Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © SafeNet Confidential and Proprietary SafeNet KeySecure with Luna HSM Management.

Published byJonathan Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "1 © SafeNet Confidential and Proprietary SafeNet KeySecure with Luna HSM Management."— Presentation transcript:

1 1 © SafeNet Confidential and Proprietary SafeNet KeySecure with Luna HSM Management

2 2 Why Is Centralized Key Management Needed? The Unmanageable Cost of Diverse Encryption Systems Challenges:  Time: Managing diverse encryption systems manually, decreases operational effectiveness while increasing risks  Data Loss / Operational Disruptions: Up to 39 percent of organizations who have experienced key loss also lose data permanently or disrupt business operations.  Proof of Compliance: Demonstrate which appliances, devices, applications are using encryption keys and where they are geographically located  Maintenance Costs: Heterogeneous systems mean no economy of scale for maintenance costs. Each encryption system and key management solution could have 15-20% annual maintenance fees. * Source: trust catalyst, 2009 Encryption & Key Management Industry Benchmark Report According to Gartner: “by 2015, 30% of organizations under regulatory mandates will not have deployed some form of encryption to secure data assets, and 50% will suffer data loss and/or experience regulatory sanctions”. *

3 3 Pain Points of Decentralization  Limited Administrative Transparency Fragmented policy and fragmented key management Differing hardware, policies, devices in different business units within the enterprise No clear view of keys and key states on the HSM  Operational Inefficiencies Key management is an after-thought Manual audit reviews Require different administrative functions for key management – admin skill sets Multiple key vaults in multiple locations  Audit Deficiencies & Failures Irregular key rotation Compliance (NIST 800-57, PCI-DSS, etc.) “…organizations should exert significant pressure on cryptographic solution vendors to support the cryptographic keys in their systems being open to management by third-party OASIS-KMIP-compliant key managers. Without this, organizations will continue to have a siloed key management approach with each and every encryption deployment.”

4 4 Why Should Customers Choose SafeNet? SafeNet KeySecure manages a diverse range of cryptographic key types. KeySecure benefits from a clear vision leading to full support of KMIP which will enable management of a large number of encryption solutions and vendors. Only SafeNet KeySecue can provide OASIS KMIP integration with Luna SA/PCI and other KMIP based platforms. Our solution is application agnostic, meaning applications do not need to be tailored to work with KeySecure. In addition to HSM management, KeySecure features comprehensive coverage for storage and archive encryption. “To date, only one major cryptographic vendor that possesses its own key manager offering has suggested as part of a road map discussion that it would tentatively support a third-party OASIS KMIP-compliant key manager managing its cryptographic keys.”~ Eric Ouellet, Analyst, Gartner

5 5 Drivers for Our Success in the HSM Space Mitigate RISK with a defense in depth approach to hardware and system design COST Offer cost-effective hardware solutions that can secure keys for multiple concurrent applications on a single appliance USABILITY Provide distinct operational roles and remote management capabilities for maximum flexibility in a wide range of organizations Helping customers successfully achieve the correct balance of risk mitigation, cost effectiveness and usability

6 6 Mitigate RISK by empowering a centralized administrative team with tools that provide a real time view of the infrastructure and ensures consistent security policy enforcement COST Offer solutions that enable our customers to manage and monitor their existing HSM centrally, for reduced administrative costs USABILITY Provide a streamlined and intuitive user interface that facilitates HSM management, and simplifies the audit process Helping customers successfully achieve the correct balance of risk mitigation, cost effectiveness and usability KeySecure in HSM Environments KeySecure provides a centralized view of all the keys in an enterprise including the association between encryption keys and the applications using these keys as well as key metadata such as creation date of the key.

7 7 Mapping the Feature Set of KeySecure

8 8 HSM With Multiple Partitions Audit Log Key Secure Application + HSM with EKM Client Database + HSM with EKM Client Initialization Activation KeySecure Web Browser Centralized Administration of SafeNet HSMs with KeySecure KMIP KeySecure Centrally see all keys created and used by HSM Stores and manages key attributes Centralized audit for compliance

9 9 KeySecure 6.1 and HSM EKM Client Features Provides a real time view of key state, location, and type. Some attributes can be changed to facilitate greater organization or the consolidation of key management systems over time. Key Monitoring Enables customers to centrally initiate remote key creation, modification and deletion. Key foundry will allow organizations to assign oversight of HSMs and their respective keys to a few experienced, trusted, and centralized administrators. Remote Key Foundry Streamlines the client registration process Clients can be installed and configured over a period of time Most of the registration process is completed automatically Registration approval is performed asynchronously by the KeySecure administrator. This is to allow administrators to match the fingerprints of the certificates to enhance the security of the overall solution. Automated Client Registration Supported Key Types:

10 10 SafeNet Management Console Key Secure Unique IDAlgorithm Primary Key NameCreation Date Other Key NamesKey Format Owner UsernamePolicy Object TypeKey Size Meta-Data Fields Key Creation Key Deletion Key Modification Logged Events SignVerify CKA_EXTRACTABLE EncryptDecrypt CKA_NEVER_EXTRACTABLE Wrap KeyUnwrap Key CKA_ALWAYS_SENSITIVE* Derive KeyContent Commitment CKA_MODIFIABLE CKA_PRIVATECKA_SENSITIVE* Attribute Descriptions Key Monitoring Improved Insight and Security Through Monitoring of Key Attributes KeySecure logs events providing valuable information for an Enterprise to act upon Reports key creations/deletions by the application and sends key metadata information to KeySecure View key status on demand Monitor for: Key Creations Key Deletions Key Modifications KeySecure provides on demand and real-time monitoring HSM key activity throughout the enterprise, or one or more business units. KeySecure reports events, such as key creations, deletions, and modifications, enabling customers to detect unauthorized activity and manually take the steps necessary to mitigate any potential security threat.

11 11 Remote Key Foundry: Centrally Invoking Key Creation in SafeNet HSMs HSM with Multiple Partitions at Remote Office/Data Center Email Security PC Logon VPN Clients SSL Client Certificates Create Key Using Template 1 Create Key Using Template 2 Create Key Using Template 3 Create Key Using Template 4 Key Secure Central Management Location Trusted Security Expert(s) 1 Trusted Security Expert Uses KS management console to select appropriate key attributes/template and being invocation process. 2 HSM partition creates key and transmits key meta data back to KS 3 Key meta data can be viewed/managed through the KS management console Remote Key Foundry enables customers to centrally initiate remote key creation, modification and deletion, and will allow organizations to assign oversight of HSMs and their respective keys to a few experienced, trusted, and centralized administrators.

12 12 SSL Tunnel Automated HSM Registration Certificate Required Signed Cert (but not yet authorized) Install EKM Client Authorize Partition ID Installation software prompts installation technician for configuration information IP address of KS, HSM user PIN, policy settings Client automatically sets up the SSL tunnel Client automatically creates certificate in HSM, sends it to KeySecure, and sends cert request KeySecure sends a signed, but unauthorized cert to client Client sends the an authorization request to KeySecure along with a Partition ID for identification KS Admin verifies request with out of band information (including partition ID), and accepts registration Central Management KeySecure KeyArchive Backup / Archive Audit Log Policy alarms HSM KMIP Client 1 2 3 4 5 6 1 2 3 4 5 6 (In Future Releases) KeySecure centralizes and automates the client registration process. This ensures only authorized HSM clients are supported with KeySecure for greater security and administrative control.

13 13 KeySecure Enhances this Balance! LOWER TOTAL COST OF OWNERSHIP EASE OF USE RISK MITIGATION  Empower a Centralized Administrative Team  Ensure consistent security policy application across an enterprise  Centralized view of HSMs, keys and Key States  GUI Interface  Reduced Dependency on PED Devices  Reduced administrative costs  Streamlined HSM setup process  More efficient audit process Helping customers successfully achieve the correct balance of risk mitigation, cost effectiveness and usability

14 14 Thank You!

Download ppt "1 © SafeNet Confidential and Proprietary SafeNet KeySecure with Luna HSM Management."

Similar presentations

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Unified Communications Bill Palmer ADNET Technologies, Inc.

Unified Communications Bill Palmer ADNET Technologies, Inc.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
SafeNet Luna XML Hardware Security Module

SafeNet Luna XML Hardware Security Module
HP Quality Center Overview.

HP Quality Center Overview.
Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.

Validata Release Coordinator Accelerated application delivery through automated end-to-end release management.
11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.

11© 2011 Hitachi Data Systems. All rights reserved. HITACHI DATA DISCOVERY FOR MICROSOFT® SHAREPOINT ® SOLUTION SCALING YOUR SHAREPOINT ENVIRONMENT PRESENTER.
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Security Controls – What Works

Security Controls – What Works
Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.

Transform your desktop with virtualization. 22 Agenda Evolution of VDI VDI Solution VDI Use Cases Questions & Answers.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Copyright © 2007 Advantica Inc. (USA Only) and Advantica Ltd. (Outside USA). All rights reserved by the respective owner. Benefits of an Integrated Compliance.

Copyright © 2007 Advantica Inc. (USA Only) and Advantica Ltd. (Outside USA). All rights reserved by the respective owner. Benefits of an Integrated Compliance.
Defining Services for Your IT Service Catalog

Defining Services for Your IT Service Catalog
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Similar presentations

Ads by Google