Vormetric Data Security Cloud Computing Who is Vormetric? Founded in 2001 Purpose: To Simplify Data Security Customers: 1100+ Customers Worldwide OEM Partners: IBM Guardium Data Encryption Symantec NetBackup MSEO Data Security Simplified Transparent Strong Must be transparent to business processes, end users, and applications Control Privileged Users access to sensitive data Data type neutral – any data, anywhere Firewall your data – approved users and applications allowed, deny all others. Integrated Key Management Efficient SLA, User, and Application performance must remain acceptable Encryption overhead can approach zero Easy Easy to Understand Easy to Implement Easy to Manage Data is Everywhere Public Cloud (AWS, Rackspace, Smart Unstructured Data File Systems Cloud, Savvis, Terremark) Virtual & Private Cloud (VMware, Citrix, Hyper-V) Office documents, SharePoint, PDF, Images, Audio……etc… Remote Locations & Systems Storage & Backup Systems SAN/NAS Backup Systems Data Communications VoIP Systems FTP/Dropbox Server Email Servers Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.) Application Server Security & Other Systems (Event logs, Error logs Cache, Encryption keys, & other secrets) Security Systems Structured Database Systems (SQL, Oracle, DB2, Informix, MySQL) Database Server Advanced Persistent Threat Reducing the Threat Landscape A Defense in Depth Strategy is essential to combating APT Controls and Safeguards are intended to combat the APT at different points in its life cycle The goal is the APT is to gain access to you most valued possession, you data APT’s are already at work on your network. The Data must be protected locally, at the point of access Protect what Matters Image from Secureworks.com Control and Defend Audit Security Management Domains Privileged User Access Control Separation of Roles & Need to Know Key Management Encryption Data Assets Transitioning to the Cloud Database Encryption Usage: Encrypt Tablespace, Log, and other DB files Common Databases: Oracle, MSSQL, DB2, Sybase, Informix, MySQL… Unstructured Data Encryption Usage: Encrypt and Control access to any type of data used by LUW server Common Data Types: Logs, Reports, Images, ETL, Audio/Video Recordings, Documents, Big Data… Examples: FileNet, Documentum, Nice, Hadoop, Home Grown, etc… Cloud Encryption Usage: Encrypt and Control Access to data used by Cloud Instances Common Cloud Providers: Amazon EC2, Rackspace, MS Azure, Savvis, Terremark AT&T, SoftLayer +++ Vormetric Data Security What is it? Integrated solution that controls access to data… Integrated Key Management What does it do? Controls what users and processes can access data Enforces access controls with encryption of any type of data transparently Security Intelligence Data Provide security intelligence around your data Data Firewall Transparent Encryption Transitioning to the Cloud Data Encryption Encrypts file system and volume data transparently to: Applications Databases Storage Infrastructure Integrated Key Management High Efficiency Encryption Data Firewall Need to know access to data, based on approved behavior. Separate data access from data management for system privileged users Security Intelligence Rich event driven audit logs for approved and denied attempts to sensitive data Multiple reporting options to enable actionable security intelligence More than just audit reports – prove data is protected Locking down the CSP Admin Policy ≈ Firewall Rules Rules have Criteria and Effects Criteria User/Group, Process, Data Location, Type of I/O, Time Effects Permission: Permit or Deny Encryption Key: Yes or No Audit: Yes or No The Rules of a policy work like a firewall rule engine 1. 2. 3. 4. Receive criteria from request. Try to match Criteria to Rules. Start at the top. On first match apply the associated Effect. If no match, then deny Locking Down the CSP Admin Vormetric Data Security : Single Pane of Glass Traditional Infrastructure Cloud Computing AWS, RacSpace, Saavis… Data Security Manager Unstructured Unstructured Vormetric Vault Database Database Vormetric Data Security : Single Pane of Glass Traditional Infrastructure Cloud Computing AWS, RacSpace, Saavis… Data Security Manager Unstructured Unstructured Vormetric Vault Database Database Vormetric Data Security Product Suite Vormetric Encryption Purpose: Transparent Data Encryption and Access Control of structured and unstructured data Use Cases: Database Encryption, File Encryption, Privileged User Data Management Vormetric Key Management Vormetric Vault Purpose: Securely store and report on Security Materials Use Cases: Key Vaulting, Certificate Vaulting, Vaulting of other Security materials. Vormetric Toolkit Purpose: Key Management for other Encryption platforms Purpose: Automate and accelerate deployment Use Cases: Application Encryption, TDE Key Management Use Cases: Cloud Providers, Enterprise Deployments Technical Benefits Transparent Strong No changes required to Database, Application or Storage System privileged users can be restricted from accessing sensitive data Data type neutral – any data type Firewall your data – approved users and applications allowed, deny all others. Integrated Key Management Efficient SLA, User, and Application performance are maintained Encryption overhead is minimal Rapid Deployment Easy Easy to Understand Easy to Implement Easy to Manage Vormetric Data Security Protect what matters Jeff Sherman Regional Sales Manager Bill Goodman Sales Engineer