Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

    Enviado por

    Tina-Stewart
    179 visualizações17 páginas
    This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPTX, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    179 visualizações17 páginas

    Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

    Enviado por

    Tina-Stewart
    This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPTX, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 17

    Centrally Manage Encryption Keys Oracle TDE, SQL Server TDE and Vormetric.

    Tina Stewart, Vice President of Marketing

    Security Policy and Key Management

    www.Vormetric.com

    Presentation Overview

    Evolution of encryption and integrated key management systems

    IT operations and support challenges will then be examined

    Review of the future industry initiatives and compliance regulations

    Conclude with brief introduction to Vormetric Key Management

    Slide No: 2

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Importance of Enterprise Key Management


    The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
    Forrester Research, Inc., Killing Data, January 2012

    Two Types of Key Management Systems

    Integrated
    Slide No: 3

    Third Party
    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    IT Imperative: Secure Enterprise Data


    1
    Direct access to enterprise data has increased the risk of misuse.

    Attacks on mission critical data are getting more sophisticated.

    !
    3

    A Data Breach Costs > $7.2M Per Episode


    2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute

    Security breach results in substantial loss of revenue and customer trust.

    Compliance regulations (HIPAA, PCI DSS) mandates improved controls.

    Slide No: 4

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise.

    Enterprise Key Management 8 Requirements

    Backup
    Storage Key State Management

    Generation

    Enterprise Key Management

    Authentication

    Restoration

    Auditing Security

    Slide No: 5

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Interoperability Standards

    PKCS#11
    Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE)

    EKM
    Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management

    OASIS KMIP
    Single comprehensive protocol defined by consumers of enterprise key management systems

    !
    Slide No: 6

    Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed.
    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Encryption Key Management Challenges


    Complex management: Managing a plethora of encryption keys in millions

    Disparate Systems

    Security Issues: Vulnerability of keys from outside hackers /malicious insiders

    Data Availability: Ensuring data accessibility for authorized users

    Scalability: Supporting multiple databases, applications and standards

    Governance: Defining policy-driven, access, control and protection for data


    Slide No: 7

    Different Ways of Managing Encryption Keys

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Industry Regulatory Standards


    Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions.

    Payment Card Industry Data Security Standard (PCI DSS)

    Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation.
    Gramm Leach Bliley Act (GLBA)

    U.S. Health I.T. for Economic and Clinical Health (HITECH) Act

    Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.

    Slide No: 8

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Vormetric Key Management Benefits

    Stores Keys Securely

    Provides Audit and Reporting

    Minimize Solution Costs

    Manages Heterogeneous Keys / FIPS 140-2 Compliant


    VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure.
    Slide No: 9

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Vormetric Key Management Capabilities

    Manage Vormetric

    Manage 3rd Party Keys


    Create/Manage/Revoke keys of 3rd party encryption solutions Provide Network HSM to encryption solutions via

    Vault Other Keys


    Provide Secure storage of security material Key Types:

    Encryption
    Agents

    Symmetric: AES, 3DES, ARIA Asymmetric: RSA 1024, RSA 2048, RSA 4096 Other: Unvalidated security materials (passwords, etc.).

    PKCS#11 (Oracle 11gR2) EKM (MSSQL 2008 R2)

    Slide No: 10

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Vormetric Key Management Components

    Data Security Manager (DSM)


    Same DSM as used with all VDS products FIPS 140-2 Key Manager with Separation of Duties

    Report on vaulted keys


    Provides key management services for:

    Key Vault
    Licensable Option on DSM Web based or API level interface for import and export of keys Supports Symmetric, Asymmetric, and Other Key materials Reporting on key types

    Oracle 11g R2 TDE (Tablespace Encryption) MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption)

    Slide No: 11

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    TDE Key Architecture before Vormetric

    Master Encryption keys are stored on the local system in a file with the data by default.

    Oracle / Microsoft TDE

    TDE Master Encryption Key

    Local Wallet or Table

    Slide No: 12

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    TDE Key Architecture after Vormetric


    Oracle / Microsoft TDE
    SSL Connection

    TDE Master Encryption Key

    Key Agent

    Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database server

    Slide No: 13

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    VKM Architecture-Key Vault


    Web GUI

    Supported Key Types:

    Asymmetric Command Line / API

    Slide No: 14

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Security Policy and Key Management


    Protecting the enterprises valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.

    Vormetric Key Management is the only solution today that can:


    Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and

    Protect data without disrupting you business

    Slide No: 15

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Security Policy and Key Management


    The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
    Forrester Research, Inc., Killing Data, January 2012

    Protecting the enterprises valuable digital assets from accidental or intentional misuse are key goals for every IT team today

    A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.

    Vormetric Key Management is the only solution today that can:


    Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business

    Slide No: 16

    Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

    Centrally Manage Encryption Keys Oracle TDE, SQL Server TDE and Vormetric.
    Download Whitepaper

    Security Policy and Key Management

    Tina Stewart, Vice President of Marketing

    Click - to - tweet

    www.Vormetric.com

    Você também pode gostar