170 likes | 672 Views
Read more on how to achieve enterprise key management from a white paper entitled Security Policy and Key Management from Vormetric http://enterprise-encryption.vormetric.com/data-securit y-policy-and-encryption-key-management-white-paper.html . This white paper will discuss the evolution of encryption and integrated key management systems. IT operations and support challenges for encryption systems will then be examined. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management. The paper will conclude with a brief introduction to Vormetric Key Management.
E N D
Security Policy and Key ManagementCentrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing
Presentation Overview IT operations and Evolution of encryption support challenges and integrated key will then be examined management systems Conclude with brief Review of the future introduction to industry initiatives and Vormetric Key Management compliance regulations Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Importance of Enterprise Key Management i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. “ Forrester Research, Inc., “Killing Data”, January 2012 Two Types of Key Management Systems Third Party Integrated Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
IT Imperative: Secure Enterprise Data Attacks on mission critical data are getting more sophisticated. 2 1 Direct access to enterprise data has increased the risk of misuse. ! A Data Breach Costs > $7.2M Per Episode 2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute Security breach results in substantial loss of revenue and customer trust. 3 Compliance regulations (HIPAA, PCI DSS) mandates improved controls. 4 i What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise. “ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Enterprise Key Management 8 Requirements Backup Key State Management Storage Enterprise Key Management Authentication Generation Restoration Auditing Security Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Interoperability Standards • PKCS#11 EKM • OASIS KMIP Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE) Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management Single comprehensive protocol defined by consumers of enterprise key management systems ! Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Encryption Key Management Challenges Complex management: Managing a plethora of encryption keys in millions Disparate Systems Security Issues: Vulnerability of keys from outside hackers /malicious insiders Data Availability: Ensuring data accessibility for authorized users Scalability: Supporting multiple databases, applications and standards Different Ways of Managing Encryption Keys Governance: Defining policy-driven, access, control and protection for data Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Industry Regulatory Standards Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions. Payment Card Industry Data Security Standard (PCI DSS) Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation. Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach. U.S. Health I.T. for Economic and Clinical Health (HITECH) Act Gramm Leach Bliley Act (GLBA) Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Key Management Benefits Stores Keys Securely Provides Audit and Reporting Improve Operational Efficiency Reduce Key Management Burden Minimize Solution Costs Manages Heterogeneous Keys / FIPS 140-2 Compliant i VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure. “ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Key Management Capabilities Manage Vormetric Encryption Agents Vault Other Keys Manage 3rd Party Keys • Provide Secure storage of security material • Create/Manage/Revoke keys of 3rd party encryption solutions • Key Types: • Provide Network HSM to encryption solutions via • Symmetric: AES, 3DES, ARIA • Asymmetric: RSA 1024, RSA 2048, RSA 4096 • Other: Unvalidated security materials (passwords, etc.). • PKCS#11 (Oracle 11gR2) • EKM (MSSQL 2008 R2) Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Key Management Components Data Security Manager (DSM) Report on vaulted keys Key Vault • Provides key management services for: • Licensable Option on DSM • Same DSM as used with all VDS products • Web based or API level interface for import and export of keys • Oracle 11g R2 TDE (Tablespace Encryption) • MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption) • FIPS 140-2 Key Manager with Separation of Duties • Supports Symmetric, Asymmetric, and Other Key materials • Reporting on key types Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
TDE Key Architecture before Vormetric ! Oracle / Microsoft TDE Master Encryption keys are stored on the local system in a file with the data by default. TDE Master Encryption Key Local Wallet or Table Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
TDE Key Architecture after Vormetric Oracle / Microsoft TDE TDE Master Encryption Key Key Agent SSL Connection • Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE • Vormetric Key Agent is installed on the database server Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
VKM Architecture-Key Vault Web GUI Supported Key Types: Symmetric Asymmetric Command Line / API Certificates Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Security Policy and Key Management Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Vormetric Key Management is the only solution today that can: • Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Security Policy and Key Management i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. “ Forrester Research, Inc., “Killing Data”, January 2012 Vormetric Key Management is the only solution today that can: Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Security Policy and Key ManagementCentrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing Download Whitepaper Click - to - tweet