSM) Dedicated Crypto Module to secure crypto keys Usually FIPS 140-2 Level 2 or 3. Hardware Root of Trust Centralized Key Management System Usually services running on physical or virtual server Robust key lifecycle management Key Management Server Encryption Endpoints Location where key is used Uses key management protocols Common endpoints: Applications, Files, Disks, Storage 12

Important Standards NIST 800-57 SP 800-57 Recommendation for Key Management 3 Parts: General, Organization, Implementation NIST 800-152 OASIS KMIP SP 800-152 A Profile for US Federal Cryptographic Key Management Systems Requirements for design, implementation, management, etc. Key Management Interoperability Protocol (KMIP) Specification, Profiles, Usage Guides SP800-57 Key Lifecycle PKCS Public Key Cryptography Standards (PKCS) OASIS PKCS#11 Crypto Token Interface FIPS 140-2 Security Requirements for Cryptographic Modules Four Security Levels 13

Enterprise Key Management 14

Encryption in Today s Enterprise: The Current Situation MORE SENSITIVE DATA Produced, processed, stored, and shared in more places MORE DEPLOYMENTS On-premises and in the public cloud MORE THREATS Malicious internal or external threats and breaches MORE ISLANDS OF SECURITY Disparate, isolated encryption projects and approaches MORE OVERLAP Multiple encryption platforms deployed across the enterprise 15

The Result: Isolated Islands of Encryption Inhibited Data And Business Workflow Costly, Complex Administration Audit Challenges Inconsistent Security Policy Enforcement No Repeatable Process 16

Implementing an Effective Encryption Strategy Identify Sensitive Data Where it Resides Check data-at-rest in storage, file servers, applications, databases, removable media. Look both on-premises and in the cloud. Don t forget data-in-transit. Identify which users should have data access rights Protect Sensitive Data Encrypt data-at-rest - Apply granular encryption and role-based access control for data residing in databases, applications, files and storage both onpremises and in the cloud. Encrypt data-in-transit - Secure data as it travels across the network with high speed encryption. Control access to data Use strong authentication, especially for privileged users. Manage the Protection Cryptographic keys should be treated with the same level of care. For maximum security, dedicated hardware key management protects sensitive cryptographic keys from attack. Prepare for compliance audits by using centralized logging for data and key access.

Holistic Data Protection Architecture Encrypt Everything Manage the Keys Control User Access PROTECT & MANAGE CRYPTO KEYS Key Management Hardware Security Modules ENCRYPT DATA FIPS-Certified Hardware Root of Trust High Speed Encryption Data-at-Rest Web and Application Servers Databases Application Servers File Servers & Shares Disks Virtual Machines Apps GW Tape Disk KMIP TDE Data in Transit CONTROL ACCESS Authentication 18

Enterprise Key Management Advantages Crypto Management & Encryption Portfolio Consolidates and centrally manages cryptographic objects and policies from multiple, disparate encryption platforms. Scalability & High Availability Automatically synchronizes and replicates keys to ensure data availability eliminating key/data connectivity concerns. Centralized Audit and Reporting for Compliance Captures key lifecycle management activity to provide a single audit point for compliance validation 19

Thank You 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback