Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
 

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

on

  • 483 views

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . ...

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html

The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk.

This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family.

According to the whitepaper, encryption key management should meet four primary criteria:

1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data.
2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network.
3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change.
4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Statistics

Views

Total Views
483
Views on SlideShare
482
Embed Views
1

Actions

Likes
0
Downloads
10
Comments
0

1 Embed 1

https://twitter.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team todayA centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.Vormetric Key Management is the only solution today that canMinimize IT operational and support burdens for encryption key management,Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric Presentation Transcript

  • www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing
  • Presentation Overview Evolution of encryption management systems and integrated key IT operations and will then be examined support challenges Review of the future compliance regulations industry initiatives and Conclude with brief Vormetric Key Management introduction to Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 2
  • Importance of Enterprise Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 3 Two Types of Key Management Systems Third PartyIntegrated “ The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012
  • IT Imperative: Secure Enterprise Data Direct access to enterprise data has increased the risk of misuse. Attacks on mission critical data are getting more sophisticated. Security breach results in substantial loss of revenue and customer trust. Compliance regulations (HIPAA, PCI DSS) mandates improved controls. 1 2 3 4 What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise. “ A Data Breach Costs > $7.2M Per Episode 2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 4
  • Enterprise Key Management 8 Requirements Enterprise Key Management Generation Storage Backup Key State Management Security Auditing Authentication Restoration Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Interoperability Standards PKCS#11 EKM OASIS KMIP Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE) Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management Single comprehensive protocol defined by consumers of enterprise key management systems ! Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 6
  • Complex management: Managing a plethora of encryption keys in millions Security Issues: Vulnerability of keys from outside hackers /malicious insiders Data Availability: Ensuring data accessibility for authorized users Scalability: Supporting multiple databases, applications and standards Governance: Defining policy- driven, access, control and protection for data Encryption Key Management Challenges Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 7 Disparate Systems Different Ways of Managing Encryption Keys
  • Industry Regulatory Standards Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 8 Gramm Leach Bliley Act (GLBA) U.S. Health I.T. for Economic and Clinical Health (HITECH) Act Payment Card Industry Data Security Standard (PCI DSS) Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions. Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation. Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.
  • Vormetric Key Management Benefits Minimize Solution Costs Stores Keys Securely Provides Audit and Reporting Manages Heterogeneous Keys / FIPS 140-2 Compliant VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure. “ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 9
  • Vormetric Key Management Capabilities Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 10 Manage Vormetric Encryption Agents Manage 3rd Party Keys Vault Other Keys Create/Manage/Revoke keys of 3rd party encryption solutions Provide Network HSM to encryption solutions via  PKCS#11 (Oracle 11gR2)  EKM (MSSQL 2008 R2) Provide Secure storage of security material Key Types:  Symmetric: AES, 3DES, ARIA  Asymmetric: RSA 1024, RSA 2048, RSA 4096  Other: Unvalidated security materials (passwords, etc.).
  • Vormetric Key Management Components Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 11 Data Security Manager (DSM) Report on vaulted keys Key Vault Provides key management services for:  Oracle 11g R2 TDE (Tablespace Encryption)  MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption) Licensable Option on DSM Web based or API level interface for import and export of keys Same DSM as used with all VDS products FIPS 140-2 Key Manager with Separation of Duties Supports Symmetric, Asymmetric, and Other Key materials Reporting on key types
  • TDE Key Architecture before Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 12 Master Encryption keys are stored on the local system in a file with the data by default. TDE Master Encryption Key Local Wallet or Table Oracle / Microsoft TDE
  • TDE Key Architecture after Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 13 TDE Master Encryption Key Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database server SSLConnection Key Agent Oracle / Microsoft TDE
  • VKM Architecture-Key Vault Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 14 Asymmetric Web GUI Command Line / API Supported Key Types:
  • Security Policy and Key Management Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Vormetric Key Management is the only solution today that can: Minimize IT operational and support burdens for encryption key management, Protect data without disrupting you business Secure and control access to data across the enterprise and into the cloud, and Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 15
  • Vormetric Key Management is the only solution today that can: A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today Security Policy and Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 16 “ The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012 Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business
  • www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing Download Whitepaper Click - to - tweet