Download presentation
Presentation is loading. Please wait.
Published byAndra Hood Modified over 8 years ago
1
www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing
2
Presentation Overview Evolution of encryption management systems and integrated key IT operations and will then be examined support challenges Review of the future compliance regulations industry initiatives and Conclude with brief Vormetric Key Management introduction to Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2
3
Importance of Enterprise Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 3 Two Types of Key Management Systems Third PartyIntegrated “ i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012
4
IT Imperative: Secure Enterprise Data Direct access to enterprise data has increased the risk of misuse. Attacks on mission critical data are getting more sophisticated. Security breach results in substantial loss of revenue and customer trust. Compliance regulations (HIPAA, PCI DSS) mandates improved controls. 1 2 3 4 What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise. “ ! A Data Breach Costs > $7.2M Per Episode i 2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4
5
Enterprise Key Management 8 Requirements Enterprise Key Management Generation Storage Backup Key State Management Security Auditing Authentication Restoration Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
6
Interoperability Standards PKCS#11 EKM OASIS KMIP Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE) Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management Single comprehensive protocol defined by consumers of enterprise key management systems ! Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6
7
Complex management : Managing a plethora of encryption keys in millions Security Issues : Vulnerability of keys from outside hackers /malicious insiders Data Availability : Ensuring data accessibility for authorized users Scalability : Supporting multiple databases, applications and standards Governance: Defining policy-driven, access, control and protection for data Encryption Key Management Challenges Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7 Disparate Systems Different Ways of Managing Encryption Keys
8
Industry Regulatory Standards Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8 Gramm Leach Bliley Act (GLBA) U.S. Health I.T. for Economic and Clinical Health (HITECH) Act Payment Card Industry Data Security Standard (PCI DSS) Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions. Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation. Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.
9
Vormetric Key Management Benefits Improve Operational Efficiency Reduce Key Management Burden Minimize Solution Costs Stores Keys Securely Provides Audit and Reporting Manages Heterogeneous Keys / FIPS 140-2 Compliant i VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure. “ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9
10
Vormetric Key Management Capabilities Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10 Manage Vormetric Encryption Agents Manage 3rd Party Keys Vault Other Keys Create/Manage/Revoke keys of 3rd party encryption solutions Provide Network HSM to encryption solutions via PKCS#11 (Oracle 11gR2) EKM (MSSQL 2008 R2) Provide Secure storage of security material Key Types: Symmetric: AES, 3DES, ARIA Asymmetric: RSA 1024, RSA 2048, RSA 4096 Other: Unvalidated security materials (passwords, etc.).
11
Vormetric Key Management Components Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11 Data Security Manager (DSM) Report on vaulted keys Key Vault Provides key management services for: Oracle 11g R2 TDE (Tablespace Encryption) MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption) Licensable Option on DSM Web based or API level interface for import and export of keys Same DSM as used with all VDS products FIPS 140-2 Key Manager with Separation of Duties Supports Symmetric, Asymmetric, and Other Key materials Reporting on key types
12
TDE Key Architecture before Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12 Master Encryption keys are stored on the local system in a file with the data by default. TDE Master Encryption Key Local Wallet or Table Oracle / Microsoft TDE !
13
TDE Key Architecture after Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13 TDE Master Encryption Key Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database server SSL Connection Key Agent Oracle / Microsoft TDE
14
VKM Architecture-Key Vault Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 14 Symmetric Asymmetric Certificates Web GUI Command Line / API Supported Key Types:
15
Security Policy and Key Management Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Vormetric Key Management is the only solution today that can: Minimize IT operational and support burdens for encryption key management, Protect data without disrupting you business Secure and control access to data across the enterprise and into the cloud, and Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 15
16
Vormetric Key Management is the only solution today that can: A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today Security Policy and Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 16 “ i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012 Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business
17
www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing Download Whitepaper Click - to - tweet
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.