On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor

Similar documents
SafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer

Who s Protecting Your Keys? August 2018

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Security Models for Cloud

Adding value to your MS customers

NetBackup as a Service

Managing Your Privileged Identities: The Choke Point of Advanced Attacks

Accelerate Your Enterprise Private Cloud Initiative

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Deliver Data Protection Services that Boost Revenues and Margins

Orchestrating the Cloud Infrastructure using Cisco Intelligent Automation for Cloud

The Road to a Secure, Compliant Cloud

SafeNet Securing Microsoft Solutions

Virtual Machine Encryption Security & Compliance in the Cloud

Strong Security Elements for IoT Manufacturing

Cisco Cloud Architecture with Microsoft Cloud Platform Peter Lackey Technical Solutions Architect PSOSPG-1002

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

The Device Has Left the Building

Mitigating Risks with Cloud Computing Dan Reis

GLOBAL PKI TRENDS STUDY

Securing the Cloud Today: How do we get there?

Why AWS CloudHSM Can Revolutionize AWS

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

PKI is Alive and Well: The Symantec Managed PKI Service

Identity and Authentication PKI Portfolio

Cloud Computing. An introduction using MS Office 365, Google, Amazon, & Dropbox.

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

Protecting Your Cloud

Cisco Solution for Private Cloud

Welcome to the SafeNet Day! Prague 1st of October Insert Your Name Insert Your Title Insert Date

Matrix IT work Copyright Do not remove source or Attribution from any graphic or portion of graphic

Cloud Services. Infrastructure-as-a-Service

Enhanced Privacy ID (EPID), 156

IBM Cloud for VMware Solutions

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cloud Technologies Public and Private Cloud Interconnection

hidglobal.com HID ActivOne USER FRIENDLY STRONG AUTHENTICATION

SoftLayer Security and Compliance:

BRINGING CLARITY TO THE CLOUD

Virtualize More While Improving Your Risk Posture: The 4 Must Haves of VirtualizaJon Security

white paper SMS Authentication: 10 Things to Know Before You Buy

TRANSFORMING TO IT-AS-A- SERVICE

GET CLOUD EMPOWERED. SEE HOW THE CLOUD CAN TRANSFORM YOUR BUSINESS.

7 Things ISVs Must Know About Virtualization

The Current State of Encryption and Key Management

THALES esecurity: SECURING YOUR DIGITAL TRANSFORMATION

Deploying the Cisco ASA 1000V

Cloud Builders. Billy Cox. Director Cloud Strategy Software and Services Group

Choosing the Right Cloud Computing Model for Data Center Management

Accelerate Your Cloud Journey

Cloud Customer Architecture for Securing Workloads on Cloud Services

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Achieving End-to-End Security in the Internet of Things (IoT)

CLOUD SECURITY CRASH COURSE

Data Center and Cloud Automation

Cloud Computing An IT Paradigm Changer

epldt Web Builder Security March 2017

VMware, SQL Server and Encrypting Private Data Townsend Security

Perfect Balance of Public and Private Cloud

Creating Trust in a Highly Mobile World

IBM Cloud IBM Cloud for VMware Solutions Zeb Ahmed Senior Offering Manager and BCDR Leader VMware on IBM Cloud VMworld 2017 Content: Not for publicati

Qualys Cloud Platform (VM, PC) v8.x Release Notes

Increasing Security and Compliance in the Cloud

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Channel FAQ: Smartcrypt Appliances

Cloud Computing the VMware Perspective. Bogomil Balkansky Product Marketing

BOMGAR.COM BOMGAR VS. WEBEX UPDATED: 2/28/2017

VMware on IBM Cloud:

Virtual KeySecure for AWS

IBM Bluemix compute capabilities IBM Corporation

Securing Containers Using a PNSC and a Cisco VSG

Securing Your Virtual World Harri Kaikkonen Channel Manager

Cloud Essentials for Architects using OpenStack

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

Cisco Powered Cloud Solutions. Vladimir Joshevski

Customer s journey into the private cloud with Cisco Enterprise Cloud Suite

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

GDPR How we can help. Solvit Networks CA. ALL RIGHTS RESERVED.

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

LEARN HOW TO SECURE THE BREACH! SECURE THE BREACH: BREACH PREVENTION DOES NOT WORK A THREE-STEP APPROACH TO BOOST DATA PROTECTION

Unstructured Data. Stored & Archived Data. Customers + Partners

Vblock Infrastructure Packages: Accelerating Deployment of the Private Cloud

Total Cost of Ownership Overview ADFS vs OneLogin WHITEPAPER

Transition Your Windows Server 2003 Infrastructure to a Modern Cisco and Microsoft Solution

Secure & Unified Identity

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

ProtectV StartGuard. FIPS Level 1 Non-Proprietary Security Policy

Cloud Infrastructure and Operations Chapter 2B/8 Page Main concept from which Cloud Computing developed

WHITE PAPER Complying with the Payment Card Industry Data Security Standard

Intermedia s Private Cloud Exchange

Developing, Deploying and Managing Applications on the Cloud

How does your organization manage Privileged Users?

Dissecting NIST Digital Identity Guidelines

Unified Computing System Launch. Welcome to Yas Island

Transform Your Business with Hybrid Cloud

Compliant. Secure. Dependable.

Securing Privileged Access and the SWIFT Customer Security Controls Framework (CSCF)

Transcription:

On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor Ugo Piazzalunga SafeNet Italy Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com

Agenda The state of data security Protecting Data With High Assurance Encryption Is Hardware-based Encryption the answer? What is needed? How do we get there? Introducing SafeNet s Crypto Hypervisor!

The state of data security As part of our Secure the Breach program, SafeNet surveyed 850 security professionals from 500+ organizations worldwide. 49% have no confidence at all the network security industry is able to detect and prevent breaches 59% said that if a network perimeter breach occurred, high value data would not be safe 66% believe they will suffer a breach within the next 3 years For more info download the secure the breach manifesto: http://www2.safenet-inc.com/securethebreach/downloads/secure_the_breach_manifesto.pdf 3

So what does all this mean? We need to accept that breaches WILL happen and once they do, the only protection is to secure the data itself The new perimeter is the data itself we must Secure the Breach 4

Cloud Adoption VS Security & Privacy More than 90% of [the business leaders] are worried about security, availability, and privacy of their data as it rests in the cloud 2009 Microsoft Survey 72% of IT professionals cite data protection security as a major obstacle to cloud deployment 2012 Cisco Global Cloud Networking Survey 5

Protecting Data With High Assurance Encryption 6

Is Hardware-based Encryption the Answer? The encryption solution stack Encryption Key management Key vault If attacker breaches the perimeter, they gain only encrypted data Dependent on the security of keys, certificates, and PKI Encryption Key management Trusted Key Vaults Managing and vaulting keys and certificates in hardware is a best practice 7

Crypto Hypervisor uses Hardware Security Modules as the hardware platform A Hardware Security Module is designed for Hardware protection of the crypto key lifecycle a dedicated Hardware crypto processor validated to be secure by third parties a Trust Anchor

But Hardware doesn t work in a Virtual World? Today s Hardware-based encryption solutions are designed for the physical world! Limits of encryption today: Inability to protect & control data centrally Can t take full benefits of cloud Islands of encryption Very slow to scale up and down DNSSEC SSL Database Email Code Sign Time-consuming crypto rollouts 9

What is needed? Encryption Infrastructure that follows the cloud model! Benefits: Reduce Costs (Reduce DC presence) Centralize Subject Matter Expert Crypto Group Unify Governance and Compliance Centralize services 10

How do we get there? Cloud requirements defined by NIST NIST 1 Cloud Definition of Essential Characteristics Today s Hardware encryption On-Demand Self-Service Rapid Elasticity Measured Service Broad Network Access Resource Pooling Multi-Tenancy 2 No No Some Yes Some Some 1. National Institute of Standards and Technology 2. Multi-Tenancy is an essential characteristic added by the Cloud Security Alliance 11

Introducing The Crypto Hypervisor 12

Where do we start?... With a hypervisor for encryption Introducing the SafeNet Crypto Hypervisor! VMware hypervisor c. 2001 O/S Partition O/S Isolation Dynamic resource allocation Crypto Hypervisor c. 2013 HSM Partition HSM Isolation Dynamic crypto allocation Application Operating System Hypervisor Hardware Platform asdasd48rh AsD546F4dfgf ddfgdfghjkd6g 54R Application Dynamic Crypto Resource Crypto Hypervisor Crypto Hardware Platform (HSM)

Crypto Hypervisor: Designed for operational cloud model 6 Apps can now migrate to cloud 1 On-demand crypto delivery 5 Part of New VM Rollout Process 4 Encryption now a cloud enabler 3 2 Self-service portal for users New crypto services spin up easily 14

Three things to know about Crypto Hypervisor Built for the cloud Shared resource pooling, rapid elasticity and multitenancy Can reduce capital costs up to 95% Lower TCO Take advantage of virtualization Deliver high-assurance cryptographic resources in a fraction of the time 5 minutes, not 5 hours Centralized control Strong auditing capabilities Compliance in the Cloud Ensure enterprise-wide consistency of crypto policy 15

Solution Highlights Host Trust Link (HTL) securely binds virtual applications to dynamic crypto resources Prevents Stolen VM from Accessing Critical Assets Crypto Command Center Simplifies HSM management, through Abstraction of HSM Hardware Publish Catalogs for on-demand service Separation of roles/responsibilities in multi-tenancies Built on proven platform Availability: Five 9 s uptime, robust high availability Validated Security: FIPS 140-2 Level 3 and CC EAL 4+ (in process) HW Trust: Keys remain in Hardware! Who/What/When Secure Auditing and Logging Configurable based on your Organizational needs Control: Unique Roles for Security in Multi-tenant Environments. System administrators: manages physical devices (appliances, expansion cards, etc.), and provision access to resource catalogues for users. Consumer/User: manage crypto applications that consume crypto services. Own their HSM resource when leased. 16

Cloud operational model: CHv meets all NIST cloud requirements NIST 1 Cloud Definition of Essential Characteristics Today s Hardware encryption On-Demand Self-Service Rapid Elasticity Measured Service Broad Network Access Resource Pooling Multi-Tenancy 2 Yes Yes Yes Yes Yes Yes 1. National Institute of Standards and Technology 2. Multi-Tenancy is an essential characteristic added by the Cloud Security Alliance 17

Want to Learn more about the World s first Crypto Hypervisor? Demo session! Download 3 Whitepapers from SafeNet: Crytpo Command Center and SFNT HSMs Available from SafeNet web site www.safenet-inc.com Host Trust Link Protection with SFNT HSMs Available from SafeNet web site www.safenet-inc.com Secure Audit Logging for Compliance with SFNT HSMs Available from SafeNet web site www.safenet-inc.com 18

Grazie! ugo.piazzalunga@safenet-inc.com

How does it work? 20

Crypto Hypervisor Enables Crypto as a Service either on Premise or in the Cloud! Consumer Crypto Admin Crypto Application + Luna Client SSH Crypto Command Center Luna SA Device Pool

I m Leo and I work in engineering for Fibo Financial. I have heard we know have a centralized security group

I m working on a new financial application, and know I need to sign all transactions securely But I am not a Security expert!?

Can anyone at Fibo Financial help me what do I need to get started?

Can anyone at Fibo Financial help me is there really a Fibo Financial team that manages this stuff?

Can anyone at Fibo Financial help me How do I do this securely in compliance with our corporate policies?

I contact the central security group and say I need to securely sign transaction for my new application! Can you help? No problem. We follow best practices to secure keys for transaction signing. I ll set you up in the crypto system.

The Crypto Admin creates a username, password for me Bob.Jameson.Password

and provides to me a URL for Crypto Command Center, username and password Bob.Jameson.Password.URL

as well as a cheat sheet explaining how to get started! How to Select a service from Crypto Command Center Download Luna Client Install Luna Client Configure an application to use Crypto Service

I can now begin the setup process. I start by using the Crypto Command Center Client GUI 1 2 3 4 Open the URL Log in with my credentials Pick the appropriate service from the catalog and deploy (signing) Initialize a service

next I configure my transaction signing application server to use my HSM. 1 2 3 Install Luna Client Configure service for use by transaction signing application I can securely sign my code!

Now I am up and running!

Want to Learn more about the World s first Crypto Hypervisor? Demo session! Download 3 Whitepapers from SafeNet: Crypto Command Center and SFNT HSMs Available from SafeNet web site www.safenet-inc.com Host Trust Link Protection with SFNT HSMs Available from SafeNet web site www.safenet-inc.com Secure Audit Logging for Compliance with SFNT HSMs Available from SafeNet web site www.safenet-inc.com 34

Grazie! ugo.piazzalunga@safenet-inc.com

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback