1 March 2011. 2 © SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios.

Slides:



Advertisements
Similar presentations
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Advertisements

THE BUSINESS NEED Create affordable alternative/ provide enterprise power/capability for any-sized company Reduce resource-draining burden of meeting.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
Dell Compellent and SafeNet KeySecure
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Security in the Cloud: Can You Trust What You Can’t Touch? Rob Johnson Security Architect, Cloud Engineering Unisys Corp.
Security Controls – What Works
Web Services, SOA and Security May 11, 2009 Michael Burnett.
Using Cryptographic ICs For Security and Product Management Misconceptions about security Network and system security Key Management The Business of Security.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Data Security & PCI-DSS Compliance in Cloud & Virtual Data Centers (vDCs) Data Security in a Cloudy World Sangeeta Anand General Manager & Corporate Vice.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.
© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.
Security Framework For Cloud Computing -Sharath Reddy Gajjala.
Effectively and Securely Using the Cloud Computing Paradigm.
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
Market Trends Enterprise Web Applications Cloud Computing SaaS Applications BYOD Data Compliance Regulations 30 Second Elevator Pitch Web browsers have.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2010 IBM Corporation Cloudy with a chance of security Information security in virtual environments Johan Celis Security Solutions Architect EMEA IBM.
Information Security Technological Security Implementation and Privacy Protection.
LEVERAGING UICC WITH OPEN MOBILE API FOR SECURE APPLICATIONS AND SERVICES Ran Zhou 1 9/3/2015.
SafeNet Protects Data at Rest
Dell Connected Security Solutions Simplify & unify.
Computer Science and Engineering 1 Cloud ComputingSecurity.
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
Private Cloud: Manage Data Center Services Business Priorities Presentation.
Copyright © 2015 Centrify Corporation. All Rights Reserved. 1 Secure & Unified Identity for End Users & Privileged Users.
Database Security and Data Protection Suseel Pachalla, CISSP.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.
Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Kia Manoochehri.  Background  Threat Classification ◦ Traditional Threats ◦ Availability of cloud services ◦ Third-Party Control  The “Notorious Nine”
David Wippich, CEO Ensim. What We’ll Talk About Today Crazy Market Dynamics Convergence of Convergence Unifying Unified Communications Benefits of Complexities.
Software Development Risk Assessment for Clouds National Technical University of Ukraine “Kiev Polytechnic Institute” Heat and energy design faculty Department.
Building a Fully Trusted Authentication Environment
Access resources in a federation partner organization.
2015 NetSymm Overview NETSYMM OVERVIEW December
© 2012 IBM Corporation IBM Security Systems 1 © 2012 IBM Corporation Cloud Security: Who do you trust? Martin Borrett Director of the IBM Institute for.
3/12/2013Computer Engg, IIT(BHU)1 CLOUD COMPUTING-1.
Information Security Framework Regulatory Compliance and Reporting Auditing and Validation Metrics Definition and Collection Reporting (management, regulatory,
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Elizabeth Muli Technical University of Kenya & James Kimutai Moi University 1.
IS3220 Information Technology Infrastructure Security
Security Systems | ST/SRM3-NA | 4/6/2016 © 2016 Robert Bosch LLC and affiliates. All rights reserved. 1 Ensure data security in a hyper-connected world.
KeepItSafe Solution Suite Securely control and manage all of your data backups with ease, from a single location. KeepItSafe Online Backup KeepItSafe.
Cloud Computing Security With More Than 50 Years Of Security And Enterprise Experience Cloud Raxak Automating Cloud Security. Cloud Raxak automates and.
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
The Fallacy Behind “There’s Nothing to Hide” Why End-to-End Encryption Is a Must in Today’s World.
Avenues International Inc.
Dell Compellent and SafeNet KeySecure
Data and Applications Security Developments and Directions
Virtualization & Security real solutions
Secure & Unified Identity
Company Overview & Strategy
Security for What Matters Most: Data & Identities
DATS International Portfolio.
Computer Science and Engineering
IT Management Services Infrastructure Services
Presentation transcript:

1 March 2011

2

© SafeNet Confidential and Proprietary Cloud Security Solutions March 2011 Customer Use Case Scenarios

4 © SafeNet Confidential and Proprietary Cloud Security Challenges  Fundamental Trust & Liability Issues Data exposure in multi-tenant environments Separation of duties from cloud provider insiders Transfer of liability by cloud providers to data owners  Fundamental New Cloud Risks New hypervisor technologies and architectures Redefine trust and attestation in cloud environments  Regulatory Uncertainty in the Cloud Regulations likely to require strong controls in the cloud User ID and Access : Secure Authentication, Authorization, Logging Data Co-Mingling : Multi-tenant data mixing, leakage, ownership Application Vulnerabilities : Exposed vulnerabilities and response Insecure Application APIs : Application injection and tampering Data Leakage : Isolating data Platform Vulnerabilities: Exposed vulnerabilities and response Insecure Platform APIs: Instance manipulation and tampering Data Location/ Residency: Geographic regulatory requirements Hypervisor Vulnerabilities: Virtualization vulnerabilities Data Retention: Secure deletion of data Application & Service Hijacking: Malicious application usage Privileged Users: Super-user abuse Service Outage: Availability Malicious Insider: Reconnaissance, manipulation, tampering Logging & Forensics: Incident response, liability limitation Perimeter/ Network Security: Secure isolation and access Physical Security: Direct tampering and theft

5 © SafeNet Confidential and Proprietary Emergence of Encryption as Unifying Cloud Security Control  Encryption is a fundamental technology for realizing cloud security Isolate data in multi-tenant environments Recognized universally by analysts and experts and underlying control for cloud data Sets a high-water mark for demonstrating regulatory compliance adherence for data  Moves from Data Center tactic to Cloud strategic solution Physical controls, underlying trust in processes, and isolation mitigated some use of encryption Mitigating trust factors that don’t exist in the cloud.

6 © SafeNet Confidential and Proprietary Controlling Access to SaaS and Cloud Applications Keeping data secure when you don’t own the system Enforcing Authentication Strategy in the Cloud Multi-Factor authentication required for any apps Cloud or Physical Likely even more critical for cloud-based applications Lower level of trust, invocation of additional regulatory requirements Authentication Sprawl Separate authentication systems for each cloud provider Operationally un-scalable Typical user password/authentication fatigue and weak passwords  Preserving Flexibility Likely to use multiple cloud providers simultaneously Desire rapid re-provisioning to try new services Preserve options in chaotic cloud market The cloud market will consolidate- not if, but when Single Sign On Access Federated Identities Seamless Integration Rapid Provisioning PROBLEM KEY POINTS

7 © SafeNet Confidential and Proprietary Secure Access to SaaS: SafeNet Multi-Factor Authentication Protect access to cloud-based applications via centrally managed authentication Security Features Single authentication solution for both on-premise and cloud based applications Federate identities between on-premise solution to cloud based solutions using SAML 2.0 protocol Solution is form-factor agnostic: support for HW OTP tokens, SW solutions and Out of Band Google Apps and salesForce.com are supported out-of-the-box SOLUTION SafeNet Authentication Manager (SAM) User authenticates using enterprise identity Federated SSO to the cloud Cloud Applications SaaS Apps Salesforce.com Goggle Apps

8 © SafeNet Confidential and Proprietary Securing Uncontrolled Virtual Instances Achieving compliant isolation and separation of duties in multi-tenant environments Unlimited Copying of Instances Instances could be copied without awareness No visibility to instance location, no audit trail Instances used by competitors and malicious users Enables unlimited brute force attacking Return to original copy for next iteration of password guessing  Unsecured Container of Confidential Data Identical to lost or stolen laptop, except the instance is often a server Virtual nature of makes the potential surface area much larger Not just a single entity lost, potentially unlimited number PROBLEM Data Isolation Separation of Duties Cloud Compliance Pre-Launch Authentication Multi-Tenant Protection KEY POINTS

9 © SafeNet Confidential and Proprietary Secure Virtual Machines: SafeNet ProtectV TM Instance Control virtual machines in the cloud with secure instance encryption and authentication SOLUTION Security Features FIPS level pre-launch instance encryption Secure login interface (HTTPS) Password, one time password, and certificate based authentication options Event logging and activation notification SafeNet DataSecure (Supplemental Security Option): Manages encrypted instances Lifecycle key management Security policy enforcement Access control On-premise Virtual Machines Hypervisor Virtual Server ProtectV TM Instance

10 © SafeNet Confidential and Proprietary Maintain Trust & Control in Virtual Storage Volumes Loss of ownership in a shared storage environments Issue of Data Leakage Requires trust in meta-tagging or data isolation strategy of cloud provider Risks from misconfiguration and cloud administrators Regulatory evidence of privacy and integrity controls  Trust and Control Issues If cloud provider offers encryption: Proper Key Handling NIST Lifecycle compliance Strength, uniqueness, rotation, etc. NIST approved algorithms  Administration trust Separation of Duties Data Isolation Cloud Compliance Multi-Tenant Protection PROBLEM KEY POINTS

11 © SafeNet Confidential and Proprietary Secure Virtual Storage: SafeNet ProtectV TM Volume Maintain data privacy in shared storage environments with encrypted data isolation SOLUTION Security Features Multiple cloud storage options: ProtectV TM Volume for storage servers NetApp storage support ProtectFile customer-based encryption FIPS Level 2 Security Certified Solution Centralized Policy and NIST Key Lifecycle Management SafeNet DataSecure (Supplemental Security Option): Manages encrypted instances Lifecycle key management Security policy enforcement Access control On-premise Data Virtual Server ProtectV TM Volume Storage

12 © SafeNet Confidential and Proprietary Secure Cloud Applications Without Impacting Performance Maintain Root of Trust in Multi-Tenant Cloud Applications A Matter of Trust Trust transferred to cloud provider Lack of transparency in cloud security SAS 70 not useful  Risk and Liability Cloud provider never accepts risk Written in customer agreements How do you assess risk? No established framework for assessing risk  Regulatory Uncertainty No regulation address cloud directly Auditors looking for demonstrable security controls, higher standard Maintain Ownership of Keys Virtually No Performance Degradation Achieves Cloud Efficiency Gains Centralized Control & Management Transparent Application Integration PROBLEM KEY POINTS

13 © SafeNet Confidential and Proprietary On-premise Secure Cloud Applications: SafeNet DataSecure and ProtectApp Volume Enforce data protection in multi-tenant cloud deployed applications SOLUTION Security Features Multiple Cloud Storage Options: ProtectApp for Cloud application level encryption ProtectDB for cloud database encryption Tokenization Manager for cloud data tokenization FIPS Level Security Certified Solution Secure Policy Enforcement and NIST Key Lifecycle Management Application ProtectApp Database ProtectDB DataSecure Local crypto and key caching Tokenization

14 © SafeNet Confidential and Proprietary Loss of Digital Ownership and Control Secure Digital Signing and PKI in the Cloud Proving you are you Where is root of trust in Digital Signing and PKI when it’s all virtual? The challenge of attesting to ownership in a virtual world Current focus of virtualization research  Maintaining Keys in clouds When your cloud provider handles keys Appropriate key material Proper lifecycle and policy handling Privileged user abuse  The Cryptography and Entropy Problem Difficult to get true randomness in highly replicated and automated cloud Flaws in cryptographic functions have huge consequences September 2010.NET encrypted cookie problem affects 25% of Internet servers. Broad cloud-based platform integration Application and data separation High performing virtual transactions PROBLEM KEY POINTS

15 © SafeNet Confidential and Proprietary Secure Cloud-Based Identities and Transactions: SafeNet Hardware Security Options Establish digital ownership and root of trust in virtual environments SOLUTION Security Features Anchored root of trust for digital identities and transactions FIPS Level 2 security Certified Solution Multi-host partitioning 20 – 100 per HSM Virtual platform support (Xen/Hyper-V/ESX-i) 3 rd party partner application support, and integration guides on virtual platforms Broad cloud-based platform integration Application and data separation High performing virtual transactions Private Public Hybrid On-premise Hardware Security Module

16 © SafeNet Confidential and Proprietary KEY POINTS Large Sensitive Data Transfers Sending sensitive data in cloud bursting and storage High Capacity, Highly Sensitive Data Transferring very sensitive data across trust boundaries Data Center to Private Cloud Entire servers and bulk storage May invoke encryption requirements (PCI)  Need for speed and efficiency Multi-Gigabit links Low latency requirements VMotion and similar technologies Streaming media and VoIP protocols Data redundancy Real time data transmission Continuous, encrypted data transmission PROBLEM

17 © SafeNet Confidential and Proprietary Secure Cloud-Based Communications: SafeNet High Speed Encryptors Transfer encrypted data communications at high-speed from enterprise to the cloud SOLUTION Security Features Multi-Gigabit L2 Low-Latency Encryption Best-in-class FIPS Level 3 Security Certified Central policy management and seamless integration Data redundancy Real time data transmission Continuous, Encrypted data transmission On-premise Private High Speed Encryption

18 © SafeNet Confidential and Proprietary SafeNet Trusted Cloud Fabric A practical blueprint for extending trust and control when moving users, data, systems, and applications to virtualized environments  Solution Areas 1.Strong Authentication for Cloud Services SafeNet Authentication Manger SafeNet Token, Software, and Mobile Authentication 2.Secure Virtual Machines SafeNet ProtectV Instance Add DataSecure for Lifecycle Key Management 3.Secure Virtual Storage SafeNet ProtectV Volume Add DataSecure for KM and ProtectFile for Unstructured Data Protection 4.Securing Cloud Application Data SafeNet DataSecure, ProtectApp and ProtectDB Add Tokenization Manager to Reduce Audit Scope 5.Trust Anchor for Cloud Identities and Transactions SafeNet Hardware Security Modules 6.Secure Cloud Communications SafeNet High Speed Encryptors On-premise Secure Access to SaaS Secure Virtual Machines Secure Virtual Storage Secure Cloud Applications Secure Cloud-Based Identities and Transactions Secure Cloud-Based Communications

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.