Security Architecture Models for the Cloud

Similar documents
Utimaco IS GmBH. Teo Poh Soon Director. CryptoServer Products Aachen, Germany June 2014 Page 1

Thales e-security. Security Solutions. PosAm, 06th of May 2015 Robert Rüttgen

Echidna Concepts Guide

Utimaco HSM Introduction JIPDEC Seminar June 2017

Channel FAQ: Smartcrypt Appliances

Document Sub Title. Yotpo. Technical Overview 07/18/ Yotpo

Utimaco Portfolio Overview Hardware Security Products and Services

Hybrid Data Security Overview

HARDWARE SECURITY MODULES (HSMs)

3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS)

Dyadic Security Enterprise Key Management

Deliver Data Protection Services that Boost Revenues and Margins

Hosted Secure Tokenization Module

Hosted Exchange 2013

Who s Protecting Your Keys? August 2018

Hosted Exchange 2013

There are also a range of security and redundancy systems designed to improve the speed, reliability, stability and security of the simpro Cloud.

A Guide to Architecting the Active/Active Data Center

White Paper. Deploying CKMS Within a Business

EBOOK. FROM DISASTER RECOVERY TO ACTIVE-ACTIVE: NuoDB AND MULTI-DATA CENTER DEPLOYMENTS

White Paper The simpro Cloud

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

WHITE PAPER. Header Title. Side Bar Copy. Header Title 5 Reasons to Consider Disaster Recovery as a Service for IBM i WHITEPAPER

A Ready Business rises above infrastructure limitations. Vodacom Power to you

Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof

5 OAuth Essentials for API Access Control

Entrust Technical Integration Guide for Entrust Security Manager 7.1 SP3 and SafeNet Luna CA4

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Google on BeyondCorp: Empowering employees with security for the cloud era

BlackPearl Customer Created Clients Using Free & Open Source Tools

PUT DATA PROTECTION WHERE YOU NEED IT

MANAGING THE COMPLEXITY.

Utimaco eidas Update. June Thorsten Groetker CTO. Utimaco HSM Business Unit Aachen, Germany 2017 Utimaco eidas Update, June 2017 Page 1

FIREFLY ARCHITECTURE: CO-BROWSING AT SCALE FOR THE ENTERPRISE

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Compliance and Security in a Cloud-First Era

Overview. CPS Architecture Overview. Operations, Administration and Management (OAM) CPS Architecture Overview, page 1 Geographic Redundancy, page 5

The Benefits of Wireless Infrastructure Management in the Cloud

IBM Tivoli Directory Server

2-4 April 2019 Taets Art and Event Park, Amsterdam CLICK TO KNOW MORE

Veeam Cloud Connect. Version 8.0. Administrator Guide

Developing Microsoft Azure Solutions (MS 20532)

One Platform Kit: The Power to Innovate

Requirements for Virtualization in Next-Generation Industrial Control Systems

2015 VORMETRIC INSIDER THREAT REPORT

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

EMBARKING ON A DIGITAL TRANSFORMATION JOURNEY

Network Configuration Example

Pro2SQL. OpenEdge Replication. for Data Reporting. for Disaster Recovery. March 2017 Greg White Sr. Progress Consultant Progress

Technical Brief Distributed Trusted Computing

Total Cost of Ownership: Database Software and Support

White Paper. How to select a cloud disaster recovery method that meets your requirements.

THE ZADARA CLOUD. An overview of the Zadara Storage Cloud and VPSA Storage Array technology WHITE PAPER

Effective: 12/31/17 Last Revised: 8/28/17. Responsible University Administrator: Vice Chancellor for Information Services & CIO

Designing Database Solutions for Microsoft SQL Server 2012

Feature Comparison Summary

Vaultive and SafeNet KeySecure KMIP Integration Guide v1.0. September 2016

HIPAA Compliance Checklist

HCI: Hyper-Converged Infrastructure

WHITEPAPER. Security overview. podio.com

Vorstellung von MFA CASb

White Paper How IP is impacting Physical Access Control

AppPulse Point of Presence (POP)

Oracle WebLogic Server 12c: Administration I

WLS Neue Optionen braucht das Land

THE PATH TO LOWEST TOTAL COST OF OWNERSHIP WITH INDUSTRIAL AUTOMATION OPERATIONAL SYSTEMS. Avoiding Downtime with a Positive ROI

Clearswift Hosting Options

McAfee Data Protection for Cloud 1.0.1

Developing Microsoft Azure Solutions: Course Agenda

eidas compliant Trust Services with Utimaco HSMs

Course Outline. Lesson 2, Azure Portals, describes the two current portals that are available for managing Azure subscriptions and services.

SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Course Outline. Developing Microsoft Azure Solutions Course 20532C: 4 days Instructor Led

McAfee Security Management Center

SCALEFAST COMMERCE CLOUD INFRASTRUCTURE

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

BT Assure Cloud Identity Annex to the General Service Schedule

5 OAuth EssEntiAls for APi AccEss control layer7.com

SD-WAN Solution How to Make the Best Choice for Your Business

Portfolio Overview for Payment & GP HSMs

Creating the Complete Trusted Computing Ecosystem:

PKI is Alive and Well: The Symantec Managed PKI Service

Solution Brief: Archiving with Harmonic Media Application Server and ProXplore

Cisco Storage Media Encryption for Tape

Documentation Accessibility. Access to Oracle Support

ZYNSTRA TECHNICAL BRIEFING NOTE

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

2014 Software Global Client Conference

THE THALES SECURITY WORLD ARCHITECTURE

System Analysis & design

High Availability for Enterprise Clouds: Oracle Solaris Cluster and OpenStack

Feature Comparison Summary

Installing Your Microsoft Access Database (Manual Installation Instructions)

Developing Microsoft Azure Solutions

Chapter 4. Fundamental Concepts and Models

FUJITSU Backup as a Service Rapid Recovery Appliance

What s in Installing and Configuring Windows Server 2012 (70-410):

IBM Z servers running Oracle Database 12c on Linux

Transcription:

White Paper Security Architecture Models for the Cloud Introduction While Hardware Security Module (HSM) customers traditionally have their own infrastructures and data centers and run HSMs on premises, new IT projects are being increasingly implemented in the cloud. This leads to an even higher awareness of data security risks since, in this scenario, the infrastructure runs in third party premises, but the responsibility for data protection remains with the project owner. Strong data protection is becoming ever more important. Cloud-based HSMs in colocation centers can be used for this. Hardware Security Modules (HSMs) are specialized computing devices that store encryption keys in protected memory. They are also high performance cryptographic engines that process data using these keys for high security applications. This paper explains why Utimaco HSMs are agnostic whether they are run in the cloud or on premises and how technically speaking service providers can use different Trust Zones to maximize the usage of the HSMs independent of the scalability needs of their customers. HSM deployment scenarios on premises Single vs. multiple devices If an HSM is deployed as a single device on a customer s premises holding vital keys that need to always be available, there are inevitable limitations: The HSM may experience a power or hardware failure. The demand for key operations may exceed that which a single HSM can deliver. 1

Network latency between the HSM and the applications using the keys may be variable or unacceptably high with no guaranteed quality of service. To overcome these potential limitations, an architecture is required that provides for scalability, but still preserves the security level of a single HSM. This is achieved by the deployment of multiple HSMs, which deliver: High availability active/active or active/standby Resilience against downtime by using clusters of HSMs in multiple data centers High-speed guaranteed network connectivity and resilient power supplies Secure physical protection in data centers with controlled access Increased performance with multiple HSMs sharing keys and working together in clusters Remote management, which negates the requirement to send staff to the data Center for administrative operations, such as backups The option to use an external keystore, where there is no limit on the capacity of the protected key database High availability Two different models An HSM cluster is a number of HSMs all working as one virtual HSM in an active/active manner, where the cryptographic load is balanced between all members of the cluster (hence the term load balancing ). Multiple operational units also provide greater cryptographic processing capacity than just a single unit. A failover configuration involves one active HSM, and standby or failover units that become operational should the active member become unavailable. With both models, the internal keystore can be replicated between the HSMs, or a shared external keystore can be used which of course needs no replication. Cryptographic control Trust Zones Cryptographic keys can be separated for management control and for cryptographic access by using the concept of Trust Zones. This controls access to specific keys for backup, and for the sharing of keys between cluster members. Control is restricted to those users who have access to the Master Backup Key (MBK), which controls the management of a single global keystore. Backup and Restore are important administrative functions that need to be performed whenever a new key is generated. The externally stored backup file is encrypted with the MBK which is held as shares on multiple smartcards. If the HSMs are operated in clusters, the same MBK is shared between the HSMs and the keystore securely replicated. The HSM can be remotely managed using powerful, but simple, utilities that enable standard administrative functions such as logging, upgrading firmware, backup, adding users, etc. 2

HSM deployment scenarios On premises vs. in the cloud Whilst some organizations have their own infrastructure, data centers and IT staff resources, many organizations find it difficult to provide all these facilities. These requirements therefore lead to the adoption of the cloud model of HSM deployment, where service providers host clusters of HSMs in multiple data centers. These are provided as a Service to cryptographic users/customers organizations that need HSMs to protect their keys. The data centers may be operated by the service provider or by another third party. The customer s application, whether deployed on their own premises or hosted by a cloud application service provider, will communicate with the HSM using an encrypted IP connection, with no changes needed to the application. It should be noted that the HSM operates technically in the same way whether it is owned by the cryptographic user or whether it is provided as a Service only the way in which it is managed is different. Clearly, using a service provider to hold and manage cryptographic keys in an HSM hosted by a third party involves a considerable degree of trust on the part of the customer. As a result, a clear separation of duties and responsibilities has to be agreed and documented between the service provider and the customer to ensure secure operation. The security provided by an HSM comes as much from the policies and procedures under which it is managed as from the HSM s hardware and software. Such policies include defining user roles for different kinds of functionalities. 3

Separation of duties should include multiple people authenticating to enable a particular role. This separation of duties is broken down into two main groups of users: HSM administrators Cryptographic key managers The separation of duties between the groups of HSM users/administrators and the cryptographic users/managers is enabled by the issuing of secure tokens to the people holding these respective roles. Different roles permit different functionalities to be performed. Multiple token holders may be required to grant permission for a role using the M of N authentication method. 4

HSM administration Service provider or customer in the lead However, cryptographic management of a key is determined by the key s Trust Zone it controls to where cryptographic keys can be backed up, or to where they can be shared for clustering. Control is managed by who holds the Trust Zone backup key. Therefore, an important decision has to be made by the customer as to whether they want the service provider to control the Trust Zone, or whether they want to retain this control for themselves. Cloud Exclusive Fully managed model If the customer has exclusive use of an HSM, they may want the service provider to be responsible for key management, in which case the service provider will manage the MBK to backup the HSM s global key database. The customer may, however, wish to perform their own backups, and they would then hold the MBK. In both cases, there will be one Trust Zone controlled by one MBK under the management of either the service provider or the customer. Cloud Shared Customer key management model To maximize the use of an HSM, the service provider may decide to offer it as a shared service by dividing the keystore into cryptographically separate slots or partitions that each operate like mini-hsms. In this case, backing up and sharing keys between cluster members is managed by the Tenant Backup Key (TBK) that controls the access to each slot. In this case, there will be multiple Trust Zones controlled by multiple TBKs that can either be under the management of the service provider or the customer. Utimaco HSMs in the Cloud The use of an HSM from Utimaco as a cloud service allows for all advantages provided by Utimaco, namely: The flexible management of user groups (roles) and the methods of authentication. The HSM s functionality being customizable using the Software Development Kit (SDK) to build firmware modules to provide specialized functions, such as non-standard algorithms. 5

About Utimaco Utimaco is a leading manufacturer of HSMs that provide the Root of Trust to all industries, from financial services and payment to the automotive industry, cloud services to the public sector. We keep cryptographic keys and digital identities safe to protect critical digital infrastructures and high value data assets. Our products enable innovations and support the creation of new business by helping to secure critical business data and transactions. Founded in 1983, Utimaco HSMs today are deployed across more than 80 countries in more than 1,000 installations. Utimaco employs a total of 200 people, with sales offices in Germany, the US, the UK and Singapore. For more information, visit https://hsm.utimaco.com Would you like to try out our HSM or implement new algorithms yourself? Download the Utimaco Software HSM Simulator to get started immediately learning about HSM devices. It is a FREE fully functioning Software version of the Hardware HSM. The download package includes documentation on our product. Register here for your download. The Simulator download includes tools for creating user accounts, sample code and libraries for PKCS#11 Microsoft CNG, Java JCE and the Utimaco CXI API to link and test your code. The Simulator will run on a Windows or Linux platform. This is your opportunity to try out the Utimaco HSM technology easily and without initial cost. Register for free: https://hsm.utimaco.com/downloads/utimaco-portal/hsm-simulator 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback