SlideShare a Scribd company logo

Secure Storage Encryption Implications_Fornetix

B
Bob Guimarin

The document discusses the need for encryption of stored data due to increasing security threats and data breaches. It notes that attackers are targeting all types of stored data across all storage locations. The document proposes that encryption is needed everywhere to protect data, but that current encryption key management is done manually and is complex, resource-intensive, and error-prone. It then introduces a solution called Key Orchestration that provides automated, scalable, and integrated encryption key management to simplify the process and reduce errors.

1 of 15
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Secure Storage Encryption Implications Data Storage Security Summit September 24, 2015
Attackers don’t just want to get in, they want the stored data • No longer IF, but WHEN and HOW BAD • Heartbleed Hack 2/3 Internet Servers • Cyber-Warfare, Industrial Espionage • FBI Cyber Division 500M Finance records (12 months) • Cost of a Data Breach average $5.5 million PROBLEM ATTACKS OUTPACING DEFENSES Staples Data Breach Target POS Breeched Home Depot Credit Card Theft E-Bay Compromised Sony Picture Digital Break-in Kmart Victim of Hacker Attack Anthem Health Malicious Attack Office of Personnel Management
Storage systems can’t rely on perimeter security to keep data safe • Where does storage reside? Everywhere! • What types of storage targeted? All Types! • Is there a ‘Silver Bullet’? No! • Can we do something? Yes, Encrypt! STORAGE ON THE FRONT LINES C a n a r y i n t h e C o a l M i n e
SOLUTION 4 Key Orchestration™ V i s i o n a r y, S ca l a b l e , D i s r u p t i v e Bypass “Complexity Culture” Encryption key management at scale is a data messaging problem - not an encryption problem Integrating Identity & Policy with Encryption Management Workflow = Automation & Optimization Utilizing Open Standards maximizes interoperability, accelerates broader encryption usage, and lowers the historically high costs of managing encryption. Protect Data-at-Rest & In-Transit Enabling the 21st Century Secure Data Revolution Encryption Is Needed Everywhere ~ Millions & Billions ~
5 COMPLEXITY REDUCED VS. • Multiple, Cumbersome Interfaces • Operationally Complex • High Costs, Slow to Innovate • Scale-adverse • Unique Tree Structure Interface • Simple, Easy to Use, Powerful • Disruptive, Affordable Pricing • Architected to Scale to Millions Current Encryption Key Management IS DONE MANUALLY! Modern Interface Workflow Automation Grid Views S i n g l e , P o w e r f u l , I n t e g r a t e d
Suspend Key Revoke Key Destroy Key Rotate Key Store Key Recover Key Back-up Key Generate Key Use Key Register Key Distribute Key Install Key Time-Bound Key Transaction Key • In current practice, these processes demand “hands-on” intervention • Because each of these processes is managed by human interaction, they are more prone to mistakes, errors of omission and commission, and insider-threats. • The overall management practices are resource intensive and time consuming. 6 KEY MANAGEMENT - LIFECYCLE Many Points of Failure
Automatically Suspends Keys Rules Violation Automatically Revokes Keys Rules Based - Alarms, Roles, etc Destroys Keys According to Policy Automated Key Rotation Management Wraps & Stores Keys Rules Based Inherent Key Recovery tools Supervises & Audits Back-up Keys Audits Key Generation, from any approved source Monitors & Audits Key Usage Prompts & Manages Key Registration Distributes Key based on Policy Instruction Installs Keys Automatically according to a Plan Time-Bound Key Supervision & Auditing Transaction Key Supervision & Auditing • Key Orchestration™ plans and stages each element of Key Management in automation, well ahead of execution. • Benefits include testing prior to deployment, greatly reduced operations resources, elimination of most security errors (including insider threats), and substantially reduced time to execute. 7 KEY ORCHESTRATION™ Pre-defined, Tested Policy Interface, Tools, and Automation USAF SMC Satellite rekey demo: 48 hours reduced to 30 minutes
CONSOLIDATED MANAGEMENT 8 M a n a g e K e y s A c r o s s P l a t f o r m s File Sharing CRM POS POSPOS Secure Storage KO – Key Orchestration • Key Material Agnostic • Policy Driven • Lifecycle Awareness • Job Control • Automation • Audit & Tracking • Lowest TCO • Error Reduction
9 Key Management Control Plane ORCHESTRATING ENCRYPTION USE Key M a n a g e m e nt C o nt r o l P l a n e Fornetix Partners Hardware Security Module Policy & Operations Initiation HSM Source Device / Appl Target Key Orchestration
10 ENCRYPTION IMPLICATIONS F i n e G r a i n e d E n c r y pte d S to r a g e Security Policy Mgr Active Directory Enterprise Storage Client Enterprise Storage Level 1 Security Enterprise Device Level 2 Security Email KO Content Management KO MSFT Desktops KO API API Server Key Orchestration Key Orchestration Appliance KOA File / Object EncryptionSELinux SELinux Key Material Program Attributes Admin Calls API Call Attribute Attribute Request Users Key Call Security Policy Manager Enterprise Landscape Application Tier Medium Security Policy Manager Enterprise End Device, Appls Key Orchestration Storage Tier High
Ownership Policy Manager TCG OPAL USE CASES 11 Key Orchestration TCG OPAL combination of Deploy Storage Device and Take Ownership (use case 1) TCG Opal Lock and Unlock Storage Device (use case 3) OS SED3 KOC SED2SED1 Crypto Store L O C K S E D 1 S E D 2 S E D 3 Credential – Policy Symmetric Key Boot Up – Key Request Lock / UnLock Key Delivered
MONETIZING ENCRYPTION 12 Hard Disk Drive Asset Management • In-Use Inventory • Day 1 to EOL Decommission Auditing • Proof: Out-of-Use • Regulatory Compliance Cryptographic Erase • HDD/SSD Data “Bricked” • Encrypt –> Destroy Key –> Reuse Asset E n a b l e E n c r y p t i o n a s K i l l e r A p p Aligning the management of encryption keys with business processes where the use of encryption can now be deployed effectively and efficiently to create new value propositions .
13 SECURE DATA REVOLUTION Smart Client (Fornetix) Bi-Directional • Key Request Either Side • Dynamic Attributes Identity Policy Location Federation Attribute Barrier™ Encryption Horizon™ Micro Client (Fornetix) Multi-Directional • Key Request IoT Intelligence • Micro Attributes Chip Level High Function High Frequency Low Latency 2015-2018 2020 Dumb Client Uni-Directional • Key Request Device side Only • Static Attributes Single Use Device Type Flat Key Forklift Updates Historical 2014 10s of Thousands 100s of Millions 10s of Billions
HOMOMORPHIC ENCRYPTION 14 Key Orchestration is architected for high scale and ubiquitous encryption functioning across current and future encryption deployment innovations. CryptDB: Encrypted database and query processing Mylar: A platform for building secure apps Advanced data base systems supporting primary end-user encryption managed data objects, such as CryptDB, will benefit greatly from Fornetix vision of an Encryption Horizon™. Advances such as these, portend a larger scale of encryption usage at the high and low end of computing systems and storage. Key Orchestration’s unique alignment of policy, identity, and federation provides for multi-level and cross-group associations of various encryption material, and their respective key usage profiles and techniques.
15 Thank you! www.fornetix.com Bob Guimarin, CEO bob@fornetix.com info@fornetix.com Tel: 703.687.9770

More Related Content

PPTX
EDR vs SIEM - The fight is on
Justin Henderson
 
PPTX
Grc tao.4
Flaskdata.io
 
PPTX
GCDA - GIAC Certificated Detection Analyst
Justin Henderson
 
PPTX
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
PPTX
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce
 
PPTX
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
PDF
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
PDF
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 
EDR vs SIEM - The fight is on
Justin Henderson
 
Grc tao.4
Flaskdata.io
 
GCDA - GIAC Certificated Detection Analyst
Justin Henderson
 
Security Monitoring using SIEM null bangalore meet april 2015
n|u - The Open Security Community
 
Perforce on Tour 2015 - How are You Protecting Your Source Code?
Perforce
 
Leveraging Compliance for Security with SIEM and Log Management
Tripwire
 
Ken Czekaj & Robert Wright - Leveraging APM NPM Solutions to Compliment Cyber...
centralohioissa
 
Next-Generation SIEM: Delivered from the Cloud
Alert Logic
 

What's hot (20)

PPT
Best practises for log management
Brian Honan
 
PPTX
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
PDF
Qradar as a SOC core
Mona Arkhipova
 
PPTX
SORT OUT YOUR SIEM
SecureData Europe
 
PDF
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
PPTX
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
PDF
Accelerating OT - A Case Study
Digital Bond
 
PDF
Skill Set Needed to work successfully in a SOC
Fuad Khan
 
PPTX
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
PDF
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
PPT
Six Mistakes of Log Management 2008
Anton Chuvakin
 
PPTX
Network Forensics Backwards and Forwards
Savvius, Inc
 
PPTX
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
PDF
Security Automation and Orchestration
Greg Foss
 
PDF
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
PPTX
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
PDF
Modern vs. Traditional SIEM
Alert Logic
 
PPTX
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin
 
PPTX
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
PDF
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Best practises for log management
Brian Honan
 
Cloud Security Zen: Principles to Meditate On
Samuel Reed
 
Qradar as a SOC core
Mona Arkhipova
 
SORT OUT YOUR SIEM
SecureData Europe
 
How To Avoid The Top Ten Software Security Flaws
Priyanka Aash
 
Five Best and Five Worst Practices for SIEM by Dr. Anton Chuvakin
Anton Chuvakin
 
Accelerating OT - A Case Study
Digital Bond
 
Skill Set Needed to work successfully in a SOC
Fuad Khan
 
Valerie Thomas - All Your Door Belong to Me - Attacking Physical Access Systems
centralohioissa
 
Implementing An Automated Incident Response Architecture
Priyanka Aash
 
Six Mistakes of Log Management 2008
Anton Chuvakin
 
Network Forensics Backwards and Forwards
Savvius, Inc
 
You Suspect a Security Breach. Network Forensic Analysis Gives You the Answers
Savvius, Inc
 
Security Automation and Orchestration
Greg Foss
 
Achieving Defendable Architectures Via Threat Driven Methodologies
Priyanka Aash
 
Vendor Landscape: Security Information and Event Management
Info-Tech Research Group
 
Modern vs. Traditional SIEM
Alert Logic
 
Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin
Anton Chuvakin
 
Process Whitelisting and Resource Access Control For ICS Computers, Kuniyasu ...
Digital Bond
 
What Is Next-Generation Endpoint Security and Why Do You Need It?
Priyanka Aash
 
Ad

Similar to Secure Storage Encryption Implications_Fornetix (20)

PPTX
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
PDF
iaetsd Using encryption to increase the security of network storage
Iaetsd Iaetsd
 
PDF
CIO Review - Top 20 CyberSecurity
Bob Guimarin
 
PPTX
How To Plan Successful Encryption Strategy
ClickSSL
 
PPTX
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
PDF
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
PDF
Protect data at rest with negligible impact on NVMe disk performance metrics
Principled Technologies
 
PDF
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
PPT
[ppt]
webhostingguy
 
PPTX
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
SafeNet
 
PPT
[ppt]
webhostingguy
 
PDF
Encrypt-Everything-eB.pdf
alexguzman510050
 
PPTX
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
PPTX
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
Joshua R Nicholson
 
DOCX
Securing data at rest with encryption
Ruban Deventhiran
 
PDF
Perimeter Security is Failing
UL Transaction Security
 
PDF
Encrytpion information security last stand
George Delikouras
 
PDF
A 5 step guide to protecting backup data by Iron Mountain
Pim Piepers
 
PPTX
Encryption in the enterprise
Bozhidar Bozhanov
 
PPT
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
Andris Soroka
 
Alex Hanway - Securing the Breach: Using a Holistic Data Protection Framework
centralohioissa
 
iaetsd Using encryption to increase the security of network storage
Iaetsd Iaetsd
 
CIO Review - Top 20 CyberSecurity
Bob Guimarin
 
How To Plan Successful Encryption Strategy
ClickSSL
 
Rothke rsa 2013 - deployment strategies for effective encryption
Ben Rothke
 
Essential Guide to Protect Your Data [Key Management Techniques]
SISA Information Security Pvt.Ltd
 
Protect data at rest with negligible impact on NVMe disk performance metrics
Principled Technologies
 
Rothke Computer Forensics Show 2010 Deployment Strategies For Effective E...
Ben Rothke
 
[ppt]
webhostingguy
 
Perpetual Information Security - Driving Data Protection in an Evolving Compl...
SafeNet
 
[ppt]
webhostingguy
 
Encrypt-Everything-eB.pdf
alexguzman510050
 
Where to Store the Cloud Encryption Keys - InterOp 2012
Trend Micro
 
2016 FS-ISAC Annual Summit (Miami) - Developing Effective Encryption Strategies
Joshua R Nicholson
 
Securing data at rest with encryption
Ruban Deventhiran
 
Perimeter Security is Failing
UL Transaction Security
 
Encrytpion information security last stand
George Delikouras
 
A 5 step guide to protecting backup data by Iron Mountain
Pim Piepers
 
Encryption in the enterprise
Bozhidar Bozhanov
 
DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
Andris Soroka
 
Ad

Secure Storage Encryption Implications_Fornetix

  • 1. Secure Storage Encryption Implications Data Storage Security Summit September 24, 2015
  • 2. Attackers don’t just want to get in, they want the stored data • No longer IF, but WHEN and HOW BAD • Heartbleed Hack 2/3 Internet Servers • Cyber-Warfare, Industrial Espionage • FBI Cyber Division 500M Finance records (12 months) • Cost of a Data Breach average $5.5 million PROBLEM ATTACKS OUTPACING DEFENSES Staples Data Breach Target POS Breeched Home Depot Credit Card Theft E-Bay Compromised Sony Picture Digital Break-in Kmart Victim of Hacker Attack Anthem Health Malicious Attack Office of Personnel Management
  • 3. Storage systems can’t rely on perimeter security to keep data safe • Where does storage reside? Everywhere! • What types of storage targeted? All Types! • Is there a ‘Silver Bullet’? No! • Can we do something? Yes, Encrypt! STORAGE ON THE FRONT LINES C a n a r y i n t h e C o a l M i n e
  • 4. SOLUTION 4 Key Orchestration™ V i s i o n a r y, S ca l a b l e , D i s r u p t i v e Bypass “Complexity Culture” Encryption key management at scale is a data messaging problem - not an encryption problem Integrating Identity & Policy with Encryption Management Workflow = Automation & Optimization Utilizing Open Standards maximizes interoperability, accelerates broader encryption usage, and lowers the historically high costs of managing encryption. Protect Data-at-Rest & In-Transit Enabling the 21st Century Secure Data Revolution Encryption Is Needed Everywhere ~ Millions & Billions ~
  • 5. 5 COMPLEXITY REDUCED VS. • Multiple, Cumbersome Interfaces • Operationally Complex • High Costs, Slow to Innovate • Scale-adverse • Unique Tree Structure Interface • Simple, Easy to Use, Powerful • Disruptive, Affordable Pricing • Architected to Scale to Millions Current Encryption Key Management IS DONE MANUALLY! Modern Interface Workflow Automation Grid Views S i n g l e , P o w e r f u l , I n t e g r a t e d
  • 6. Suspend Key Revoke Key Destroy Key Rotate Key Store Key Recover Key Back-up Key Generate Key Use Key Register Key Distribute Key Install Key Time-Bound Key Transaction Key • In current practice, these processes demand “hands-on” intervention • Because each of these processes is managed by human interaction, they are more prone to mistakes, errors of omission and commission, and insider-threats. • The overall management practices are resource intensive and time consuming. 6 KEY MANAGEMENT - LIFECYCLE Many Points of Failure
  • 7. Automatically Suspends Keys Rules Violation Automatically Revokes Keys Rules Based - Alarms, Roles, etc Destroys Keys According to Policy Automated Key Rotation Management Wraps & Stores Keys Rules Based Inherent Key Recovery tools Supervises & Audits Back-up Keys Audits Key Generation, from any approved source Monitors & Audits Key Usage Prompts & Manages Key Registration Distributes Key based on Policy Instruction Installs Keys Automatically according to a Plan Time-Bound Key Supervision & Auditing Transaction Key Supervision & Auditing • Key Orchestration™ plans and stages each element of Key Management in automation, well ahead of execution. • Benefits include testing prior to deployment, greatly reduced operations resources, elimination of most security errors (including insider threats), and substantially reduced time to execute. 7 KEY ORCHESTRATION™ Pre-defined, Tested Policy Interface, Tools, and Automation USAF SMC Satellite rekey demo: 48 hours reduced to 30 minutes
  • 8. CONSOLIDATED MANAGEMENT 8 M a n a g e K e y s A c r o s s P l a t f o r m s File Sharing CRM POS POSPOS Secure Storage KO – Key Orchestration • Key Material Agnostic • Policy Driven • Lifecycle Awareness • Job Control • Automation • Audit & Tracking • Lowest TCO • Error Reduction
  • 9. 9 Key Management Control Plane ORCHESTRATING ENCRYPTION USE Key M a n a g e m e nt C o nt r o l P l a n e Fornetix Partners Hardware Security Module Policy & Operations Initiation HSM Source Device / Appl Target Key Orchestration
  • 10. 10 ENCRYPTION IMPLICATIONS F i n e G r a i n e d E n c r y pte d S to r a g e Security Policy Mgr Active Directory Enterprise Storage Client Enterprise Storage Level 1 Security Enterprise Device Level 2 Security Email KO Content Management KO MSFT Desktops KO API API Server Key Orchestration Key Orchestration Appliance KOA File / Object EncryptionSELinux SELinux Key Material Program Attributes Admin Calls API Call Attribute Attribute Request Users Key Call Security Policy Manager Enterprise Landscape Application Tier Medium Security Policy Manager Enterprise End Device, Appls Key Orchestration Storage Tier High
  • 11. Ownership Policy Manager TCG OPAL USE CASES 11 Key Orchestration TCG OPAL combination of Deploy Storage Device and Take Ownership (use case 1) TCG Opal Lock and Unlock Storage Device (use case 3) OS SED3 KOC SED2SED1 Crypto Store L O C K S E D 1 S E D 2 S E D 3 Credential – Policy Symmetric Key Boot Up – Key Request Lock / UnLock Key Delivered
  • 12. MONETIZING ENCRYPTION 12 Hard Disk Drive Asset Management • In-Use Inventory • Day 1 to EOL Decommission Auditing • Proof: Out-of-Use • Regulatory Compliance Cryptographic Erase • HDD/SSD Data “Bricked” • Encrypt –> Destroy Key –> Reuse Asset E n a b l e E n c r y p t i o n a s K i l l e r A p p Aligning the management of encryption keys with business processes where the use of encryption can now be deployed effectively and efficiently to create new value propositions .
  • 13. 13 SECURE DATA REVOLUTION Smart Client (Fornetix) Bi-Directional • Key Request Either Side • Dynamic Attributes Identity Policy Location Federation Attribute Barrier™ Encryption Horizon™ Micro Client (Fornetix) Multi-Directional • Key Request IoT Intelligence • Micro Attributes Chip Level High Function High Frequency Low Latency 2015-2018 2020 Dumb Client Uni-Directional • Key Request Device side Only • Static Attributes Single Use Device Type Flat Key Forklift Updates Historical 2014 10s of Thousands 100s of Millions 10s of Billions
  • 14. HOMOMORPHIC ENCRYPTION 14 Key Orchestration is architected for high scale and ubiquitous encryption functioning across current and future encryption deployment innovations. CryptDB: Encrypted database and query processing Mylar: A platform for building secure apps Advanced data base systems supporting primary end-user encryption managed data objects, such as CryptDB, will benefit greatly from Fornetix vision of an Encryption Horizon™. Advances such as these, portend a larger scale of encryption usage at the high and low end of computing systems and storage. Key Orchestration’s unique alignment of policy, identity, and federation provides for multi-level and cross-group associations of various encryption material, and their respective key usage profiles and techniques.
  • 15. 15 Thank you! www.fornetix.com Bob Guimarin, CEO bob@fornetix.com info@fornetix.com Tel: 703.687.9770