Presentation is loading. Please wait.

Presentation is loading. Please wait.

This is a sample Title Slide with Picture ideal for including a dark picture with a brief title and subtitle. A selection of pre-approved title slides.

Published bySolomon Cooper Modified over 7 years ago

Similar presentations

Presentation on theme: "This is a sample Title Slide with Picture ideal for including a dark picture with a brief title and subtitle. A selection of pre-approved title slides."— Presentation transcript:

1 This is a sample Title Slide with Picture ideal for including a dark picture with a brief title and subtitle. A selection of pre-approved title slides are available in the HPE Title Slide Library. The location of the library will be communicated later. To insert a slide with a different picture from the HPE Title Slide Library: Open the file HPE_16x9_Title_Slide_Library.pptx From the Slide thumbnails pane, select the slide with the picture you would like to use in your presentation and click Copy (Ctrl+C) Open a copy of the new HPE 16x9 template (Standard or Events) or your current presentation In the Slide thumbnails pane, click Paste (Ctrl+V) A Paste Options clipboard icon will appear. Click the icon and select Keep Source Formatting. (Ctrl+K) .

2 'data privacy by design and default'

3 Encryption and the GDPR

4 Traditional data security
Everything encrypted at the end point Our customers need to identify the threats, assess their capabilities, and build proactive defenses into user management, apps and data. The traditional approach to data security is to encrypt at the end point. While this approach may have been sufficient in the past, the hybrid nature of the digital enterprise requires a new approach. Financial institutions, merchants, health care providers, and service providers share common concerns when it comes to data protection and privacy. With data in constant mo­tion and with rising threats to sensitive data from both inside and outside the business, companies need to be able to protect data end-to-end, from the moment of capture across the information lifecycle through testing and production. What’s more, the costs of passing audit and maintaining compliance are becoming more unpredictable–with increasing regula­tions, outsourcing and adoption of big data and cloud computing. There is a strong need to reduce audit scope wherever possible to contain cost

5 Data Centric Security for end-to-end protection
Simplified Compliance More Secure Analytics Easier Move to the Cloud Safer Back-End Storage Data Centric security is a new approach to protect sensitive data end-to-end from the moment of capture, as it is processed, and stored across a variety of devices, operating systems, databases, and applications. This data-centric approach helps enterprises neutralize data breaches by rendering data valueless, de-identifying data through encryption, tokenization and data masking. This approach minimizes the need for constant decryption for sensitive data elements in the enterprise. It is always-on protection. There are 4 key use cases where Data Centric security plays a very large role: Compliance - We help reduce compliance complexity and simultaneously increase security because systems protected by our approach can be taken out of PCI scope up to 90% reduction, freeing up time and resources to do other things, like accelerating revenue generating projects. This at a time when compliance mandates are increasing. Analytics - Organizations everywhere want to harness the power of big data for competitive advantage and insights, and we allow them to do this securely on sensitive data while addressing issues like privacy concerns. Cloud - Hybrid date protection, because our solutions have such broad system coverage, as I mentioned everything from legacy apps in COBOL to Hadoop and AWS, we allow enterprises to accelerate their move to the cloud. Storage - Data-centric security isn’t complete if you don’t address fundamental issues like protecting your infrastructure. Don’t keep the business critical keys with the data. Don’t lock your car and put the keys on the roof. Our enterprise key management solutions interoperate with HP Servers and Storage and allow full separation of duties between admins and access to sensitive data.

6 Introducing: “Data-centric” security
Threats to Data Traditional IT infrastructure security Data Ecosystem Security Gaps Data and applications Credential Compromise Authentication Management Security gap Middleware Traffic Interceptors NG-IPS/NG-FWs/WAFs Security gap SQL injection, Malware Databases Database encryption Data security coverage Security gap Malware, Insiders SSL/TLS/firewalls File systems Security gap Malware, Insiders Disk encryption Storage

7 HPE Security – Data Security provides this protection
Threats to Data Traditional IT infrastructure security Data Ecosystem Security Gaps HPE Security data-centric security Data and applications Credential Compromise Authentication Management Security gap Middleware Traffic Interceptors NG-IPS/NG-FWs/WAFs Security gap SQL injection, Malware Databases Database encryption Data security coverage End-to-end Protection Security gap Malware, Insiders SSL/TLS/firewalls File systems Security gap Malware, Insiders Disk encryption Storage

8 HPE Format-Preserving Encryption (FPE)
First Name: Cezary Last Name: Prokop SSN: DOB: Tax ID First Name: Uywjlqac Last Name: Muwruwwb SSN: DOB: FPE AES Ija&3k24kQotugDF2390^32 0OWioNu2(*872weW 8juYE%Uks&dDFa2345^WFLERG Supports data of any format: name, address, dates, numbers, etc. Preserves referential integrity Only applications that need the original value need change Used for production protection and data masking

9 HPE Secure Stateless Tokenization (SST)
Credit Card Tax ID SST Partial SST Obvious SST AZ UYTZ 4321 AZS-UX-2356 Replaces token database with a smaller token mapping table Token values mapped using random numbers Lower costs No database hardware, software, replication problems, etc.

10 Field level, format-preserving, reversible data de-identification
Customizable to granular requirements addressed by encryption & tokenization SST FPE Credit card SSN/ID DOB Full Partial Obvious AZ UYTZ 4321 AZS-UD-2356

11 Mapping the Flow of Sensitive Data
Elen Smith Elen Smith Elen Smith Web Form Fraud Detection New Account Application Elen Smith Mainframe Database CC Processing Elen Smith Elen Smith Customer Service Application Hadoop Analytics

12 The Same Environment With HPE SecureData
Elen Smith Kelt Dqitp Kelt Dqitp Web Form with HPE PIE Elen Smith New Account Application Fraud Detection HP SecureData Kelt Dqitp Mainframe Database CC Processing Elen Smith Kelt Dqitp Customer Service Application Hadoop Analytics

13 HPE SecureData HPE SecureData Key Servers
HPE SecureData Management Console HPE Stateless Key Management No key database to store or manage High performance, unlimited scalability Both encryption and tokenization technologies Customize solution to meet exact requirements Broad platform support On-premises / Cloud / Big Data Structured / Unstructured Linux, Hadoop, Windows, AWS, IBM z/OS, HPE NonStop, Teradata, etc. Quick time-to-value Complete end-to-end protection within a common platform Format-preservation dramatically reduces implementation effort HPE SecureData Web Services API HPE SecureData Command Lines HPE SecureData Native APIs (C, Java, C#./NET) HPE SecureData File Processor

14 HPE SecureData concept: formats
HP FPE Partial HP FPE Stateless token HPE Security – Data Security WX4WDL 4321 eFPE BQDSJHKGZS Obviously protected XXXXXXXXXXXX 4321 Masked

15 Before: All applications and users have access to data
HR Application ETL Tool Mainframe App Malware Analysts Help Desk DBAs Malicious User

16 After: Data is protected at source from “Field Level”
HR Application ETL Tool Payments App Malware Analysts Help Desk DBAs Malicious User

17 Malicious users, malware and DBAs: only see protected data

18 Help desk and payments apps: operate on partially protected data

19 Authorized applications access real data
Name James Potter Ryan Johnson Carrie Young Brent Warner Anna Berman Authorized HR Application HPE SecureData Tools SS# Authorized Fraud Analysts HPE SecureData Tools

20 HPE Secur

21 HPE Identity-based Encryption (IBE): How it Works
Alice Sends to Bob HPE Secur Key Server Bob’s Private Key 1 3 Authenticate + key request 2

22 One Solution for Desktop, Web, and Mobile
Mail Archive HPE Secur Gateway HPE Secur Key Server Native Mobile Apps DLP / AV AS / MTA HPE Secur Encryption client Mail Server & Mobile Server HPE Secur Encryption client HPE Secur Applications (REST API) ZDM HPE Secur ZDM Client Native Mobile Apps HPE Secur Gateway Corporate Network DMZ Internet

23 Key management ESKM

24 HPE Enterprise Secure Key Manager
StoreOnce 3100, 3500, 5100 Unified key management for the enterprise OASIS KMIP Compliant Clients StoreFabric SAN Encryption Free Client SDK StoreEver ESL G3 MSL6480 MSL G3s ESKM 4.0 (Cluster) HPE Secure Encryption HPE ProLiant Servers NonStop Volume Level Encryption BackBox® Virtual Tape XP7 P PAR The green lines represent products based on ESKM’s legacy KMS interoperability protocol and SDK (integration toolkit). The orange line is through standards based interoperability (KMIP). HPE has the widest ecosystem when combining HPE and third-party products. Storage, server and cloud use cases are all addressed. More applications are relying upon embedded encryption and standards-based key management via KMIP. Nowadays, it’s easy to build encryption directly into products, such as self-encrypting drives (SEDs), into the disk or tape controllers, or into the hardware in other ways (LTO tape drives). Thus it’s easier to adopt when customers can simply “flip a switch” or change a configuration to enable security. But again, the challenge then is how do you manage keys, prove and enforce controls in place, and simplify audit procedures. HPE Helion OpenStack Barbican

25 Dziękuję Cezary Prokopowicz prokopow@hpe.com +48 602 328 620

26 Product mapping: solutions vs GDPR use cases (ESP)
Pain Points HPE Solutions Encryption & Pseudonymisation How can I grow my business while ensuring sensitive data is protected? How can I protect my brand and business reputation by neutralizing damaging data breaches? How do I manage the volumes of sensitive data-at-rest? ESKM (Enterprise) SecureData Secur Breach Response & Reporting How do I know if I have already been breached? How to quickly know that a breach has taken place and enable the security team to take steps to contain it, recover and find the root cause. ArcSight, UBA & DMA ESKM Breach Prevention & Neutralization How can I neutralize the impact of a data breach? How is it possible to protect my data and neutralize the impact of data breach, including the need for breach notification? ArcSight Fortify on Demand Fortify Application Defender (FoD)

27 Proposed GDPR Information Governance Platform
2/20/2018 Proposed GDPR Information Governance Platform Over-arching architecture for GDPR for long-term implementation IM Files Unstructured Classify Apply GDPR rules Compliance Legal / Audit SharePoint Manage in place Review Connector framework Unstructured Data “ControlPoint” Rules Application Repository “Content Manager” Dispose Applications Reporting of PII Structured Data “Structured Data Manager” Structured

Download ppt "This is a sample Title Slide with Picture ideal for including a dark picture with a brief title and subtitle. A selection of pre-approved title slides."

Similar presentations

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.

Don’t Let Anybody Slip into Your Network! Using the Login People Multi-Factor Authentication Server Means No Tokens, No OTP, No SMS, No Certificates MICROSOFT.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}

XYGATE Data Protection Optimizing HP Security Voltage Tokenization and Encryption for HP NonStop Environments {location/date/event}
Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.

Alert Logic Provides a Fully Managed Security and Compliance Solution Based in the Cloud, Powered by the Robust Microsoft Azure Platform MICROSOFT AZURE.
Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.

Bizfss File Sync and Sharing Solution, Built on Microsoft Azure, Allows Businesses to Sync, Share, Back Up Using Their Own Cloud Storage MICROSOFT AZURE.
TransArmorSM A Secure Transaction ManagementSM Solution

TransArmorSM A Secure Transaction ManagementSM Solution
XYGATE Data Protection

XYGATE Data Protection
XYGATE Data Protection

XYGATE Data Protection
Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
Protecting a Tsunami of Data in Hadoop

Protecting a Tsunami of Data in Hadoop
IoT Security Part 1, The Data

IoT Security Part 1, The Data
Robert Lejnert HPE Information Management & Governance, CEE.

Robert Lejnert HPE Information Management & Governance, CEE.
MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE

MICROSOFT AZURE ISV PROFILE: BMC SOFTWARE
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.

DocFusion 365 Intelligent Template Designer and Document Generation Engine on Azure Enables Your Team to Increase Productivity MICROSOFT AZURE APP BUILDER.
Axway MailGate Unifies “Safe-for-Work” Solutions to Keep Your Enterprise as Secure as Possible in the Azure Cloud and/or Any Hybrid Environment MICROSOFT.

Axway MailGate Unifies “Safe-for-Work” Solutions to Keep Your Enterprise as Secure as Possible in the Azure Cloud and/or Any Hybrid Environment MICROSOFT.
Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.

Barracuda Networks Creates Next-Generation Security Solutions That Enable Customers to Accelerate Their Adoption of Microsoft Azure MICROSOFT AZURE APP.
Hybrid Management and Security

Hybrid Management and Security

Similar presentations

Ads by Google