SlideShare a Scribd company logo

Secure Storage Encryption Implications_Fornetix

B
Bob Guimarin

The document discusses the need for encryption of stored data due to increasing security threats and data breaches. It notes that attackers are targeting all types of stored data across all storage locations. The document proposes that encryption is needed everywhere to protect data, but that current encryption key management is done manually and is complex, resource-intensive, and error-prone. It then introduces a solution called Key Orchestration that provides automated, scalable, and integrated encryption key management to simplify the process and reduce errors.

1 of 15
Downloaded 11 times
Secure Storage Encryption Implications Data Storage Security Summit September 24, 2015
Attackers don’t just want to get in, they want the stored data • No longer IF, but WHEN and HOW BAD • Heartbleed Hack 2/3 Internet Servers • Cyber-Warfare, Industrial Espionage • FBI Cyber Division 500M Finance records (12 months) • Cost of a Data Breach average $5.5 million PROBLEM ATTACKS OUTPACING DEFENSES Staples Data Breach Target POS Breeched Home Depot Credit Card Theft E-Bay Compromised Sony Picture Digital Break-in Kmart Victim of Hacker Attack Anthem Health Malicious Attack Office of Personnel Management
Storage systems can’t rely on perimeter security to keep data safe • Where does storage reside? Everywhere! • What types of storage targeted? All Types! • Is there a ‘Silver Bullet’? No! • Can we do something? Yes, Encrypt! STORAGE ON THE FRONT LINES C a n a r y i n t h e C o a l M i n e
SOLUTION 4 Key Orchestration™ V i s i o n a r y, S ca l a b l e , D i s r u p t i v e Bypass “Complexity Culture” Encryption key management at scale is a data messaging problem - not an encryption problem Integrating Identity & Policy with Encryption Management Workflow = Automation & Optimization Utilizing Open Standards maximizes interoperability, accelerates broader encryption usage, and lowers the historically high costs of managing encryption. Protect Data-at-Rest & In-Transit Enabling the 21st Century Secure Data Revolution Encryption Is Needed Everywhere ~ Millions & Billions ~
5 COMPLEXITY REDUCED VS. • Multiple, Cumbersome Interfaces • Operationally Complex • High Costs, Slow to Innovate • Scale-adverse • Unique Tree Structure Interface • Simple, Easy to Use, Powerful • Disruptive, Affordable Pricing • Architected to Scale to Millions Current Encryption Key Management IS DONE MANUALLY! Modern Interface Workflow Automation Grid Views S i n g l e , P o w e r f u l , I n t e g r a t e d
Suspend Key Revoke Key Destroy Key Rotate Key Store Key Recover Key Back-up Key Generate Key Use Key Register Key Distribute Key Install Key Time-Bound Key Transaction Key • In current practice, these processes demand “hands-on” intervention • Because each of these processes is managed by human interaction, they are more prone to mistakes, errors of omission and commission, and insider-threats. • The overall management practices are resource intensive and time consuming. 6 KEY MANAGEMENT - LIFECYCLE Many Points of Failure
Automatically Suspends Keys Rules Violation Automatically Revokes Keys Rules Based - Alarms, Roles, etc Destroys Keys According to Policy Automated Key Rotation Management Wraps & Stores Keys Rules Based Inherent Key Recovery tools Supervises & Audits Back-up Keys Audits Key Generation, from any approved source Monitors & Audits Key Usage Prompts & Manages Key Registration Distributes Key based on Policy Instruction Installs Keys Automatically according to a Plan Time-Bound Key Supervision & Auditing Transaction Key Supervision & Auditing • Key Orchestration™ plans and stages each element of Key Management in automation, well ahead of execution. • Benefits include testing prior to deployment, greatly reduced operations resources, elimination of most security errors (including insider threats), and substantially reduced time to execute. 7 KEY ORCHESTRATION™ Pre-defined, Tested Policy Interface, Tools, and Automation USAF SMC Satellite rekey demo: 48 hours reduced to 30 minutes
CONSOLIDATED MANAGEMENT 8 M a n a g e K e y s A c r o s s P l a t f o r m s File Sharing CRM POS POSPOS Secure Storage KO – Key Orchestration • Key Material Agnostic • Policy Driven • Lifecycle Awareness • Job Control • Automation • Audit & Tracking • Lowest TCO • Error Reduction
9 Key Management Control Plane ORCHESTRATING ENCRYPTION USE Key M a n a g e m e nt C o nt r o l P l a n e Fornetix Partners Hardware Security Module Policy & Operations Initiation HSM Source Device / Appl Target Key Orchestration
10 ENCRYPTION IMPLICATIONS F i n e G r a i n e d E n c r y pte d S to r a g e Security Policy Mgr Active Directory Enterprise Storage Client Enterprise Storage Level 1 Security Enterprise Device Level 2 Security Email KO Content Management KO MSFT Desktops KO API API Server Key Orchestration Key Orchestration Appliance KOA File / Object EncryptionSELinux SELinux Key Material Program Attributes Admin Calls API Call Attribute Attribute Request Users Key Call Security Policy Manager Enterprise Landscape Application Tier Medium Security Policy Manager Enterprise End Device, Appls Key Orchestration Storage Tier High
Ownership Policy Manager TCG OPAL USE CASES 11 Key Orchestration TCG OPAL combination of Deploy Storage Device and Take Ownership (use case 1) TCG Opal Lock and Unlock Storage Device (use case 3) OS SED3 KOC SED2SED1 Crypto Store L O C K S E D 1 S E D 2 S E D 3 Credential – Policy Symmetric Key Boot Up – Key Request Lock / UnLock Key Delivered
MONETIZING ENCRYPTION 12 Hard Disk Drive Asset Management • In-Use Inventory • Day 1 to EOL Decommission Auditing • Proof: Out-of-Use • Regulatory Compliance Cryptographic Erase • HDD/SSD Data “Bricked” • Encrypt –> Destroy Key –> Reuse Asset E n a b l e E n c r y p t i o n a s K i l l e r A p p Aligning the management of encryption keys with business processes where the use of encryption can now be deployed effectively and efficiently to create new value propositions .
13 SECURE DATA REVOLUTION Smart Client (Fornetix) Bi-Directional • Key Request Either Side • Dynamic Attributes Identity Policy Location Federation Attribute Barrier™ Encryption Horizon™ Micro Client (Fornetix) Multi-Directional • Key Request IoT Intelligence • Micro Attributes Chip Level High Function High Frequency Low Latency 2015-2018 2020 Dumb Client Uni-Directional • Key Request Device side Only • Static Attributes Single Use Device Type Flat Key Forklift Updates Historical 2014 10s of Thousands 100s of Millions 10s of Billions
HOMOMORPHIC ENCRYPTION 14 Key Orchestration is architected for high scale and ubiquitous encryption functioning across current and future encryption deployment innovations. CryptDB: Encrypted database and query processing Mylar: A platform for building secure apps Advanced data base systems supporting primary end-user encryption managed data objects, such as CryptDB, will benefit greatly from Fornetix vision of an Encryption Horizon™. Advances such as these, portend a larger scale of encryption usage at the high and low end of computing systems and storage. Key Orchestration’s unique alignment of policy, identity, and federation provides for multi-level and cross-group associations of various encryption material, and their respective key usage profiles and techniques.
15 Thank you! www.fornetix.com Bob Guimarin, CEO bob@fornetix.com info@fornetix.com Tel: 703.687.9770
Ad

Recommended

EDR vs SIEM - The fight is on
EDR vs SIEM - The fight is onEDR vs SIEM - The fight is on
EDR vs SIEM - The fight is on
Justin Henderson
 
Grc tao.4
Grc tao.4Grc tao.4
Grc tao.4
Flaskdata.io
 
GCDA - GIAC Certificated Detection Analyst
GCDA - GIAC Certificated Detection AnalystGCDA - GIAC Certificated Detection Analyst
GCDA - GIAC Certificated Detection Analyst
Justin Henderson
 
Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015Security Monitoring using SIEM null bangalore meet april 2015
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce
 
Leveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log ManagementLeveraging Compliance for Security with SIEM and Log Management
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud Next-Generation SIEM: Delivered from the Cloud
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC core
Mona Arkhipova
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
SecureData Europe
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOC
Fuad Khan
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and Forwards
Savvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
Greg Foss
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesAchieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
Alert Logic
 
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinUsing Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
Fahad Al-Hasan
 
Ad

More Related Content

What's hot (20)

Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC core
Mona Arkhipova
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
SecureData Europe
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOC
Fuad Khan
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and Forwards
Savvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
Greg Foss
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesAchieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
Alert Logic
 
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinUsing Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
Brian Honan
 
Cloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate OnCloud Security Zen: Principles to Meditate On
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
Qradar as a SOC core
Qradar as a SOC coreQradar as a SOC core
Qradar as a SOC core
Mona Arkhipova
 
SORT OUT YOUR SIEM
SORT OUT YOUR SIEMSORT OUT YOUR SIEM
SORT OUT YOUR SIEM
SecureData Europe
 
How To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security FlawsHow To Avoid The Top Ten Software Security Flaws
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton ChuvakinFive Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
Digital Bond
 
Skill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOCSkill Set Needed to work successfully in a SOC
Skill Set Needed to work successfully in a SOC
Fuad Khan
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access SystemsValerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Implementing An Automated Incident Response Architecture
Implementing An Automated Incident Response ArchitectureImplementing An Automated Incident Response Architecture
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008Six Mistakes of Log Management 2008
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Network Forensics Backwards and Forwards
Network Forensics Backwards and ForwardsNetwork Forensics Backwards and Forwards
Network Forensics Backwards and Forwards
Savvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the AnswersYou Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Security Automation and Orchestration
Security Automation and OrchestrationSecurity Automation and Orchestration
Security Automation and Orchestration
Greg Foss
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven MethodologiesAchieving Defendable Architectures Via Threat Driven Methodologies
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
Vendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event ManagementVendor Landscape: Security Information and Event Management
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Modern vs. Traditional SIEM
Modern vs. Traditional SIEM Modern vs. Traditional SIEM
Modern vs. Traditional SIEM
Alert Logic
 
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton ChuvakinUsing Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?What Is Next-Generation Endpoint Security and Why Do You Need It?
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 

Similar to Secure Storage Encryption Implications_Fornetix (20)

Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
Fahad Al-Hasan
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
Ernest Staats
 
WBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptxWBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptx
Precisely
 
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
ActureSolutions
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
mishogelashvili28
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
Ernest Staats
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
DBmaestro - Database DevOps
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Anton Chuvakin
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection FrameworkAlex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
Annual OktCyberfest 2019
Annual OktCyberfest 2019Annual OktCyberfest 2019
Annual OktCyberfest 2019
Fahad Al-Hasan
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
Security Innovation
 
The What, Why, and How of DevSecOps
The What, Why, and How of DevSecOpsThe What, Why, and How of DevSecOps
The What, Why, and How of DevSecOps
Cprime
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
Scott Carlson
 
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015Office 365 Security, Privacy and Compliance - SMB Nation 2015
Office 365 Security, Privacy and Compliance - SMB Nation 2015
Robert Crane
 
Privacies are coming
Privacies are comingPrivacies are coming
Privacies are coming
Ernest Staats
 
WBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptxWBN_Securing Your IBM i_E_250300003.pptx
WBN_Securing Your IBM i_E_250300003.pptx
Precisely
 
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
Acture Solutions - 5 Efficient Ways To Align Your District's Cybersecurity w/...
ActureSolutions
 
Security Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif GhauriSecurity Outsourcing - Couples Counseling - Atif Ghauri
Security Outsourcing - Couples Counseling - Atif Ghauri
Atif Ghauri
 
Presentation 10.pptx
Presentation 10.pptxPresentation 10.pptx
Presentation 10.pptx
mishogelashvili28
 
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
Dmitriy Desyatkov "Secure SDLC or Security Culture to be or not to be"
WrikeTechClub
 
SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs SpiceWorks Webinar: Whose logs, what logs, why logs
SpiceWorks Webinar: Whose logs, what logs, why logs
AlienVault
 
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin DunnNetworking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
Networking 2016-06-14 - The Dirty Secrets of Enterprise Security by Kevin Dunn
North Texas Chapter of the ISSA
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
kanimozhin
 
Privacies are Coming
Privacies are ComingPrivacies are Coming
Privacies are Coming
Ernest Staats
 
Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control Protect your Database with Data Masking & Enforced Version Control
Protect your Database with Data Masking & Enforced Version Control
DBmaestro - Database DevOps
 
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton ChuvakinEnterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Enterprise Logging and Log Management: Hot Topics by Dr. Anton Chuvakin
Anton Chuvakin
 
How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?How Vulnerable is Your Critical Data?
How Vulnerable is Your Critical Data?
IBM Security
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
New Horizons Computer Learning Centers / 5PE
 
Ad

Secure Storage Encryption Implications_Fornetix

  • 1. Secure Storage Encryption Implications Data Storage Security Summit September 24, 2015
  • 2. Attackers don’t just want to get in, they want the stored data • No longer IF, but WHEN and HOW BAD • Heartbleed Hack 2/3 Internet Servers • Cyber-Warfare, Industrial Espionage • FBI Cyber Division 500M Finance records (12 months) • Cost of a Data Breach average $5.5 million PROBLEM ATTACKS OUTPACING DEFENSES Staples Data Breach Target POS Breeched Home Depot Credit Card Theft E-Bay Compromised Sony Picture Digital Break-in Kmart Victim of Hacker Attack Anthem Health Malicious Attack Office of Personnel Management
  • 3. Storage systems can’t rely on perimeter security to keep data safe • Where does storage reside? Everywhere! • What types of storage targeted? All Types! • Is there a ‘Silver Bullet’? No! • Can we do something? Yes, Encrypt! STORAGE ON THE FRONT LINES C a n a r y i n t h e C o a l M i n e
  • 4. SOLUTION 4 Key Orchestration™ V i s i o n a r y, S ca l a b l e , D i s r u p t i v e Bypass “Complexity Culture” Encryption key management at scale is a data messaging problem - not an encryption problem Integrating Identity & Policy with Encryption Management Workflow = Automation & Optimization Utilizing Open Standards maximizes interoperability, accelerates broader encryption usage, and lowers the historically high costs of managing encryption. Protect Data-at-Rest & In-Transit Enabling the 21st Century Secure Data Revolution Encryption Is Needed Everywhere ~ Millions & Billions ~
  • 5. 5 COMPLEXITY REDUCED VS. • Multiple, Cumbersome Interfaces • Operationally Complex • High Costs, Slow to Innovate • Scale-adverse • Unique Tree Structure Interface • Simple, Easy to Use, Powerful • Disruptive, Affordable Pricing • Architected to Scale to Millions Current Encryption Key Management IS DONE MANUALLY! Modern Interface Workflow Automation Grid Views S i n g l e , P o w e r f u l , I n t e g r a t e d
  • 6. Suspend Key Revoke Key Destroy Key Rotate Key Store Key Recover Key Back-up Key Generate Key Use Key Register Key Distribute Key Install Key Time-Bound Key Transaction Key • In current practice, these processes demand “hands-on” intervention • Because each of these processes is managed by human interaction, they are more prone to mistakes, errors of omission and commission, and insider-threats. • The overall management practices are resource intensive and time consuming. 6 KEY MANAGEMENT - LIFECYCLE Many Points of Failure
  • 7. Automatically Suspends Keys Rules Violation Automatically Revokes Keys Rules Based - Alarms, Roles, etc Destroys Keys According to Policy Automated Key Rotation Management Wraps & Stores Keys Rules Based Inherent Key Recovery tools Supervises & Audits Back-up Keys Audits Key Generation, from any approved source Monitors & Audits Key Usage Prompts & Manages Key Registration Distributes Key based on Policy Instruction Installs Keys Automatically according to a Plan Time-Bound Key Supervision & Auditing Transaction Key Supervision & Auditing • Key Orchestration™ plans and stages each element of Key Management in automation, well ahead of execution. • Benefits include testing prior to deployment, greatly reduced operations resources, elimination of most security errors (including insider threats), and substantially reduced time to execute. 7 KEY ORCHESTRATION™ Pre-defined, Tested Policy Interface, Tools, and Automation USAF SMC Satellite rekey demo: 48 hours reduced to 30 minutes
  • 8. CONSOLIDATED MANAGEMENT 8 M a n a g e K e y s A c r o s s P l a t f o r m s File Sharing CRM POS POSPOS Secure Storage KO – Key Orchestration • Key Material Agnostic • Policy Driven • Lifecycle Awareness • Job Control • Automation • Audit & Tracking • Lowest TCO • Error Reduction
  • 9. 9 Key Management Control Plane ORCHESTRATING ENCRYPTION USE Key M a n a g e m e nt C o nt r o l P l a n e Fornetix Partners Hardware Security Module Policy & Operations Initiation HSM Source Device / Appl Target Key Orchestration
  • 10. 10 ENCRYPTION IMPLICATIONS F i n e G r a i n e d E n c r y pte d S to r a g e Security Policy Mgr Active Directory Enterprise Storage Client Enterprise Storage Level 1 Security Enterprise Device Level 2 Security Email KO Content Management KO MSFT Desktops KO API API Server Key Orchestration Key Orchestration Appliance KOA File / Object EncryptionSELinux SELinux Key Material Program Attributes Admin Calls API Call Attribute Attribute Request Users Key Call Security Policy Manager Enterprise Landscape Application Tier Medium Security Policy Manager Enterprise End Device, Appls Key Orchestration Storage Tier High
  • 11. Ownership Policy Manager TCG OPAL USE CASES 11 Key Orchestration TCG OPAL combination of Deploy Storage Device and Take Ownership (use case 1) TCG Opal Lock and Unlock Storage Device (use case 3) OS SED3 KOC SED2SED1 Crypto Store L O C K S E D 1 S E D 2 S E D 3 Credential – Policy Symmetric Key Boot Up – Key Request Lock / UnLock Key Delivered
  • 12. MONETIZING ENCRYPTION 12 Hard Disk Drive Asset Management • In-Use Inventory • Day 1 to EOL Decommission Auditing • Proof: Out-of-Use • Regulatory Compliance Cryptographic Erase • HDD/SSD Data “Bricked” • Encrypt –> Destroy Key –> Reuse Asset E n a b l e E n c r y p t i o n a s K i l l e r A p p Aligning the management of encryption keys with business processes where the use of encryption can now be deployed effectively and efficiently to create new value propositions .
  • 13. 13 SECURE DATA REVOLUTION Smart Client (Fornetix) Bi-Directional • Key Request Either Side • Dynamic Attributes Identity Policy Location Federation Attribute Barrier™ Encryption Horizon™ Micro Client (Fornetix) Multi-Directional • Key Request IoT Intelligence • Micro Attributes Chip Level High Function High Frequency Low Latency 2015-2018 2020 Dumb Client Uni-Directional • Key Request Device side Only • Static Attributes Single Use Device Type Flat Key Forklift Updates Historical 2014 10s of Thousands 100s of Millions 10s of Billions
  • 14. HOMOMORPHIC ENCRYPTION 14 Key Orchestration is architected for high scale and ubiquitous encryption functioning across current and future encryption deployment innovations. CryptDB: Encrypted database and query processing Mylar: A platform for building secure apps Advanced data base systems supporting primary end-user encryption managed data objects, such as CryptDB, will benefit greatly from Fornetix vision of an Encryption Horizon™. Advances such as these, portend a larger scale of encryption usage at the high and low end of computing systems and storage. Key Orchestration’s unique alignment of policy, identity, and federation provides for multi-level and cross-group associations of various encryption material, and their respective key usage profiles and techniques.
  • 15. 15 Thank you! www.fornetix.com Bob Guimarin, CEO bob@fornetix.com info@fornetix.com Tel: 703.687.9770
  翻译: