Now - ISSA-NE
Download
Report
Transcript Now - ISSA-NE
Vormetric Data
Security
Cloud Computing
Who is Vormetric?
Founded in 2001
Purpose:
To Simplify Data Security
Customers:
1100+ Customers
Worldwide
OEM Partners:
IBM
Guardium Data Encryption
Symantec
NetBackup MSEO
Data Security Simplified
Transparent
Strong
Must be transparent to business
processes, end users, and applications
Control Privileged Users access to
sensitive data
Data type neutral – any data,
anywhere
Firewall your data – approved users
and applications allowed, deny all
others.
Integrated Key Management
Efficient
SLA, User, and Application
performance must remain acceptable
Encryption overhead can approach
zero
Easy
Easy to Understand
Easy to Implement
Easy to Manage
Data is Everywhere
Public Cloud
(AWS, Rackspace, Smart
Unstructured Data
File Systems
Cloud, Savvis, Terremark)
Virtual & Private
Cloud (VMware,
Citrix, Hyper-V)
Office documents,
SharePoint, PDF, Images,
Audio……etc…
Remote
Locations
& Systems
Storage & Backup
Systems
SAN/NAS Backup Systems
Data
Communications
VoIP Systems
FTP/Dropbox Server
Email Servers
Business Application
Systems
(SAP, PeopleSoft, Oracle
Financials, In-house, CRM,
eComm/eBiz, etc.)
Application Server
Security &
Other Systems
(Event logs, Error logs
Cache, Encryption keys,
& other secrets)
Security Systems
Structured Database Systems
(SQL, Oracle, DB2, Informix, MySQL)
Database Server
Advanced Persistent Threat
Reducing the Threat Landscape
A Defense in Depth Strategy is
essential to combating APT
Controls and Safeguards are
intended to combat the APT at
different points in its life cycle
The goal is the APT is to gain
access to you most valued
possession, you data
APT’s are already at work on your
network. The Data must be
protected locally, at the point of
access
Protect what Matters
Image from Secureworks.com
Control and Defend
Audit
Security
Management
Domains
Privileged User
Access Control
Separation of
Roles & Need to
Know
Key
Management
Encryption
Data
Assets
Transitioning to the Cloud
Database Encryption
Usage: Encrypt Tablespace,
Log, and other DB files
Common Databases:
Oracle, MSSQL, DB2, Sybase,
Informix, MySQL…
Unstructured Data
Encryption
Usage: Encrypt and Control
access to any type of data
used by LUW server
Common Data Types:
Logs, Reports, Images, ETL,
Audio/Video Recordings,
Documents, Big Data…
Examples: FileNet,
Documentum, Nice, Hadoop,
Home Grown, etc…
Cloud Encryption
Usage: Encrypt and Control
Access to data used by Cloud
Instances
Common Cloud Providers:
Amazon EC2, Rackspace,
MS Azure, Savvis, Terremark
AT&T, SoftLayer +++
Vormetric Data Security
What is it?
Integrated solution that
controls access to data…
Integrated
Key
Management
What does it do?
Controls what users and
processes can access data
Enforces access controls with
encryption of any type of data
transparently
Security
Intelligence
Data
Provide security intelligence
around your data
Data Firewall
Transparent
Encryption
Transitioning to the Cloud
Data Encryption
Encrypts file system and
volume data transparently to:
Applications
Databases
Storage Infrastructure
Integrated Key Management
High Efficiency Encryption
Data Firewall
Need to know access to data,
based on approved behavior.
Separate data access from
data management for system
privileged users
Security
Intelligence
Rich event driven audit logs
for approved and denied
attempts to sensitive data
Multiple reporting options to
enable actionable security
intelligence
More than just audit reports
– prove data is protected
Locking down the CSP Admin
Policy ≈ Firewall Rules
Rules have Criteria and Effects
Criteria
User/Group, Process, Data Location, Type of I/O, Time
Effects
Permission: Permit or Deny
Encryption Key: Yes or No
Audit: Yes or No
The Rules of a policy work like a firewall rule
engine
1.
2.
3.
4.
Receive criteria from request.
Try to match Criteria to Rules. Start at the top.
On first match apply the associated Effect.
If no match, then deny
Locking Down the CSP Admin
Vormetric Data Security : Single Pane of Glass
Traditional
Infrastructure
Cloud
Computing
AWS, RacSpace,
Saavis…
Data Security
Manager
Unstructured
Unstructured
Vormetric
Vault
Database
Database
Vormetric Data Security : Single Pane of Glass
Traditional
Infrastructure
Cloud
Computing
AWS, RacSpace,
Saavis…
Data Security
Manager
Unstructured
Unstructured
Vormetric
Vault
Database
Database
Vormetric Data Security Product Suite
Vormetric Encryption
Purpose: Transparent Data
Encryption and Access Control of
structured and unstructured data
Use Cases: Database Encryption,
File Encryption, Privileged User
Data Management
Vormetric Key Management
Vormetric Vault
Purpose: Securely store and
report on Security Materials
Use Cases: Key Vaulting,
Certificate Vaulting, Vaulting of
other Security materials.
Vormetric Toolkit
Purpose: Key Management for
other Encryption platforms
Purpose: Automate and
accelerate deployment
Use Cases: Application
Encryption, TDE Key Management
Use Cases: Cloud Providers,
Enterprise Deployments
Technical Benefits
Transparent
Strong
No changes required to Database,
Application or Storage
System privileged users can be
restricted from accessing sensitive data
Data type neutral – any data type
Firewall your data – approved users
and applications allowed, deny all
others.
Integrated Key Management
Efficient
SLA, User, and Application
performance are maintained
Encryption overhead is minimal
Rapid Deployment
Easy
Easy to Understand
Easy to Implement
Easy to Manage
Vormetric Data
Security
Protect what matters
Jeff Sherman
Regional Sales Manager
Bill Goodman
Sales Engineer