Escolar Documentos
Profissional Documentos
Cultura Documentos
Vormetric
Transparent
Encryption
Slide No: 2
Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Vormetric Transparent Encryption
User
Application
Application
Database
Allow/Block Cloud Admin,
Database Encrypt/Decrypt Storage
Admin, etc
DSM
DSM
File
Systems
File
Volume
Managers
Volume
Systems Managers
Vormetric
Data Security Manager Storage
Storage
*$^!@#)(
virtual or physical appliance -|_}?$%-:>>
Big Data, Databases or Files
Server
Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Vormetric User Access Controls (With VTE)
Process and user aware file access policies
HR ERP Directory
Group: HR Vormetric Transparent Encryption
App: ERP
What: Read File
Authorized User Time: 2PM 11/14/2014
Where: HR ERP Directory
Group: Finance
App: IE 9.0
Unauthorized User What: Read File
Time: 5pm 11/14/2014
Where: HR ERP Directory
Access Policy #1
User: HR-Group
Group: SystemAdmin App: ERP
Root User Process: Cat command
Opp: Read Only
What: Read File
Time: 2PM 11/14/2014 Time: Any
Where: HR ERP Directory
Resources: Any
File access polices can be very granular. User access can be controlled by application, allowed operations,
time and the file or resource they attempt to access.
Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Policy Example: Structured Data (SQL, Oracle, etc)
# Resource User Process Action Effects
Policy Summary:
Only the DB Service account, using the whitelisted DB binaries have full
1
transparent access to the encrypted DB objects.
2 The privileged administrative accounts are allowed to manage the
encrypted DB objects but have no ability to decrypt the DB objects.
3 Deny and Audit non-conforming data requests at the I/O layer.
Policy Benefits
Database encryption, without changing database schema
or application code.
5
Remove custodial risk of privileged account compromise.
Copyright 2012 Vormetric, Inc. - Proprietary and Confidential. All Rights Reserved.
Value Proposition for Transparent Encryption
Slide No: 6
Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Value Proposition Vormetric User Access
Control (UAC)
Separation of privileged users and sensitive user data
Separation of administrative duties
Granular access controls
Secure, reliable, and auditable key management
Detailed security intelligence
Detailed logs
Allowed or denied
Command like 'switch users
SIEM Feed
Slide No: 7
Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Islands of Encryption
A disjointed, expensive collection of point products
$ +$ + $ +$ +$ +$ +$
Each use case requires individual infrastructure, management consoles and training
2013 2014
Cloud
Managed
Services
Big Data
Vormetric
Application
PKCS#11 KMIP Compliance
Key
Management Encryption
TDE
App ESM
Security
Intelligence SmartConnector
Slide No: 9
Vormetric Data Security Platform 2.0
Expansion: Tokenization and Data Masking
Introducing Vormetric
Tokenization with
Dynamic Data Masking
Slide No: 11
Introducing Vormetric Tokenization
4567-8765-9807-2342 Random
Credit Card
Token
Use cases:
Slide No: 12
Vormetric Tokenization
with Dynamic Data Masking for display security
Accounts Customer
Payable Service
0544-4124-4325-3490 XXXX-XXXX-XXXX-3490
App Servers
Slide No: 13
Vormetric Tokenization
Simplifying application-layer tokenization
1 2 3*
DSM
0544-4124-4325-3490 REST API
Customer 5 Vormetric
App Servers
Token Server
(Virtual Appliance)
6
1234-4567-6789-1234
4
1234-4567-6789-1234
Database
Token Vault**
((CC)e, Token) Lookups
Credit Card
* New and expired keys
** Oracle, customer provided, phase 1
Token or mask
Slide No: 14
Vormetric Tokenization w/
Dynamic Data Masking use case
1 Request 3 4
DSM
0544-4124-4325-3490 REST API
Accounts 6
Payable App Servers Vormetric
Mask
Data Sent
Token Server
7 Response 2
1234-4567-6789-1234
5
Customer
Service
AD/LDAP
1234-4567-6789-1234
Server
Database
(production data tokenized)
Token Vault
((CC)e, Token) Lookups
Credit Card
Token or mask
Slide No: 15
Vormetric Tokenization
with Dynamic Data Masking
RESTful APIs
LDAP/AD integration
Slide No: 16
One Platform One Strategy
Data-at-rest security that follows your data
Physical
Virtual
Outsourced
Sources
Nodes
Analytics
Slide No: 17
Transparent Encryption x Tokenization
Slide No: 18 Copyright 2015 Vormetric, Inc. Proprietary and Confidential. All rights reserved.
Strategic IT Organization Data Security
Example corporate-wide data protection strategy
% Use Cases
Secure files and databases With no application changes 70%
(Vormetric Transparent Encryption)
100% Vormetric
Slide No: 19
Vormetric Data Security Platform 2.0
Enabling an enterprise data-at-rest security strategy
Flexible
Enterprise-wide protection and compliance
History of delivering new use cases enabling secure innovation
Scalable
Multi-operating systems across all server environments
Global scale with centralized control
Efficient
High-performance, minimizes system resources
Operational simplicity through consistent deployment
Single Platform = Lower TCO
Slide No: 20
Thank you
Learn More
www.vormetric.com
Slide No: 21