SlideShare a Scribd company logo

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

SafeNet
SafeNet

Offering an outsourced, elastic, pay-as-you-go computing infrastructure, cloud computing services can deliver clear-cut benefits to a host of companies. Just as the benefits are obvious, so too are the security concerns. When outsourcing their infrastructures to cloud service providers, how do organizations ensure that sensitive data remains secured? How do they remain in control of their information assets and compliant with all mandates and policies? This white paper outlines the path enterprises can take to start building trust into cloud deployments, and it details the approaches and capabilities organizations need to make this transition a reality.

Technology
1 of 8
Download to read offline
Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security WHITE PAPER Executive Summary Offering an outsourced, elastic, pay-as-you-go computing infrastructure, cloud computing services can deliver clear-cut benefits to a host of companies. Just as the benefits are obvious, so too are the security concerns. When outsourcing their infrastructures to cloud service providers, how do organizations ensure that sensitive data remains secured? How do they remain in control of their information assets and compliant with all mandates and policies? This white paper outlines the path enterprises can take to start building trust into cloud deployments, and it details the approaches and capabilities organizations need to make this transition a reality. Introduction The move to cloud computing is underway for some very good reasons—cost savings through outsourcing of infrastructure and administration, business agility through the faster deployment of new services, scalability to quickly add computing power and storage capacity to meet seasonal or peak demands, and the list goes on. Cloud computing can raise some pretty vexing questions when it comes to security, though. How do organizations maintain control and ownership of sensitive information when moving Russ Dietz from their own datacenters to a world in which everything is geographically dispersed, virtualized and remote? How can businesses move into the cloud while safeguarding the trust Vice President & Chief of their customers, business partners, and employees? Technology Officer Today, issues of risk, data privacy, and compliance are the chief inhibitors to most organizations’ adoption of cloud services. In fact, a Gartner report cited data location risk, data loss risk, and data security (privacy) risk as three of the top five barriers to cloud-computing adoption. While security can be seen as an obstacle to the broad adoption of cloud computing, it can, in fact, be an enabler. By finding a way to effectively safeguard data in the cloud, enterprises can begin to fully maximize the business potential of cloud offerings. To get there, both enterprises and cloud providers will be going through a transition, one that can be viewed in terms of trust. As enterprises kick off their initial deployments, they’ll do so with a minimum of trust. Over time, that trust will be cemented by solutions and processes that lead to limited and ultimately compliant trust, making cloud security a true win/win for enterprises and providers alike. Cloud Computing: A Question of Trust 1 Maintaining Control and Compliance with Data-centric Information Security White Paper
In the following pages, we’ll walk through this transition in more detail, and then show what it means for enterprises in the months and years ahead. Then, the document will outline some of the specific areas enterprises can target in their efforts to optimize the security and utility of their cloud initiatives. Finally, we’ll outline some of the most important capabilities organizations will need to support these efforts. (Note: In the following pages, unless otherwise specified, when discussing the cloud, we will be referring to the public and hybrid clouds. While private clouds present their own specific security challenges, given their internal deployments, the nature of security will more closely resemble those of current data center deployments. It is the public and hybrid clouds, and the changing nature of the client and cloud service provider relationship, that are the focus of this document.) Step 1: Minimal Trust For most enterprises today, security in the cloud is viewed in a pretty straightforward way: Don’t assume there is any. Organizations that have gone forward with cloud deployments have thus taken full ownership and responsibility for security. This can play out in several ways: sensitive Today, issues of risk, data privacy, data can be transferred into the cloud as is; for example, for disaster recovery or archival and compliance are the chief purposes. Sensitive data, on the other hand, will either be kept out of the cloud entirely or it inhibitors to most organizations’ will be protected, generally through encryption, before it is exposed to the cloud. Further, that adoption of cloud services. information will stay secured through those mechanisms the entire time it resides in the cloud. An organization may opt to use SaaS offerings, but only for applications that do not involve personally identifiable information (PII), or other types of data subject to regulation or privacy laws. A business can migrate the processing of non-sensitive applications to the cloud. For example, this can take the form of “cloud bursting,” an approach in which an organization will migrate an application to the cloud when the processing capacity of its corporate cloud or data center is exceeded. This can be a cost-effective way for organizations to handle seasonal or peak demands for processing. For example, a media company can adopt this approach for video streaming when its internal infrastructure hits capacity. Each of these scenarios can present organizations with near-term benefits—they enable an organization to quickly leverage many of the benefits and strengths of cloud computing, without compromising security or compliance. These scenarios represent the bulk of cloud deployments done to date. Step 2: Limited Trust As organizations become more fully invested in cloud offerings, and seek to take greater advantage of the cloud’s benefits, they’ll increasingly embark upon initiatives to migrate their own security mechanisms to the cloud. This next step in the transition to a trusted cloud will inherently require more of an upfront investment than prior cloud approaches, and also requires a deeper, more collaborative relationship with the cloud provider. At a high level, these deployments will be structured similarly to traditional hosting provider models. Specific deployment approaches can include the following: • Deploying physical security systems in a virtual private cloud • Running a virtual service within a hybrid, multi-tenant cloud environment • Federating cloud user directories with internally managed identity and access management systems • Here, data protection can be conducted in the cloud, yet still within the enterprise’s control. As a result, the types of business services that can be migrated to cloud platforms expand substantially. Cloud Computing: A Question of Trust 2 Maintaining Control and Compliance with Data-centric Information Security White Paper
Step 3: Compliant Trust In this ultimate phase of the cloud’s evolution, cloud providers gain the controls they need to Non-sensitive data can be deliver trust as a service, so enterprises can specify security policies and have confidence in the cloud provider’s infrastructure and capabilities for executing these policies. Here, the enterprise, transferred into the cloud as is; as the information owner, still holds control over security, but more in a virtual, rather than for example, for disaster recovery operational, way. or archival purposes. Sensitive data, on the other hand, will In this scenario, the enterprise sets security policies, and owns the core key materials, credentials, identities, and other elements that are used by the cloud providers to protect either be kept out of the cloud information, which gives them the final say over how security is handled. The cloud provider entirely or it will be protected, will have the sophisticated security infrastructure in place to meet clients’ security objectives, generally through encryption, including robust encryption, secure key management, granular access controls, and more. before it is exposed to the cloud. Enterprises can leverage the cloud and get the level of security needed to stay compliant with all pertinent regulatory mandates and security policies. As a result, almost any business service or application can subsequently be a potential candidate for migration to cloud services. Four Key Areas for Implementing Enterprise Cloud Security Without the right security in place, the move to cloud computing can be a disastrous one for an enterprise. Whether it results in a devastating, costly breach, a failed audit, or a host of other scenarios, the costs of a poorly secured cloud implementation can cost a company dearly in terms of out-of-pocket expenses, lost productivity, and brand erosion. With the right capabilities, however, enterprises can ensure high levels of security in cloud deployments. What capabilities will be required in cloud environments, and how do they differ from traditional approaches? The sections below outline some specific areas for applying security measures to cloud environments and the capabilities required to undertake these measures. With these initiatives, organizations can begin to gain the control, visibility, and efficiency they need to both ensure security and leverage the business benefits of cloud services. Secure Cloud Storage Driven by a need to use the cloud’s elastic storage, without exposing data to the cloud’s vulnerabilities, enterprises can perform secure storage in the cloud, effectively using the cloud In the compliant trust phase for the backup, disaster recovery, and archival of data. of the cloud’s evolution, cloud To achieve effective secure cloud storage, organizations need the following capabilities: providers gain the controls they need to deliver trust as • Granular encryption. While an organization could simply encrypt all data as it is passed to a service, so enterprises can the cloud, this could introduce a lot of unnecessary processing overhead, and add significant delays in data restoration. Consequently, organizations benefit by having granular encryption specify security policies and have capabilities, ideally at the file level, so organizations can more selectively encrypt only the confidence in the cloud provider’s information that is sensitive. infrastructure and capabilities for executing these policies. • Robust access controls. In tandem with granular encryption, organizations need strong access control, including at the user level, to authorize which files or folders can be accessed, when, and by whom. • Group-based policies. To streamline implementation, security teams need to be able to enforce policies at the group level, so categories of users can be assured of getting appropriate access to sensitive data. • Central management of remote systems. To make this approach practical, systems, including centralized key and policy management. Armed with these capabilities, enterprises can efficiently leverage many of the benefits of cloud services, while retaining effective security controls. Cloud Computing: A Question of Trust 3 Maintaining Control and Compliance with Data-centric Information Security White Paper
With this approach, sensitive data is encrypted the entire time it is housed in the cloud. While securing sensitive data in this way will address many fundamental security objectives, it won’t address all. For example, this approach would not address many of the compliance mandates that require the use of tamper-proof, FIPS-certified hardware security modules (HSMs) for the storage of keys. Driven by a need to use the ProtectFile Workstations cloud’s elastic storage, without exposing data to the cloud’s vulnerabilities, enterprises can Enterprise ProtectFile perform secure storage in the cloud, effectively using the cloud Ar for the backup, disaster recovery, ch ive and archival of data. Cloud Providers ProtectFile Mobile Workforce Figure 1 Secure cloud storage represents an opportunity for organizations to leverage the cloud’s elastic, cost- effective storage capacity, while maintaining security. This approach requires a combination of granular encryption mechanisms and centralized access. Cloud Security for Endpoints With this approach, enterprises can protect data at the end user level, including at the mobile device and laptop or desktop level. This enables seamless interaction between users and information in cloud storage. In this scenario, sensitive information remains encrypted in the cloud at all times. In addition, a virtualized instance of this appliance would be deployed in the cloud to replicate policies and security enforcement on the data. Security administrators need the ability to dictate policy based on business content, documents, and folders in order to ensure that only authorized users and groups have access to sensitive data. When this approach is employed, cryptographic keys never leave the enterprise, and, in fact, never leave the secured, hardened HSM-based appliance. For optimal security, tokens can be employed at the user level, helping to add an additional layer of security to user access. Consequently, enterprises can leverage an elastic, cloud-based storage pool, while optimizing security, ensuring that sensitive data is only visible to authorized users at authorized endpoints. Cloud Computing: A Question of Trust 4 Maintaining Control and Compliance with Data-centric Information Security White Paper
Workstations ProtectFile Certificate-Based (PKI) Common Data Protection Policy ProtectFile ProtectFile ProtectFile Enterprise Cloud Providers ProtectFile ProtectFile An efficient cloud security ProtectFile ProtectFile deployment scenario requires a Certificate-Based (PKI) centralized, hardened security Mobile Workforce and Partners appliance, which is used to manage cryptographic keys, Figure 2 By employing centralized key management and tokens at the end user level, enterprises can harness cloud services, while ensuring sensitive data is only visible to authorized users. access control, and other security policies. Federated Access Control Today, even without cloud deployments in the mix, most enterprises have to manage multiple user identities across various platforms and services, which can pose a significant administrative burden, inefficiency for end users, and security threats. By employing federated access control, enterprises can accomplish the following objectives: • Deliver single sign-on access for users to all enterprise applications and platforms— including internal email and ERP systems and external SaaS applications; • Streamline administration through central management of policies, identities, and tokens; • Adhere to a host of compliance mandates and stringent security policies; • Leverage open standards and a broad range of authentication solutions; and • Boost security through stringent, cohesive policy enforcement, separation of duties, and granular access controls. By offering a means to streamline end user access and access control administration, federated access initiatives can help optimize security while reducing corporate security costs. To deliver on this objective, identity management needs to be done through a simple, Web-based gateway that offers all the administrative access controls required. Tokens need to be leveraged to ensure proper authentication. In addition, this deployment approach can leverage Security Assertion Markup Language (SAML), an XML-based standard for exchanging authentication and authorization data, for managing the exchange of information between the enterprise and external service providers. Common Identity Interconnect Identity Server SAML SAML SaaS Provider Infrastructure Enterprise Cloud Provider End-Users Figure 3 By federating access control mechanisms, organizations can simultaneously streamline security administration and improve adherence with security policies. Cloud Computing: A Question of Trust 5 Maintaining Control and Compliance with Data-centric Information Security White Paper
Virtual Encryption as a Service To fully leverage the cloud opportunity, enterprises and cloud providers alike need a way to take the unparalleled security offered by sophisticated, hardware-based encryption solutions and virtualize those offerings. This enables the delivery of symmetric encryption, file encryption, secure key management, and a host of other capabilities and services within cloud environments. By offering a means to Because the platform is virtualized, it can be integrated cost-effectively and seamlessly streamline end user access and within the cloud provider’s infrastructure. Further, by combining the security benefits of these technologies with the cloud delivery model, security implementations can be far less expensive access control administration, than traditional in-house deployments, putting state-of-the-art security capabilities within federated access initiatives can reach of even small and medium businesses for the first time. help optimize security while reducing corporate security Virtual encryption-as-a-service deployments will largely be implemented by the cloud provider, who will leverage robust security mechanisms, such as centralized key management, granular costs. encryption, and access control, within their infrastructures. To support virtual encryption as a service, many cloud customers will deploy multi-factor authentication tokens and token management systems in their environments, which can ensure the appropriate access controls are applied to security services and protected data. Certificate-Based (PKI) SMB Cloud Provider Certificate-Based (PKI) Figure 4 By providing virtual encryption as a service, smaller organizations can gain access to robust security mechanisms that may have been cost prohibitive in the past. SafeNet: Delivering the Trusted Cloud Platform Introduction—Overview of SafeNet Cloud Solutions With SafeNet’s security offerings, organizations can fully leverage the business benefits of cloud environments while ensuring trust, compliance, and privacy. Cryptography as a Service SafeNet offers the broad set of solutions that enable both enterprises and cloud providers to leverage cryptography as a service. SafeNet solutions offer the unparalleled combination of features—including central key and policy management, robust encryption support, flexible integration, and more—that make cryptography as a service practical, efficient, and secure. SafeNet offers these security solutions: • Token management systems and multi-factor tokens that ensure stringent, granular end user access controls • Hardware security modules, including the Luna SA product line, that enable centralized, FIPS- and Common Criteria-certified storage of cryptographic keys • DataSecure, which offers file, application, and database encryption—all managed through a hardened appliance that centralizes encryption processing, keys, logging, auditing, and policy administration Together, these solutions deliver the critical capabilities required for a robust, cost-effective, and secure cryptography-as-a-service implementation. Cloud Computing: A Question of Trust 6 Maintaining Control and Compliance with Data-centric Information Security White Paper
Cloud Database MFA SafeNet Tokens HSMs Cloud Storage Token Mgmt Elastic Compute System Certificate-Based (PKI) HSM Client ProtectFile ProtectApp ProtectDB Enterprise Cloud Provider Certificate-Based (PKI) MFA for End-Users When cloud providers deliver virtual encryption as a service, DataSecure they can implement database, Luna SA Root of Trust Federated Key Mgmt DataSecure application, and file encryption— & User Directories all managed through a single, Figure 5 SafeNet’s HSMs and DataSecure offerings offer FIPS- and Common Criteria-certified, hardware-based protection of cryptographic keys and controls that help ensure regulatory compliance in cloud deployments. virtual platform that combines cryptographic key management, Trusted Cloud Computing policy management, and The dynamic nature of cloud computing can pose significant risks. Today, someone can take an application, for instance running for one organization, then move it to another location, and run it encryption processing. for another organization—and that application could enable unauthorized users and processes to access sensitive data. With SafeNet, you can control applications and services within the cloud environment, and ensure applications only run on intended platforms for intended customers. SafeNet enables organizations to control the instances of the high-value virtual machines, ensuring they are only invoked in the right circumstances. SafeNet delivers the solutions that enable organizations to do rights management for virtual machines: • Software rights management solutions and tokens for authenticating virtual machines • ProtectFile file encryption solution, which enables pre-boot authentication of virtual machines • DataSecure, which delivers central policy management of all file, application, and database encryption processing SRM APP SRM Tokens Two-Factor Activation Licensing PaaS Provider APP Virtual Resource Enterprise Administrators OTP IaaS Provider DataSecure Software eTokens Key-Management Two-Factor Pre-Boot Certificate-Based (PKI) ProtectFile Figure 6 SafeNet offers the products and capabilities enterprises need to control instances of virtual machines running in the cloud, including where they are located and when they can be invoked, so they can safeguard trust in their cloud deployments. Conclusion In terms of potential, the sky truly is the limit when it comes to the benefits cloud computing can deliver. However, the full magnitude of this opportunity can only be realized when security is efficiently, persistently, and effectively employed to safeguard sensitive data. With its sophisticated, data-centric security solutions, SafeNet enables customers to gain the agility they need to leverage cloud environments most effectively, without making any compromises in security, privacy, or compliance. Cloud Computing: A Question of Trust 7 Maintaining Control and Compliance with Data-centric Information Security White Paper
To Learn More about Cloud Security To provide business and security leaders with more information on secure cloud computing, SafeNet offers a website featuring a series of white board videos and white papers. These resources outline how cloud security is expected to evolve, and describe what organizations SafeNet offers intelligent, need to do to prepare for and take advantage of these changes. For more information, visit www. data-centric solutions that safenet-inc.com/cloudsecurity. persistently protect data throughout the information About SafeNet life cycle and evolve to support Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its changing cloud delivery customers’ most valuable assets, including identities, transactions, communications, data models—from today’s SaaS and and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their private clouds to the evolving information security needs to SafeNet. demands of hybrid and public clouds. SafeNet delivers the solutions that enable organizations to do rights management for virtual machines. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN) A4-09.07.10 Cloud Computing: A Question of Trust 8 Maintaining Control and Compliance with Data-centric Information Security White Paper

Recommended

Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 

Recommended

Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

More Related Content

More from SafeNet

SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 

More from SafeNet (20)

SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and Strategies
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key Strategies
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMs
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_web
 

Recently uploaded

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 

Recently uploaded (20)

Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

  • 1. Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security WHITE PAPER Executive Summary Offering an outsourced, elastic, pay-as-you-go computing infrastructure, cloud computing services can deliver clear-cut benefits to a host of companies. Just as the benefits are obvious, so too are the security concerns. When outsourcing their infrastructures to cloud service providers, how do organizations ensure that sensitive data remains secured? How do they remain in control of their information assets and compliant with all mandates and policies? This white paper outlines the path enterprises can take to start building trust into cloud deployments, and it details the approaches and capabilities organizations need to make this transition a reality. Introduction The move to cloud computing is underway for some very good reasons—cost savings through outsourcing of infrastructure and administration, business agility through the faster deployment of new services, scalability to quickly add computing power and storage capacity to meet seasonal or peak demands, and the list goes on. Cloud computing can raise some pretty vexing questions when it comes to security, though. How do organizations maintain control and ownership of sensitive information when moving Russ Dietz from their own datacenters to a world in which everything is geographically dispersed, virtualized and remote? How can businesses move into the cloud while safeguarding the trust Vice President & Chief of their customers, business partners, and employees? Technology Officer Today, issues of risk, data privacy, and compliance are the chief inhibitors to most organizations’ adoption of cloud services. In fact, a Gartner report cited data location risk, data loss risk, and data security (privacy) risk as three of the top five barriers to cloud-computing adoption. While security can be seen as an obstacle to the broad adoption of cloud computing, it can, in fact, be an enabler. By finding a way to effectively safeguard data in the cloud, enterprises can begin to fully maximize the business potential of cloud offerings. To get there, both enterprises and cloud providers will be going through a transition, one that can be viewed in terms of trust. As enterprises kick off their initial deployments, they’ll do so with a minimum of trust. Over time, that trust will be cemented by solutions and processes that lead to limited and ultimately compliant trust, making cloud security a true win/win for enterprises and providers alike. Cloud Computing: A Question of Trust 1 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 2. In the following pages, we’ll walk through this transition in more detail, and then show what it means for enterprises in the months and years ahead. Then, the document will outline some of the specific areas enterprises can target in their efforts to optimize the security and utility of their cloud initiatives. Finally, we’ll outline some of the most important capabilities organizations will need to support these efforts. (Note: In the following pages, unless otherwise specified, when discussing the cloud, we will be referring to the public and hybrid clouds. While private clouds present their own specific security challenges, given their internal deployments, the nature of security will more closely resemble those of current data center deployments. It is the public and hybrid clouds, and the changing nature of the client and cloud service provider relationship, that are the focus of this document.) Step 1: Minimal Trust For most enterprises today, security in the cloud is viewed in a pretty straightforward way: Don’t assume there is any. Organizations that have gone forward with cloud deployments have thus taken full ownership and responsibility for security. This can play out in several ways: sensitive Today, issues of risk, data privacy, data can be transferred into the cloud as is; for example, for disaster recovery or archival and compliance are the chief purposes. Sensitive data, on the other hand, will either be kept out of the cloud entirely or it inhibitors to most organizations’ will be protected, generally through encryption, before it is exposed to the cloud. Further, that adoption of cloud services. information will stay secured through those mechanisms the entire time it resides in the cloud. An organization may opt to use SaaS offerings, but only for applications that do not involve personally identifiable information (PII), or other types of data subject to regulation or privacy laws. A business can migrate the processing of non-sensitive applications to the cloud. For example, this can take the form of “cloud bursting,” an approach in which an organization will migrate an application to the cloud when the processing capacity of its corporate cloud or data center is exceeded. This can be a cost-effective way for organizations to handle seasonal or peak demands for processing. For example, a media company can adopt this approach for video streaming when its internal infrastructure hits capacity. Each of these scenarios can present organizations with near-term benefits—they enable an organization to quickly leverage many of the benefits and strengths of cloud computing, without compromising security or compliance. These scenarios represent the bulk of cloud deployments done to date. Step 2: Limited Trust As organizations become more fully invested in cloud offerings, and seek to take greater advantage of the cloud’s benefits, they’ll increasingly embark upon initiatives to migrate their own security mechanisms to the cloud. This next step in the transition to a trusted cloud will inherently require more of an upfront investment than prior cloud approaches, and also requires a deeper, more collaborative relationship with the cloud provider. At a high level, these deployments will be structured similarly to traditional hosting provider models. Specific deployment approaches can include the following: • Deploying physical security systems in a virtual private cloud • Running a virtual service within a hybrid, multi-tenant cloud environment • Federating cloud user directories with internally managed identity and access management systems • Here, data protection can be conducted in the cloud, yet still within the enterprise’s control. As a result, the types of business services that can be migrated to cloud platforms expand substantially. Cloud Computing: A Question of Trust 2 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 3. Step 3: Compliant Trust In this ultimate phase of the cloud’s evolution, cloud providers gain the controls they need to Non-sensitive data can be deliver trust as a service, so enterprises can specify security policies and have confidence in the cloud provider’s infrastructure and capabilities for executing these policies. Here, the enterprise, transferred into the cloud as is; as the information owner, still holds control over security, but more in a virtual, rather than for example, for disaster recovery operational, way. or archival purposes. Sensitive data, on the other hand, will In this scenario, the enterprise sets security policies, and owns the core key materials, credentials, identities, and other elements that are used by the cloud providers to protect either be kept out of the cloud information, which gives them the final say over how security is handled. The cloud provider entirely or it will be protected, will have the sophisticated security infrastructure in place to meet clients’ security objectives, generally through encryption, including robust encryption, secure key management, granular access controls, and more. before it is exposed to the cloud. Enterprises can leverage the cloud and get the level of security needed to stay compliant with all pertinent regulatory mandates and security policies. As a result, almost any business service or application can subsequently be a potential candidate for migration to cloud services. Four Key Areas for Implementing Enterprise Cloud Security Without the right security in place, the move to cloud computing can be a disastrous one for an enterprise. Whether it results in a devastating, costly breach, a failed audit, or a host of other scenarios, the costs of a poorly secured cloud implementation can cost a company dearly in terms of out-of-pocket expenses, lost productivity, and brand erosion. With the right capabilities, however, enterprises can ensure high levels of security in cloud deployments. What capabilities will be required in cloud environments, and how do they differ from traditional approaches? The sections below outline some specific areas for applying security measures to cloud environments and the capabilities required to undertake these measures. With these initiatives, organizations can begin to gain the control, visibility, and efficiency they need to both ensure security and leverage the business benefits of cloud services. Secure Cloud Storage Driven by a need to use the cloud’s elastic storage, without exposing data to the cloud’s vulnerabilities, enterprises can perform secure storage in the cloud, effectively using the cloud In the compliant trust phase for the backup, disaster recovery, and archival of data. of the cloud’s evolution, cloud To achieve effective secure cloud storage, organizations need the following capabilities: providers gain the controls they need to deliver trust as • Granular encryption. While an organization could simply encrypt all data as it is passed to a service, so enterprises can the cloud, this could introduce a lot of unnecessary processing overhead, and add significant delays in data restoration. Consequently, organizations benefit by having granular encryption specify security policies and have capabilities, ideally at the file level, so organizations can more selectively encrypt only the confidence in the cloud provider’s information that is sensitive. infrastructure and capabilities for executing these policies. • Robust access controls. In tandem with granular encryption, organizations need strong access control, including at the user level, to authorize which files or folders can be accessed, when, and by whom. • Group-based policies. To streamline implementation, security teams need to be able to enforce policies at the group level, so categories of users can be assured of getting appropriate access to sensitive data. • Central management of remote systems. To make this approach practical, systems, including centralized key and policy management. Armed with these capabilities, enterprises can efficiently leverage many of the benefits of cloud services, while retaining effective security controls. Cloud Computing: A Question of Trust 3 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 4. With this approach, sensitive data is encrypted the entire time it is housed in the cloud. While securing sensitive data in this way will address many fundamental security objectives, it won’t address all. For example, this approach would not address many of the compliance mandates that require the use of tamper-proof, FIPS-certified hardware security modules (HSMs) for the storage of keys. Driven by a need to use the ProtectFile Workstations cloud’s elastic storage, without exposing data to the cloud’s vulnerabilities, enterprises can Enterprise ProtectFile perform secure storage in the cloud, effectively using the cloud Ar for the backup, disaster recovery, ch ive and archival of data. Cloud Providers ProtectFile Mobile Workforce Figure 1 Secure cloud storage represents an opportunity for organizations to leverage the cloud’s elastic, cost- effective storage capacity, while maintaining security. This approach requires a combination of granular encryption mechanisms and centralized access. Cloud Security for Endpoints With this approach, enterprises can protect data at the end user level, including at the mobile device and laptop or desktop level. This enables seamless interaction between users and information in cloud storage. In this scenario, sensitive information remains encrypted in the cloud at all times. In addition, a virtualized instance of this appliance would be deployed in the cloud to replicate policies and security enforcement on the data. Security administrators need the ability to dictate policy based on business content, documents, and folders in order to ensure that only authorized users and groups have access to sensitive data. When this approach is employed, cryptographic keys never leave the enterprise, and, in fact, never leave the secured, hardened HSM-based appliance. For optimal security, tokens can be employed at the user level, helping to add an additional layer of security to user access. Consequently, enterprises can leverage an elastic, cloud-based storage pool, while optimizing security, ensuring that sensitive data is only visible to authorized users at authorized endpoints. Cloud Computing: A Question of Trust 4 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 5. Workstations ProtectFile Certificate-Based (PKI) Common Data Protection Policy ProtectFile ProtectFile ProtectFile Enterprise Cloud Providers ProtectFile ProtectFile An efficient cloud security ProtectFile ProtectFile deployment scenario requires a Certificate-Based (PKI) centralized, hardened security Mobile Workforce and Partners appliance, which is used to manage cryptographic keys, Figure 2 By employing centralized key management and tokens at the end user level, enterprises can harness cloud services, while ensuring sensitive data is only visible to authorized users. access control, and other security policies. Federated Access Control Today, even without cloud deployments in the mix, most enterprises have to manage multiple user identities across various platforms and services, which can pose a significant administrative burden, inefficiency for end users, and security threats. By employing federated access control, enterprises can accomplish the following objectives: • Deliver single sign-on access for users to all enterprise applications and platforms— including internal email and ERP systems and external SaaS applications; • Streamline administration through central management of policies, identities, and tokens; • Adhere to a host of compliance mandates and stringent security policies; • Leverage open standards and a broad range of authentication solutions; and • Boost security through stringent, cohesive policy enforcement, separation of duties, and granular access controls. By offering a means to streamline end user access and access control administration, federated access initiatives can help optimize security while reducing corporate security costs. To deliver on this objective, identity management needs to be done through a simple, Web-based gateway that offers all the administrative access controls required. Tokens need to be leveraged to ensure proper authentication. In addition, this deployment approach can leverage Security Assertion Markup Language (SAML), an XML-based standard for exchanging authentication and authorization data, for managing the exchange of information between the enterprise and external service providers. Common Identity Interconnect Identity Server SAML SAML SaaS Provider Infrastructure Enterprise Cloud Provider End-Users Figure 3 By federating access control mechanisms, organizations can simultaneously streamline security administration and improve adherence with security policies. Cloud Computing: A Question of Trust 5 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 6. Virtual Encryption as a Service To fully leverage the cloud opportunity, enterprises and cloud providers alike need a way to take the unparalleled security offered by sophisticated, hardware-based encryption solutions and virtualize those offerings. This enables the delivery of symmetric encryption, file encryption, secure key management, and a host of other capabilities and services within cloud environments. By offering a means to Because the platform is virtualized, it can be integrated cost-effectively and seamlessly streamline end user access and within the cloud provider’s infrastructure. Further, by combining the security benefits of these technologies with the cloud delivery model, security implementations can be far less expensive access control administration, than traditional in-house deployments, putting state-of-the-art security capabilities within federated access initiatives can reach of even small and medium businesses for the first time. help optimize security while reducing corporate security Virtual encryption-as-a-service deployments will largely be implemented by the cloud provider, who will leverage robust security mechanisms, such as centralized key management, granular costs. encryption, and access control, within their infrastructures. To support virtual encryption as a service, many cloud customers will deploy multi-factor authentication tokens and token management systems in their environments, which can ensure the appropriate access controls are applied to security services and protected data. Certificate-Based (PKI) SMB Cloud Provider Certificate-Based (PKI) Figure 4 By providing virtual encryption as a service, smaller organizations can gain access to robust security mechanisms that may have been cost prohibitive in the past. SafeNet: Delivering the Trusted Cloud Platform Introduction—Overview of SafeNet Cloud Solutions With SafeNet’s security offerings, organizations can fully leverage the business benefits of cloud environments while ensuring trust, compliance, and privacy. Cryptography as a Service SafeNet offers the broad set of solutions that enable both enterprises and cloud providers to leverage cryptography as a service. SafeNet solutions offer the unparalleled combination of features—including central key and policy management, robust encryption support, flexible integration, and more—that make cryptography as a service practical, efficient, and secure. SafeNet offers these security solutions: • Token management systems and multi-factor tokens that ensure stringent, granular end user access controls • Hardware security modules, including the Luna SA product line, that enable centralized, FIPS- and Common Criteria-certified storage of cryptographic keys • DataSecure, which offers file, application, and database encryption—all managed through a hardened appliance that centralizes encryption processing, keys, logging, auditing, and policy administration Together, these solutions deliver the critical capabilities required for a robust, cost-effective, and secure cryptography-as-a-service implementation. Cloud Computing: A Question of Trust 6 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 7. Cloud Database MFA SafeNet Tokens HSMs Cloud Storage Token Mgmt Elastic Compute System Certificate-Based (PKI) HSM Client ProtectFile ProtectApp ProtectDB Enterprise Cloud Provider Certificate-Based (PKI) MFA for End-Users When cloud providers deliver virtual encryption as a service, DataSecure they can implement database, Luna SA Root of Trust Federated Key Mgmt DataSecure application, and file encryption— & User Directories all managed through a single, Figure 5 SafeNet’s HSMs and DataSecure offerings offer FIPS- and Common Criteria-certified, hardware-based protection of cryptographic keys and controls that help ensure regulatory compliance in cloud deployments. virtual platform that combines cryptographic key management, Trusted Cloud Computing policy management, and The dynamic nature of cloud computing can pose significant risks. Today, someone can take an application, for instance running for one organization, then move it to another location, and run it encryption processing. for another organization—and that application could enable unauthorized users and processes to access sensitive data. With SafeNet, you can control applications and services within the cloud environment, and ensure applications only run on intended platforms for intended customers. SafeNet enables organizations to control the instances of the high-value virtual machines, ensuring they are only invoked in the right circumstances. SafeNet delivers the solutions that enable organizations to do rights management for virtual machines: • Software rights management solutions and tokens for authenticating virtual machines • ProtectFile file encryption solution, which enables pre-boot authentication of virtual machines • DataSecure, which delivers central policy management of all file, application, and database encryption processing SRM APP SRM Tokens Two-Factor Activation Licensing PaaS Provider APP Virtual Resource Enterprise Administrators OTP IaaS Provider DataSecure Software eTokens Key-Management Two-Factor Pre-Boot Certificate-Based (PKI) ProtectFile Figure 6 SafeNet offers the products and capabilities enterprises need to control instances of virtual machines running in the cloud, including where they are located and when they can be invoked, so they can safeguard trust in their cloud deployments. Conclusion In terms of potential, the sky truly is the limit when it comes to the benefits cloud computing can deliver. However, the full magnitude of this opportunity can only be realized when security is efficiently, persistently, and effectively employed to safeguard sensitive data. With its sophisticated, data-centric security solutions, SafeNet enables customers to gain the agility they need to leverage cloud environments most effectively, without making any compromises in security, privacy, or compliance. Cloud Computing: A Question of Trust 7 Maintaining Control and Compliance with Data-centric Information Security White Paper
  • 8. To Learn More about Cloud Security To provide business and security leaders with more information on secure cloud computing, SafeNet offers a website featuring a series of white board videos and white papers. These resources outline how cloud security is expected to evolve, and describe what organizations SafeNet offers intelligent, need to do to prepare for and take advantage of these changes. For more information, visit www. data-centric solutions that safenet-inc.com/cloudsecurity. persistently protect data throughout the information About SafeNet life cycle and evolve to support Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its changing cloud delivery customers’ most valuable assets, including identities, transactions, communications, data models—from today’s SaaS and and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their private clouds to the evolving information security needs to SafeNet. demands of hybrid and public clouds. SafeNet delivers the solutions that enable organizations to do rights management for virtual machines. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN) A4-09.07.10 Cloud Computing: A Question of Trust 8 Maintaining Control and Compliance with Data-centric Information Security White Paper