110 likes | 317 Views
In the current data security environment, encryption is often touted as the grand cure-all. Simply implement an encryption solution and your data security woes will be behind you. While encryption can be a powerful tool in the data protection arsenal, assisting companies in achieving regulatory compliance as well as offering a high degree of protection to sensitive data, it must be done in a strategic manner.
E N D
Enterprise Encryption and Key Management Strategy THE TIME IS NOW Vormetric Contact: Name: Tina Stewart Email: Tina-Stewart@vormetric.com Download ESG Whitepaper • (send traffic to a registration page on Vormetric • site for whitepaper download)
Overview “ “ “ “ Large organizations need an enterprise encryption strategy. This should include central command and control, distributed policy enforcement, tiered administration, and an enterprise-class key management service. i Vormetric is the leader in enterprise encryptionandkey management. OurData Securitysolution encrypts any file, any database, any application, anywhere. In this presentation we share key insights from EGS’s whitepaper on:Enterprise Encryption and Key Management Strategy The Time Is Now, By Jon Oltsik This ESG white paper was commissioned by Vormetric, Inc. and is distributed under license from ESG.
The Time is Now • Your Business Data is Everywhere and Accessed by Everyone • Ad hoc Data Security =increased risk and business exposure • Large organizations need an enterprise encryption strategy • Central Command and Control • Distributed Policy Enforcement • Tiered Administration • Enterprise-class key management service
Drivers of Enterprise-Class Data Security Solutions • Regulatory Compliance State, industry and international privacy regulations require or recommend encryption for data security. • Publically Disclosed Breaches • Intellectual Property Protection 126 breaches and 1.5Million personal records reported in 2012 alone. Including well known names – Arizona State University and Zappos.com. • Advanced Persistent Threats (APTs) resulting in IP theft are forcing enterprises to aggressively respond with data encryption technologies.
Top Investment: Data Encryption Which of the following security technology products/solutions has your organization purchased in response to APTs? (Percent of respondents, N=95, multiple responses accepted) 54% Data encryption technologies Web gateway for blocking suspicious URLs and web based content Application firewalls Specific technology defenses designed to detect and prevent APT attacks Database security technologies Managed security services DLP (data loss prevention) technologies New types of user authentication/access controls Endpoint white-list/black-list enforcement technologies Third-party penetration testing service from specialty firm 49% 44% 44% 43% 39% 35% 31% 24% 21% 20% 40% 0% 10% 30% 50% 60% Source: Enterprise Strategy Group,2012
Data Security Growing Pains Each tool has its own administration and key management ! Source: enterprise Strategy Group, 2012
Data Security Growing Pains Risk Issue Cost ! All of these issues create operational overhead and increased risk.
Considerations for Enterprise Strategy • Transparent Encryption must fit into existing infrastructure and processes without altering or affecting existing systems and application. • Provides Executive Visibility • Owned by the security team CISO’s should be able to assess risk across the enterprise at all times and keep executive management informed. Key Management responsibilities must reside with specific, trained staff dedicated to this function.
Key Enterprise Architectural Features 1 Central Command & Control 2 Distributed Policy Enforcement 1 2 3 Tiered Administration 4 Enterprise-class Key Management 3 4
The Bigger Truth – The Time is Now. “ One of your most valuable assets, sensitive data, faces an increasing level of risk … ESG highly recommends that CISOs develop an enterprise encryption strategy as soon as possible. “ “ i 3 4 2 1 1 2 3 4 • DEFINE • the idealencryption • solution for your needs ASSESS what you have in place today • IDENTIFY • gaps in your current • implementations AUGMENT current ad hoc solutions
Enterprise Encryption and Key Management Strategy Vormetric Contact: THE TIME IS NOW Tina Stewart Tina-Stewart@vormetric.com Download ESG Whitepaper @Vormetric Click - to - tweet Click - to - tweet