Brave new world of encryption v1
0 likes525 views
This document discusses data security in the cloud. It notes that encryption, along with centralized policy and key management, are essential for protecting sensitive data in cloud environments and meeting regulatory requirements. Centralized key management provides benefits like secure key storage, lifecycle management, separation of duties, and compliance with standards. Customers can choose between managing keys on-premise or using a key management as a service provider, but must consider tradeoffs in risk, cost, and separation of duties. Encryption combined with proper key management makes data more secure when migrating to cloud computing.
Brave new world of encryption v1
- 1. Brave New World – Encryption and the Cloud Ashvin Kamaraju – VP of Product Development www.Vormetric.com
- 2. Agenda Cloud Market Overview Security for the Cloud Encryption & Key Management Q&A 2
- 4. Data Centers Are Evolving Cloud Virtual Physical 4
- 5. Enterprises Are Moving to the Cloud
- 6. There Are Different Types of Public Clouds Fully functional applications provided such as SaaS CRM, ERP, email, Project Management, Software s a Travel Services, etc. Service PaaS Operating environments included such as Platform as a Service Windows/.NET, Linux/J2EE, applications of choice deployed Virtual Data Centers IaaS Infrastructure Virtual platform on which required operating Cloud Centers as a Service environment and application are deployed. Also includes storage as a service offerings Data Centers 6
- 7. Market Landscape Gartner September 2012 Public cloud services market is forecast to grow 19.6 percent in 2012 to $109 billion Business process as a service (BPaaS) represents 77 percent of the total market Infrastructure as a service (IaaS) is forecast to be $6.2 billion in 2012 and growing at a rate of 45.4 percent The total public cloud services market is forecast to grow to $206.6 billion in 2016 7
- 8. Security for the Cloud
- 9. Barriers to Cloud Adoption Performance Security
- 10. Cloud Adoption Need for Data Security Data = Cash • Reputation, Compliance, Penalties Layers of Network Security Applied Today • Next Gen Firewalls, VPNs, IPS, SIEM, DAM/DAP, Move to Include Data Security • Encryption, Key and Policy Management
- 11. Security of cloud infrastructure - Survey Results What data types would you place in the cloud infrastructure environment? Regulated data (such as credit cards, health data, SSN, driver’s license number Employee data Non-regulated confidential business data (such as intellectual property, business plans, financial records) Non-regulated customer data (such as purchase history, email address list, shipping information) 0 10 20 30 40 50 60 70 80 Responses (%) Encrypted Not Encrypted Source: Ponemon Institute survey of 1000 U.S IT and Compliance practioners (600 IT; 400 Compliance) – November 2011 11 Copyright © 2011 Vormetric, Inc. - Proprietary and Confidential. All Rights Reserved.
- 12. Why does encryption make data secure in the cloud? Cloud is inherently multi-tenant All infrastructure i.e. compute and storage are shared among different customers (serially) In the event there is a physical theft at the service provider facilities unprotected data is left vulnerable In the event there is unauthorized access (malicious or inadvertent) unprotected data ends up in the wrong hands Sensitive data must be protected to meet regulatory requirements Payment Card Industry (PCI) Data Security Standard (DSS) HIPAA HITECH Safe Harbor Enable governance for hybrid clouds Seamlessly manage private and public clouds by complying with the corporate regulatory and security standards
- 13. Two Different Perspectives Cloud Service Provider • Want to provide assurances to their customers that the service is secure • This is a competitive differentiator Cloud Service Provider Customer • Some will trust that their data is being properly secured • Some will demand that they maintain complete control of their data
- 14. Encryption and Key Management
- 15. 3 Components of Data Security in the Cloud Policy Management Key Management Encryption
- 16. Encryption, Policy and Key Management Policy and key management are extremely important aspects of encryption Keys are used to encrypt/decrypt data Policies, which are tied to business need, define how keys are distributed and authorized for use Enterprises typically have several encryption solutions and keys are not centrally managed Centralized policy and key management is essential to meet the business needs, governance and regulatory requirements
- 17. Centralized Key Management Benefits Central repository for secure storage of keys Key life cycle management (creation, deletion, expiry notification, reporting) Policies (define how keys will be used) Separation of duties Secure backup Compliance with standards such as FIPS 140-2 Manage encryption solutions using industry standards e.g. PKCS #11, KMIP
- 18. Centralized Key Management Key Management: As a service or On Premise? Approach Tradeoffs Custodianship Risk Cost Separation of Multi- duties Tenancy On-Premise solution High (can be Low Lines of Customer amortized across Yes (customized) business large deployment) Key Management Yes. But only if data is as a Service Depends on not managed by key Multiple Service Provider Low the SLA management service customers provider
- 19. Understanding Data Security with Software as a Service (SaaS) Doing your research: Data security due diligence Customer does not control how information is handled but can effect it The risk: data security threats Data exposure By SaaS provider By IaaS partner By customer through application controls SaaS touch points: SaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Solutions Data encryption used by SaaS providers to fulfill customer requirements Tokenization by on-premise network appliances (Cloud Gateways)
- 20. Understanding Data Security for Infrastructure as a Service (IaaS) Doing your research: data security due diligence Customer does not control how infrastructure security is handled Customer responsible for data security The risk: data security threats Data exposure By IaaS provider By customer through application controls IaaS touch points: IaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Encryption/Key Management for data protection Solutions Customer encrypts data; Customer is custodian of keys Customer encrypts data; Different service provider for key management
- 21. Summary Cloud computing is a pervasive trend with compelling economics Ensuring data security and privacy is necessary to embracing cloud computing Encryption protects data and makes it safer to migrate to cloud Policies, separation of duties and key management are the underpinnings of encryption Tradeoffs in risk, costs and compliance to regulations must be considered in choosing a solution