Upload
ctobuddycom
View
279
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Download the whitepaper from http://enterprise-encryption.vormetric.com/EMAILPTNRESGWhitepaper.html Understand the importance of a long term enterprise encryption and key management strategy over the short term fix of an ad hoc encryption to address any data security concerns. This presentation is based on the whitepaper - Enterprise Encryption from Vormetric and ESG. Register to download the whitepaper: http://enterprise-encryption.vormetric.com/EMAILPTNRESGWhitepaper.html . CISOs and their peers realize that ad hoc encryption is no longer adequate: It leads to higher costs and increased risk. So, what's needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization.
Citation preview
www.Vormetric.com
Security Policy and Key Management
Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
Presentation Overview
Evolution of encryption
management systemsand integrated key
IT operations and
will then be examinedsupport challenges
Review of the future
compliance regulations industry initiatives and
Conclude with brief
Vormetric Key Management
introduction to
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2
Importance of Enterprise Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 3
Two Types of Key Management Systems
Third PartyIntegrated
“
iThe final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
IT Imperative: Secure Enterprise Data
Direct access to enterprise data has increased the risk of misuse.
Attacks on mission critical data are getting more sophisticated.
Security breach results in substantial loss of revenue and customer trust.
Compliance regulations (HIPAA, PCI DSS) mandates improved controls.
1 2
3 4
What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise.
“! A Data Breach Costs > $7.2M Per
Episode
i
2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4
Enterprise Key Management 8 Requirements
Enterprise KeyManagement
Generation
Storage
Backup
Key StateManagement
Security
Auditing
Authentication
Restoration
Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Interoperability Standards
PKCS#11 EKM OASIS KMIPPublic Key
Cryptographic Standard used by
Oracle Transparent Data Encryption (TDE)
Cryptographic APIs used
by Microsoft SQL server to provide
database encryption and secure key management
Single comprehensive protocol defined by
consumers of enterprise key
management systems
!Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6
Complex management: Managing a plethora of encryption keys in millions
Security Issues: Vulnerability of keys from outside hackers /malicious insiders
Data Availability: Ensuring data accessibility for authorized users
Scalability: Supporting multiple databases, applications and standards
Governance: Defining policy-driven, access, control and protection for data
Encryption Key Management Challenges
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7
Disparate Systems
Different Ways of Managing
Encryption Keys
Industry Regulatory Standards
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8
Gramm Leach Bliley Act
(GLBA)
U.S. Health I.T. for Economic
and Clinical Health (HITECH) Act
Payment Card Industry Data
Security Standard (PCI DSS)
Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions.
Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation.
Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.
Vormetric Key Management Benefits
Impro
ve O
per
ati
onal Effi
ciencyRe
duce
Key M
anagem
ent B
urd
enMinimize Solution Costs
Stores Keys Securely
Provides Audit and Reporting
Manages Heterogeneous Keys / FIPS 140-2 Compliant
iVKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure.
“
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9
Vormetric Key Management Capabilities
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10
Manage
Vormetric
Encryption
Agents
Manage 3rd Party Keys
Vault Other Keys
Create/Manage/Revoke keys of 3rd party encryption solutions
Provide Network HSM to encryption solutions via
PKCS#11 (Oracle 11gR2)
EKM (MSSQL 2008 R2)
Provide Secure storage of security material
Key Types:
Symmetric: AES, 3DES, ARIA
Asymmetric: RSA 1024, RSA
2048, RSA 4096
Other: Unvalidated security
materials (passwords, etc.).
Vormetric Key Management Components
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11
Data Security Manager (DSM)
Report on vaulted keys
Key Vault
Provides key management services for:
Oracle 11g R2 TDE
(Tablespace Encryption)
MSSQL 2008 R2
Enterprise TDE
(Tablespace Encryption)
Licensable Option on DSM
Web based or API level interface for import and export of keys
Same DSM as used with all VDS products
FIPS 140-2 Key Manager with Separation of Duties
Supports Symmetric, Asymmetric, and Other Key materials
Reporting on key types
TDE Key Architecture before Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12
Master Encryption keys are stored on the local system in a file with the data by default.
TDE MasterEncryption
KeyLocal
Wallet or Table
Oracle / Microsoft TDE!
TDE Key Architecture after Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13
TDE MasterEncryption
Key
Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE
Vormetric Key Agent is installed on the database server
SS
L C
on
necti
on
Key Agent
Oracle / Microsoft TDE
VKM Architecture-Key Vault
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 14
Symmetric
Asymmetric
Certificates
Web GUI
Command Line / API
Supported Key Types:
Security Policy and Key Management
Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today
A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.
Vormetric Key Management is the only solution today that can:
Minimize IT operational and support burdens for encryption key management,
Protect data without disrupting you business
Secure and control access to data across the enterprise and into the cloud, and
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 15
Vormetric Key Management is the only solution today that can:A centralized enterprise key management
solution is critical to ensuring all sensitive enterprise data is secure and available.
Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today
Security Policy and Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 16
“
iThe final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business
www.Vormetric.com
Security Policy and Key Management
Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
Download Whitepaper
Click - to - tweet