Enabling Encryption for Data at Rest

Slides:



Advertisements
Similar presentations
System Center 2012 R2 Overview
Advertisements

AGILE DATA ARCHITECTURE. Agile Data Architecture 2 Fit-for-purpose solution Enables self-service data management.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Bologna Aprile Atempo Product Suite Atempo Time Navigator™ Secure, highly scalable protection of heterogeneous data in complex, mission-critical.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
Digital Cities 2013 Survey. MAJOR PROJECTS Replaced UPS & PDU’s in City’s Primary Data Center SAN Selection and Replacement VMware 5.0 Up 1 Upgrade Improved.
Arcserve ® Backup Enterprise-class protection for small & mid-size+ businesses  File-based backup to disk, tape & cloud (Amazon, Azure, Cloudian, Eucalyptus,
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
© 2014 VMware Inc. All rights reserved. Cloud Archive for vCloud ® Air™ High-level Overview August, 2015 Date.
© 2012 IBM Corporation IBM Linear Tape File System (LTFS) Overview and Demo.
Red Hat Enterprise Linux Presenter name Title, Red Hat Date.
Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
1© Copyright 2016 EMC Corporation. All rights reserved.1 SCALEIO WITH CLOUDLINK.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.
PHD Virtual Technologies “Reader’s Choice” Preferred product.
Clouding with Microsoft Azure
Power Systems with POWER8 Technical Sales Skills V1
Prof. Jong-Moon Chung’s Lecture Notes at Yonsei University
SAS® Viya™ Overview ANDRĖ DE WAAL, GLOBAL ACADEMIC PROGRAM
VMware, SQL Server and Encrypting Private Data
Transparent Cloud Tiering
Dev and Test Solution reference architecture.
Unit 3 Virtualization.
Course: Cluster, grid and cloud computing systems Course author: Prof
Microsoft Azure Virtual Machines
Organizations Are Embracing New Opportunities
Dell Compellent and SafeNet KeySecure
System Center 2012 Configuration Manager
Secure Hyperconnectivity with TeamViewer and Windows technologies
Dev and Test Solution reference architecture.
Dev and Test Solution reference architecture.
Build a low-touch, highly scalable cloud with IBM SmartCloud Provisioning Academic Initiative © 2011 IBM Corporation.
Dev and Test Solution reference architecture.
Dev and Test Solution reference architecture.
Bare Metal Server Backup Solution
VMware és KVM környezetek változtatás nélkül a felhőben
Geographically distributed storage over multiple universities
Red Hat User Group June 2014 Marco Berube, Cloud Solutions Architect
CS691 M2009 Semester Project PHILIP HUYNH
RSA Key Manager Enterprise-wide Encryption Keys Management David Mateju RSA Sales Consultant
Real IBM C exam questions and answers
KMIP Key Management with Vormetric Data Security Manager
KMIP Key Management with Vormetric Data Security Manager
Enterprise Key Management with OASIS KMIP
Running on the Powerful Microsoft Azure Platform,
Data Protection Suite Family Overview
Introduction to z/OS Security Lesson 4: There’s more to it than RACF
Enabling Encryption for Data at Rest
CS691 M2009 Semester Project PHILIP HUYNH
20409A 7: Installing and Configuring System Center 2012 R2 Virtual Machine Manager Module 7 Installing and Configuring System Center 2012 R2 Virtual.
Organization for the Advancement of Structured Information Standards
Data Security for Microsoft Azure
Storage Trends: DoITT Enterprise Storage
Rajeev Bhardwaj Director, Product Management
Public Key Infrastructure from the Most Trusted Name in e-Security
RKL Remote key loading.
Dev and Test Solution reference architecture.
PRESENTER GUIDANCE: These charts provide data points on how IBM BaaS mid-market benefits a client with the ability to utilize a variety of backup software.
DATS International Portfolio.
Traditional Virtualized Infrastructure
Windows Server 2012 Cloud optimize your IT
Presenter name goes here Presenter title goes here
Introduction to Portal for ArcGIS
IBM Tivoli Storage Manager
How Dell, SAP and SUSE Deliver Value Quickly
OpenStack for the Enterprise
Presentation transcript:

Enabling Encryption for Data at Rest 11/11/2018 Enabling Encryption for Data at Rest IBM Security Key Lifecycle manager

11/11/2018 What does KMIP do? Key Material & Metadata Transport Security Applications or Appliances KMIP Key Management Server Create, Register, Locate and Retrieve Encryption Keys & Security Objects Supports Symmetric Keys, Asymmetric Keys, Certificates, etc. Much more than just add, modify & delete Many extended services: Encrypt, Decrypt, Signing, Split-Keys etc. Rich metadata for essential cryptographic management s

KMIP 2018 RSA Interop Demonstration 11/11/2018 KMIP 2018 RSA Interop Demonstration

KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations 11/11/2018 KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations 8 Client Implementations 9 Server Implementations Over 33,000 successful test runs 72 Test combinations 4 encodings

KMIP Deployed in Solutions 11/11/2018 KMIP Deployed in Solutions

KMIP Deployed by Organizations 11/11/2018 KMIP Deployed by Organizations

KMIP Specification Development 11/11/2018 KMIP Specification Development Enterprise Requirements Specification Development Product Deployment Specification Testing

Security Key Lifecycle Manager 11/11/2018 Security Key Lifecycle Manager IBM’s centralized key management solution for all encryption solutions SKLM Manage Encryption Keys Align with PCI & NIST Guidance Manage IBM and non-IBM products via KMIP Automatic Key Rotation Transparent Encryption and Key Management Storage Devices Non-Storage Tape: IBM LTO/ TSxxxx, TS77xx Virtualization Engine, Quantum, Spectra Logic IBM Disk: DS8xxx family, DS5xxx family Cloud Storage, Elastic Storage, Big Data, Data Warehouse (Spectrum family, Netezza) Network Storage (NetApp) Servers (Lenovo System x) Flash Storage 3rd Parties: EMC, Bloombase, Hitachi, Fujitsu Sensus Smart Meters Multi-Cloud Data Encryp- tion (MDE) VMware vSAN & VM DB2 Broadening Footprint

Self-Encrypting Devices IBM Security Key Lifecycle Manager (SKLM) Self-Encrypting Devices SKLM is a Key Distribution and Management software solution Uses standard protocols (i.e. KMIP: Key Management Interoperability Protocol) Provides centralized key mgmt for self-encrypting drives (tape, disk) Light-weight and highly-scalable SKLM helps customers keep data private, compliant, and encryption keys well-managed Expanding support for flash storage, cloud storage, network devices, etc. KMIP / IPP Disk Storage Arrays e.g. DS8000, DS5xxx, IBM Spectrum Accelerate (XIV), … SKLM Enterprise Tape Libraries e.g. TS11xx, TS2xxx, TS3xxx, Databases (e.g. DB2) Network storage servers (NetApp) SKLM Background Smart Meter Infrastructures Cloud file systems, Elastic Storage, Big Data / Data Warehouse (IBM Spectrum Scale Netezza, etc.) IBM Flash Storage Software: VMware vSphere Multi-Cloud Data Encryption

SKLM Multi-Master Deployment Architecture SKLM VMs Primary Data Center Apps and DBs Master Disk Storage Master Cloud Storage LAN/WAN Synchronized Servers Self-Encrypting Clients SKLM Encryption Key Management MDE KMIP/IPP SKLM VMs Elastic Storage Additional Data Centers Master Tape Libraries VMware vSAN & VM Encryption Master … …

Security Key Lifecycle Manager (SKLM) with HSM Integration Self-Encrypting Storage Self-Encrypting Storage SKLM without an external HSM SKLM external HSM SKLM SKLM KMIP / IPP KMIP / IPP HSM Wrapped Data Storage Keys Wrapped Data Storage Keys PKCS11 Master Key Obfuscated Master Key Unique Master Key per SKLM Master Key stored in SKLM Application Obfuscation hides Master Key All other keys encrypted (wrapped) under Master Key SKLM communicates with storage via KMIP or IPP Unique Master Key per SKLM Master Key stored in HSM All other keys encrypted (wrapped) under Master Key SKLM communicates with HSM via PKCS11 SKLM communicates with storage via KMIP or IPP

Support for new operating systems Operating System Name Windows 2012 Standard Edition x86-64 Windows 2012 R2 Standard Edition x86-64 Windows 2016 Server Edition x86-64 Red Hat Enterprise Linux (RHEL) Server 6 on x86-64 Red Hat Enterprise Linux (RHEL) Server 7 on x86-64 Red Hat Enterprise Linux (RHEL) Server 7 on z-systems Red Hat Enterprise Linux (RHEL) Server 7 on Power Little Endian SUSE Linux Enterprise Server (SLES) 12 on x86-64 SUSE Linux Enterprise Server (SLES) 12 on z-systems AIX 7.1 POWER System - Big Endian AIX 7.2 POWER System - Big Endian

11/11/2018 Mandatory closing slide with copyright and legal disclaimers.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.