Network Encryption for Financial Services
 

Network Encryption for Financial Services

on

  • 1,242 views

These are the presentation slides for a recent Ciena and IDC webinar on the topic of Network Encryption in the Financial Services market. Speakers were Chris Christiansen, analyst at IDC, and Jim ...

These are the presentation slides for a recent Ciena and IDC webinar on the topic of Network Encryption in the Financial Services market. Speakers were Chris Christiansen, analyst at IDC, and Jim Gerrity of Ciena.

An archive of this webinar, including slides and audio, is available on ciena.com at the following link: http://mynetwork.ciena.com/Webinar-Replay-Under-Lock-and-Key-Network-Encryption-for-Financial-Services.html?campaign=X357512

Statistics

Views

Total Views
1,242
Views on SlideShare
1,241
Embed Views
1

Actions

Likes
1
Downloads
47
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Network Encryption for Financial Services Network Encryption for Financial Services Presentation Transcript

    • Under Lock and Key: Network Encryption for Financial Services Secure your Critical Data© Ciena Confidential and Proprietary
    • Today’s Speakers Chris Christiansen IDC Jim Gerrity Ciena Corporation2 © Ciena Confidential and Proprietary
    • Agenda3 © Ciena Confidential and Proprietary
    • Under Lock and Key:Network Encryption forFinancial ServicesChristian ChristiansenVP, Security Products & ServicesIDCCopyright 2012 IDC. Reproduction is forbidden unless authorized. All rights reserved.
    • Why Encrypt?• Enterprise Value resides in Bits not Atoms  Customer data  Intellectual property• Protects critical business information  Enforces privacy  Facilitates secure sharing of data  Maintains data integrity  Deleting Cloud data• Compliance requirements© 2012 IDC
    • Compliance Regulations are Everywhere UK/Ireland • Ireland – DP(A)A 1995/2003 Scandinavia • UK – DPA 1995/2000 • Finland – FPDA 1995/1999 • Denmark – DPRA 1978, APPD 1995/2000 • Sweden – PDPA 1995/1998 Canada • The Privacy Act 1983 • PIPEDA 2001 Europe • Belgium – LPPLRPPD 1992, DPA 1995/2001 • Italy – DPA 1995/1997U.S.A. • Germany – FDPA 1995/2001 • Portugal – PDPA 1995/1998• FCRA 1970 • Austria – DPA 1995/2000 • Greece – PIPPD 1995/1997• PA 1974/1975 • Luxembourg – “EUD” 1995/2002 • Eastern Europe – Estonia• RFPA 1978• CTVPA 1984 Mexico • Netherlands – PDPA 1995/2001 (96) Poland (98) Slovak (98) • eCommerce Act 2000 • France – ADPDFIL 1978, “EUD” 1995/Pending Slovenia (99) Hungary (99)• ECPA 1986 • Spain – DPA 1995/2000 Czech (00) Latvia (00)• VPPA 1988• HIPAA 1996/2002 Lithuania (00)• COPPA 1998/2000• DMPEA 1999/2000• FSMA/GLBA 1999/2001• Sarbanes-Oxley 2002 Asia Pacific • Australia – PA/PA(PS)A 1988/2000 2001• PCI 2004 South America • New Zealand – Privacy Act 1993 • Chile – APPD 1998 • Hong Kong – Personal Data 1996 • Argentina – PDPA 2000 • Taiwan – CPPDP Law 1995 • South Korea – eCommerce Act 1999Source: CSC and IDC, 2006 • Japan – J-SOX 2006 © 2012 IDC
    • Reasons For EncryptingPercent of Factors Driving Deployment of Encryption within an organization selected as Extremely Significant Safeguard client or customer information 70% Protect proprietary or critical company data 59% Prevent public exposure, damage to brand or reputation 51% Regulatory, audit or legal compliance 49% Mitigate risk of financial liability 45% Protect executive or corporate communications 37% Safeguard partner information 36% Organization policy 29% 0% 20% 40% 60% N=349© 2012 IDC
    • Encryption: Market Drivers• Encryption is the lynchpin for data security. It is used toprotect data in-transit, data-at-rest, and data-in-use.• Encryption not undertaken for fuzzy reasons.• Neat Stats  1/3 to ½ Enterprises have some data encryption.  75% expect encryption use to increase  Percent of all data encrypted to increase© 2012 IDC
    • Poll QuestionWhat percentage of your corporation’s data is currently encrypted?a) 0-25%b) 26-50%c) 51-75%d) 76-100%How much of your data do you expect to be encrypted in the next 24months?a) 0-25%b) 26-50%c) 51-75%d) 76-100%© 2012 IDC
    • Key Management Perspectives: Quotes "If you forget the key, you "Of course you, you have this are toast." encrypted data and then how do you manage to use it when you need it? You can archive something and encrypt the data but what happens if you lost the key? It is gone forever" "This is a really dangerous technology in that encryption"My key fear is I go out to the tape is a really good way to destroy and the key is dead, wrong, data as well as protect it." expired, corrupted and I got no backup.” © 2012 IDC
    • Key Management Perspectives© 2012 IDC
    • Encryption Silos• Full Disk• File Folder• Storage• Backup and Replication• Email• Database• Network File• Data Transfer•CloudAll of these need Key Management© 2012 IDC
    • Key Management Perspectives: SurveyWhat is your greatest concern, problem or expectation associated with encryption key management? (Multiple responsepossible) Management/implementation 21% Safety/security of keys 14% Losing the key 11% Integrity 7% System resources 6% Staff resources/training 5% Platform compatibility 4% Performance 3% Key expiration 3% Cost/expense 3% None/Dont know 20% 0% 5% 10% 15% 20% N=100© 2012 IDC
    • Key Management System• The Most Important Part of a Secure Encryption System• The purpose of a KMS is to provide life-cycle management ofcryptographic keys in a great variety of scenarios.• Strong KMS imperative to successful encryption operations"Key management, it’s how do I make sure, absolutely sure that I cantake all this information off site in the event of a disaster and get validkeys recovered so we can actually read the data."• KMS must be robust, secure, and inspire confidence© 2012 IDC
    • Enterprise Key Management Concept SITE 1 Key Archive Service SITE 2 SITE 3 Database / Application Tape Tape Libraries Libraries NAS / File Server Disk Disk Arrays Arrays© 2012 IDC
    • EKMS Required Attributes• Key Management Policy, Standards, Procedures• Key Generation, Distribution, Retention, Destruction• Scalability – multiple applications and locations• Automation• Audit• Highest Level of Security - Hardware Protection© 2012 IDC
    • Analyst Thoughts• Technology is mature andstable.• Many see encryption asunreliable and dangerous.• Concerns must be methead-on especiallyregarding data recovery.• Recommend hardwarekeying material protection.• Dedicated encryptionvendors can greatlyincrease comfort level© 2012 IDC
    • Closing Comments• Information exceedingly valuable• Encryption is the lynchpin for storage/information protection• The amount of data being encrypted will continue to increase• Many encryption silos but robust enterprise key managementcan tie it together.• Buy for Today, Plan for Tomorrow© 2012 IDC
    • Network Encryption for Financial Services Secure your critical data© Ciena Confidential and Proprietary
    • Agenda: Part 220 © Ciena Confidential and Proprietary
    • Encryption for Financial Services Business Overview and ObjectivesFinancial services run on information. ……• Information needs to be networked and shared among geographically dispersed locations.• Institutions rely on secure, highly available networks to deliver applications and services.• Financial institutions have significant risks in the areas of data security, compliance and liability.• Financial firms must be vigilant in protecting IT infrastructure from increasing security threats. 21 © Ciena Confidential and Proprietary
    • Why Information Security is Critical for FinancialServices Businesses • Tougher compliance legislation  Safe Harbor Act, EU Data Regulations Protection Act, and Data Protection and Misuse Act (UK), SEC, others & Privacy • Higher fines  Sarbanes-Oxley, PCI-DSS and GLBA Laws • Tougher information security standards  Basel II financial accords and the Sarbanes-Oxley (SOX) Act • More frequent security breaches  58% increase reported in Increasing 2011/12 vs. previous year Threats • More costly incidents  to $7.2m per incident in 2011 (compared to $1.5m in 2005) Cloud • Security concerns hindering cloud services adoption  delaying Security huge economic benefits for Financial Services companies. Concerns22 © Ciena Confidential and Proprietary
    • Security Building Blocks  A comprehensive IT security approach must encompass Server & not just server security and Database At-rest Encryption at-rest encryption, but also a Security robust in-flight encryption solution  In-flight Encryption 23 © Ciena Confidential and Proprietary
    • © Ciena Confidential and Proprietary
    • Common Mistakes About Optical Network Security “I don’t see the business justification for encrypting my data” 1. My network transport technology is inherently safe. It’s fiber optic. 2. We transport so much data, nobody will ever find what they’re looking for. 3. If someone is eavesdropping, we’ll detect it. Don’t be fooled. The only guaranteed preventive technique is encryption25 © Ciena Confidential and Proprietary
    • Encryption 101 DefinitionIn cryptography, encryption is the process  Advanced Encryptionof transforming information using an Standard (AES)algorithm to make it unreadable to anyone Key sizes (56-, 128-, 256-except those possessing special knowledge. bits)The result of the process is encrypted e.g. AES-256information.  National Institute of Standards and Technology (NIST)  Federal Information Processing Standard (FIPS) FIPS 197 FIPS 140-2 26 © Ciena Confidential and Proprietary
    • What Type of Encryption? 1. Protect at the application layer Inefficient use of bandwidth Added cost & complexity Labour-intensive key managementProtocol-specific Can add serious latency 1. Protect at the network transport layer Fewer network elements Wire-speed data throughput Ultra-low latency Protocol-agnostic 27 © Ciena Confidential and Proprietary
    • © Ciena Confidential and Proprietary
    • Ciena Network Encryption Architecture Secure the network Netw ork Security Dashboard Protect your data Enterprise-managed keys FIPS certified Multi-client Ethernet Certified AES-256 EncryptionFiber Channel Ethernet, WDM, SONET/SDH or OTN network Netw ork Hardw are-based; Protocol agnostic independent Efficient, hardware based, ultra-low latency AES-256 encryption FIPS-certified solution with no throughput degradation and no service impact Protocol agnostic for a simplification of the encryption network architecture; wire speed encryption from 10Mb/s – 10Gb/s Encryption key management partitioned from transport management 29 © Ciena Confidential and Proprietary
    • Network Encryption Deployment Options Enterprise managed keys  Add-on Appliance Lowest OPEX Full key control and visibility of network performance Enterprise provided Enterprise provided and managed and managed Private or Service Provider Network Carrier Managed Encryption Enterprise managed Service keys Full network integration Lowest CAPEX Maintain in-house key management and visibility of Service Provider Managed Service network performance 30 © Ciena Confidential and Proprietary
    • Encryption Key Management Mary, the bank’s CSO, manages the service’s encryption parameters (e.g. keys) Mary can view alarms related to her service but not those of the entire system Enterprise-managed keys Network Security Dashboard (NSD)  Partitioning encryption management from transport management for managed service applications Service provider manages transport network Service provider managed network End-customer manages encryption provisioning Bob, the Service Provider, monitors and View access to encryption manages the transport system alarms and logs Bob cannot view or edits keys provisioned by Mary SP hosted web portal31 © Ciena Confidential and Proprietary
    • Ciena Encryption Solutions GigE SONET/SDH OTN OTN MAN/WAN Network Link Integrated Encryption Encryption Encryption Encryption 10G and lower speed (<10G) encrypted services 5130  565*  SAN/LAN Optimization 2RU, Up to 2 10G services Appliance 5100*  2RU, Up to 4 1G encrypted 2RU, Up to 4 10G services services 5200*  Hardware compression 11RU, Up to 16 10G services Supports Layer 1, 2 and 3 WAN networks * Integrated C/DWDM/OTN functionality32 © Ciena Confidential and Proprietary
    • 1G Link Encryption  Securely transport GigE SONET/SDH OTN OTN compressed and encryptedMAN/WANEncryption Network Encryption Link Encryption Integrated Encryption data across a carrier’s MAN/WAN 1. GigE Link Encryption Securely transport compressed and encrypted GbE data across a carrier’s unsecured network Unsecured Network GbE, FC100 GbE, FC100 (clear text) Up to 6 independently GbE Up to 6 independently GbE (clear text) encrypted and compressed encrypted and compressed WAN ports WAN ports33 © Ciena Confidential and Proprietary
    • Secure transport of 10GbE LAN PHY10G Link Encryption  across a carrier’s legacy STS-192 SONET/SDH infrastructure GigE SONET/SDH OTN OTN Securely transport encrypted dataMAN/WAN Network Link Integrated across a carrier’s switched OpticalEncryption Encryption Encryption Encryption Transport Network (OTN) infrastructure 2. SONET/SDH Encryption Secure transport of 10GbE LAN PHY across a carrier’s legacy STS-192c /VC4-64c SONET/SDH infrastructure SONET/SDH 10GE LAN PHY 10G SONET/SDH 10G SONET/SDH 10GE LAN PHY (clear text) (encrypted) (encrypted) (clear text) 3. OTN Link Encryption Securely transport encrypted data across a carrier’s switched Optical Transport Network (OTN) infrastructure 10GE LAN PHY FC800/FC1200 OC-192/STM-64 OTU2(e) ---------------------- OTN / WDM (indirect) G.709 OTU2(e) G.709 OTU2(e) Multiple Client Uncompressed HD/3G Video (encrypted) (encrypted) Types 1GbE, FC100/FC200, OC-48, … Sw itched OTN infrastructure network34 © Ciena Confidential and Proprietary
    • 10G Integrated Encryption  Light encrypted optical waves GigE SONET/SDH OTN OTN directly on dark fiber or deployMAN/WAN Network Link Integrated fully-integrated managedEncryption Encryption Encryption Encryption wavelength services 4. OTN Integrated Encryption Light encrypted optical waves directly on dark fiber or deploy fully-integrated managed wavelength services Multiple Client OTN / WDM Types 10GE LAN PHY FC800/FC1200 OC-192/STM-64 OTU2(e) ---------------------- (indirect) Uncompressed HD/3G Video 1GbE, FC100/FC200, OC-48, …35 © Ciena Confidential and Proprietary
    • Ciena Solution Benefits The security of a FIPS-certified low latency AES-256 encryption engine The flexibility to optimize CAPEX and OPEX budgets Deploy a secure private optical network or a carrier managed encryption service Support for multiple client types and multiple network types The control of in-house key management and visibility of network performance  Features Network Security Dashboard Ultra-low latency AES-256 encryption FIPS 197 and 140-2 Level 2 certified Encryption key management Scalable from 1GE to multiple 10/40/100G partitioned from Reliable: Fast path protection; hitless SW transport management upgrades Added flexibility in 10GE mapping into commonly available either an operator or WAN protocols i.e. SDH, WDM, OTN, Ethernet enterprise-maintained infrastructure. Multi-client support 36 © Ciena Confidential and Proprietary
    • Network Encryption Value Proposition for Financial ServicesUnder Lock and Key: The Need for Wire-Speed Encryption in Financial Services 37 © Ciena Confidential and Proprietary
    • Under Lock and Key:The Need for Wire-Speed Encryption in Financial Services Financial services firms are increasingly turning to wire-speed encryption to ensure that sensitive data is protected across a distributed enterprise. – Wall Street & Technology Journal, 2012 “Security leaders are more accountable to …data breaches against financial institutions the business now. Their audience is happen far more frequently than reported in the expanding.” – CIO, Insurance IBM Security media. “Everybody has data leakage; it’s just a Assessment Survey, 2012 matter of when you find it,” - Ernst & Young VP quote in Bank Systems & Technology, 2012 “Security leaders are going to become more key to their Wire-speed encryption can help organizations, their budgets will increase and they will financial firms protect their data from move from the fringe to being embedded.” – Line-of-business unauthorized users as it moves across Director, Banking in IBM Security Assessment Survey, 2012 the network. – Wall Street & Technology, 2012 “In general, the role of information security will be moving away from specific risks to global risks. The role will be much larger than it used to be.” – Finance Director, Insurance IBM Security Assessment Survey, 2012 A critical component of a comprehensive IT security strategy 38 © Ciena Confidential and Proprietary
    • Questions?© Ciena Confidential and Proprietary
    • Thank you!© Ciena Confidential and Proprietary