Securing Information Throughout Its Lifecycle with SafeNet Data Protection


Published on

The security frameworks implemented in most organizations aren’t cutting it today—and their shortcomings are only going to be exacerbated over time. This paper outlines why a new approach is needed, outlining the trends that are increasingly exposing the limitations of traditional security approaches. The paper then reveals how SafeNet’s comprehensive data protection solutions offer an effective, cohesive framework for protecting information throughout its lifecycle.

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Securing Information Throughout Its Lifecycle with SafeNet Data Protection

  1. 1. Securing Information Throughout Its Lifecycle with SafeNet Data Protection WHITE PAPERWhether today, tomorrow, or in the Executive Summary The security frameworks implemented in most organizations aren’t cutting it today—and coming months, leaders at many their shortcomings are only going to be exacerbated over time. This paper outlines why a organizations are going to come new approach is needed, outlining the trends that are increasingly exposing the limitationsto a single, tough, yet unassailable of traditional security approaches. The paper then reveals how SafeNet’s comprehensive truth: The proliferation and data protection solutions offer an effective, cohesive framework for protecting informationmobility of their data has outpaced throughout its lifecycle. their businesses’ ability to protect it. Introduction Whether today, tomorrow, or in the coming months, leaders at many organizations are going to come to a single, tough, yet unassailable truth: The proliferation and mobility of their data has outpaced their businesses’ ability to protect it. Sensitive assets are constantly at risk. Internal and external threats are persistent, pernicious, and pervasive. Critical assets are increasingly vulnerable—whether it is a company’s intellectual property, sensitive customer data, or core communications that underpin business processes. The current security framework has been built using security controls that guard specific systems against specific threats. Quite simply, this framework isn’t sustainable. Furthermore, the very nature of this fractured, knitted framework is failing to deliver the integrated, comprehensive approach needed to protect information across its lifecycle. To combat the threats of the future and guarantee the protection of data as it is actually used, organizations must move to a framework that is centered on the data itself. With a data-centric approach built around an information lifecycle model, organizations can build systems to better protect data, gain enhanced visibility and control, and realize significant improvements in efficiency and economies of scale. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 1
  2. 2. THE FOUR CATEGORIES OF TR A The Information Lifecycle S NS T IE I AC In order to discuss information lifecycle protection, we have to start with a framework for NT TIO IDE understanding how data flows through an organization and how entities create, operate, NS INFORMATION and consume this data. From a high level perspective, we can break the use of data into four LIFECYCLE categories. Viewing information in this way is useful in both understanding the use of data asCOM well as the threats to that data in different scenarios. Following is an overview of these four categories: MU TA IC N AT DA • Identities. Information feeds into the organization from both individuals and applications. In ION S addition, many organizations’ business applications create sensitive data. This could include a card issuer application automatically generating a credit card PIN or a healthcare provider generating patient identifiers. • Transactions. Next, the business transforms and utilizes this data. Fundamentally, business systems and processes take discrete data elements (sometimes called structured data) and conduct transactions with this information, potentially involving multiple subsystems, in ways that add value to the organization. This information is ultimately transmitted into the form factors and consumption points needed by the rest of the business. • Data. As data progresses throughout its lifecycle, information ends up being created, shared, and stored in a number of locations: Individual PCs, application and database servers, file shares, storage area networks, tape drives, etc. • Communication. To make use of data, disparate systems need to communicate with each other. This can include the transmission of information across a complex mix of private, public, and semi-private networks. For years, this has been an area of clear security focus, as it was the one area that crossed perimeter and trust boundaries. Under Pressure: The Evolving, Increasing Demands on Data Protection Now that we’ve established a framework for viewing information across its lifecycle, we’ll turn to the issues organizations are confronting today. Following are a few of the most pressing: • Ever-expanding data volumes. The explosive growth in data volumes in itself puts pressure on businesses. Whether a user is trying to find a file on a laptop or a server administrator is trying to figure out how to enforce mailbox quotas, increasingly expansive amounts of digitized information put an ongoing strain on businesses. While physical and virtualized storage costs may drop, the costs and effort associated with deployment, maintenance, and protection of this expanding infrastructure does not. • Digitization of intellectual property. The amount of intellectual property held within IT systems has increased, as well, as more business and operational models have gone digital and online. For example, an architecture firm that 20 years ago was having blueprints couriered between offices now shares proprietary CAD files with business partners and customers via secured Internet connections. Media and entertainment firms that once used film now rely increasingly on the digital capture, editing, and distribution of content. • Build-up of compliance mandates. For most companies, the challenge of ensuring compliance with external policies and standards is nothing new. As you can see in the graphic below, many mandates have been in effect for years. However, the challenges of maintaining compliance and adapting to changing threats and rules, continue to place a strain on businesses. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 2
  3. 3. EC Data Privacy Directive CLERP 9 Computer Security Act of 1987 GLBA NERC 1200 (2003) The challenges of maintaining Privacy Act of 1974 EU Data Protection COPPA compliance and adapting to changing threats and rules, continue to place a strain on FISMA 2002 1970 1980 1990 HIPAA 2000 businesses. Sarbanes-Oxley Foreign Corrupt Practice Act of 1977 FDA 21CFR Part11 Basel II C6 - Canada CIPA 2002 CAN-SPAM Act USA Patriot Act 2001 • Increased visibility and scrutiny of security. Thanks in no small part to the increased visibility and severity of breaches, executives, governing boards, and the general public have gained an increased understanding of the importance of, and issues relating to, data—the growing amount and need for it, the critical role it plays in business performance, and the risks to which it is exposed. For better or worse, and sometimes both, awareness of the importance of data protection has reached the C-level suite and the boardroom. The Cloud as Tipping Point The challenges above are daunting in and of themselves, but the emerging cloud paradigm threatens to throw a new and very big monkey wrench into the fundamental underpinnings of information protection. Most assumptions about trust, ownership, and risk to information were based on an understanding of a physical world with distinct (albeit continually fracturing) perimeters. Now, virtualization and cloud-based computing throw these basic assumptions into question. Organizations have been utilizing software as a service (SaaS) or platform as a service (PaaS) as the ultimate way to enjoy unparalleled resource elasticity while significantly minimizing cost structures, as resources are shared in cloud-based architectures with other tenants. However, the externally hosted, shared nature of these external cloud services raises a host of security questions. Current trends, including the Virtualization of applications and platforms has created an unprecedented level of data emerging cloud paradigm, are portability. Sensitive data and application processing can be migrated across server farms withplacing increased demands and dozens of physical machines and hundreds of virtualized servers. Consequently, risks that were pressures on each of the four once associated with someone walking off with an entire server are now potentially realized categories of the data lifecycle. through a hijacked password or a stolen flash drive. As enterprise executives continue to chart their cloud strategies, security considerations will need to weigh heavily in the criteria, along with the potential benefits in flexibility, cost savings, and scalability. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 3
  4. 4. The ImplicationsHow do these challenges really impact your business? What problems are being presented asa result of these trends? Following is an overview of some of the specific implications IT andbusiness leaders are now confronted with.Security IslandsThe task of ensuring the security of data has grown significantly more difficult. The overallfootprint of data that must be secured has grown tremendously. Practically speaking, thecomplicating factor of this growth is not its sheer size (which is daunting enough), but how ithas grown. Rather than an expanding set of core data around which security requirements havegrown, IT and security teams find themselves managing islands of data and silos of data security.These security silos grew out of specific needs: The particular nature of certain types of data,the policies of a specific business unit, the localized efforts to comply with a specific regulatorymandate, and so on. An organization’s history of mergers, acquisitions, geographic expansion,and technology deployments can also further isolate the reach of a given security deployment.Weak LinksThis disparate and silo-ed nature of the data protection structure poses threats.In the security field, it’s well known that it’s easier to attack the links between systems than toattack specific security systems directly, which are typically secure as a stand-alone entity. Themythical Trojan Horse that used a type of social engineering to breachthe perimeter defenses of Troy and the breaking of the German Enigma code in WWII as a resultof its insecure use by field soldiers are both well-known examples of this truism: It’s not thestrength of the gate or the code that’s vulnerable, but rather weakness in associated processes.More recently, an attack known as Operation Aurora afflicted more than 30 companies. Theattacks exploited a zero-day vulnerability in Internet Explorer to compromise internal systems.In spite of the “gates” that were in place, users were lured to click a link to a malicious server,which initiated the attacks. This further illustrates the concept that weaknesses in associatedprocesses can undo even the best security.Sophisticated AttacksAt a high level, it’s important to understand that the specific model of a modern attack isone consideration, but it’s even more important to consder the sophistication and amount ofautomation that can be employed in generating these attacks. Gone are the days when all youhad to worry about were simple ping sweeps and port scans. Now, your security team has toexplore all the intricacies across the entire network stack to look for a weakness. Powerfultools like Google hacking make anonymous profiling easy, fingerprinting tools make it easy tocustomize attacks, and automated scripts and tools enable the plundering of mass amounts ofdata once an exploit is found.Exposure to Internal ThreatsCompounding matters is the fact that internal staff may pose a risk, whether due to not followingpolicies or through their susceptibility to social engineering. Here again, it can be the weak linksbetween systems that prove vulnerable. For example a user can save sensitive customer datato their laptop in order to complete a project at home, in spite of the fact that this act may runcounter to corporate policies. If that laptop were subsequently stolen, the organization wouldthen be subject to disclosure laws and the negative publicity that follow.Further, malicious insiders continue to pose a very serious threat to organizations. Whethermotivated by revenge or money, inside users can exploit authorized access to conduct a broadrange of attacks, including theft and sales of corporate intellectual property, deletion of assets,and sabotage of existing business processes. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 4
  5. 5. Expensive and InefficientFurthermore, security is becoming more expensive—and not just from the top line perspective(such as capital equipment cost), but also from the standpoint of architectural inefficiencies.An organization may have overlapping identity and authentication schemes as a result ofuncoordinated projects. When it comes to cryptography, even if a common set of algorithms(AES, RSA, etc.) is employed, an enterprise may have dozens if not hundreds of different systemsin place. There may be a distinct set of key handling systems for laptops, servers, databases,mainframes, and storage systems—and one department or business unit may have a completelydifferent set of systems than another. Beyond the upfront costs, each of these systems exactsthe costs of the associated manpower required for set up, and ongoing maintenance, training,and troubleshooting.Cloudy FutureAnd lastly, the cloud adds more complexity and even more unknowns. With current systems,even when security administrators are managing an increasing number of trust models anddeployments, at least there is a common understanding of the architecture and the means tosecure it. The cloud paradigm, the pace of innovation, the lack of common architectures, therelative lack of visibility and oversight, all conspire to make it difficult to understand, let alonemitigate threats. Ultimately, security teams and management need to evaluate, deploy, andmanage each cloud architecture individually, which is neither sustainable, nor likely to create asolid security foundation.Time for a ChangeWhether it comes to regulatory mandates, security cost and complexity, the implications of thecloud, or explosive data volumes, these distinct issues share a common, fundamental reality:The challenges they present will only be growing, not shrinking, in the days and months ahead.These myriad challenges and trends point to a single, fundamental truth: The old way of doinginformation protection isn’t sustainable. It’s time to change the model, from one concerned withthe trust of the systems that handle the data to the fundamental security of that data, regardlessof the system on which it happens to reside.Today’s Requirements: Strategic, Comprehensive Data ProtectionTo address the challenges outlined above, organizations need to take a fundamentally differentapproach to information protection across its lifecycle. To do so, they need to employ securityapproaches that meet the following characteristics:• Persistence. Data must be protected from its creation through its modification, distribution, and deletion. Organizations must move beyond traditional perimeter and device security, employing constant and intelligent protection to the data itself. Security policies should accompany protected data, allowing it to move freely and be accessed as needed so information can be shared and used to ensure optimal user productivity.• Trust. For digital processes to function, trust needs to be an integral, unassailable attribute throughout the workflow. This means ensuring users are who they claim to be and having consistently enforced policies based on users and groups, so users can get the information they need, while prohibiting access to the resources they’re not authorized to see.• Transparency. In today’s competitive environment, organizations can’t afford not to implement robust security measures, but they also can’t afford to have these measures hamper end user productivity. Toward that end, security mechanisms such as encryption must be employed in a manner that is automated and seamless, essentially invisible to the end user as they go about their daily work.• Control. Organizations need comprehensive, centralized control over their security. That starts with a centralized platform that can be integrated with a broad range of systems and environments, including enterprise file servers, databases, applications, laptops, and mobile devices. Policies and keys must be administered centrally, and then applied globally. Reporting and auditing mechanisms likewise need to be centralized to offer the highest levels of security and efficiency. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 5
  6. 6. New IT Security Realities As Threats Change, Approaches Must Change.As security threats evolve, so too Traditional Approaches Data Lifecycle Approaches must the tactics and strategies Perimeter focused security Persistent data-centric protection—intelligenceemployed to guard against them. to protect the data itself throughout its lifecycle All-or-nothing encryption Granular, selective protection over subset of unstructured or structured data (files, fields and columns) Keep bad guys out, authorized users get full Granular privileges for authorized users, assure access compartmentalization Multiple products to meet business and Centrally managed solution that addresses security needs business, compliance, data governance and security High level or very specific policy only Centralized policy and lifecycle key No proper central policy management management for optimum visibility and data control The Solution: SafeNet Data Protection To address today’s challenges, including explosive data volumes, disparate security silos, evolving cloud initiatives, and more, organizations need a long-term solution that acts as a nexus for data control and business innovation. This is exactly what SafeNet data protection solutions deliver: • Gain enterprise wide visibility and control. SafeNet delivers comprehensive, centrally managed solutions that enable organizations to eliminate patchwork islands of defense and instead start governing enterprise-wide security in a cohesive, centralized manner. • Boost efficiency. With a more cohesive, comprehensive security framework in place, organizations can eliminate the complexity, duplication of efforts, and high cost of employing and maintaining overlapping, disparately managed systems. • Eliminate weak links. SafeNet helps organizations eliminate security islands—so they can eliminate the exposure presented by the links between disparate systems. In this way, they can better guard against increasingly sophisticated external threats and minimize the exposure posed by malicious insiders. • Enhance agility. SafeNet’s efficient, comprehensive, and flexible framework equips organizations with the capabilities they need to more quickly adapt to changing business, technological, and security challenges and opportunities. • Embrace the cloud. By offering capabilities for granular, persistent control of information, SafeNet enables organizations to more fully leverage the business benefits of the cloud—while simultaneously strengthening security. In this way, the cloud can become a more strategic business asset rather than a security liability. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 6
  7. 7. COMPREHENSIVE INFORMATION PROTECTION Across the Lifecycle SafeNet solutions provide persistent protection of information at critical points in its lifecycle, wherever and however that information gets used. SafeNet solutions give your business the agility needed to adapt to change and act on opportunity, while securing information across all four stages of its lifecycle: • Identities. SafeNet offers strong authentication and identity management solutions that protect identities for users and servers. • Transactions. SafeNet delivers industry-validated, hardware-based encryption platforms that protect transactions, ensure data integrity, and maintain an audit trail. • Data. SafeNet’s data encryption and control solutions protect and maintain ownership of data throughout its lifecycle, from the data center to the endpoint and into the cloud. • Communications. SafeNet provides high-performance communication encryption solutions that persistently protect information, ensure control beyond location or boundary, streamline operations, and reduce compliance costs. s pe es TR A r fo c ES NS ac TI rm I AC NT TIO IDE NS INFORMATION LIFECYCLE COM PROTECTION rol MU TA nt IC N AT DA co SafeNet offers a ION sh S d re n a comprehensive set of c ta offerings that enable te proorganizations to protect information across its lifecycle. Learn more about SafeNet solutions for each stage of the information lifecycle in the following pages. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 7
  8. 8. SafeNet for Identities: TRUSTED USERS, SERVERS, AND SERVICES SafeNet offers the broadest range of strong, multi-factor authentication solutions and hardware security modules that ensure only authorized individuals can access your organization’s sensitive information. In addition, it secures identities—enabling trust. With SafeNet, organizations gain the access controls that enable business, lower IT costs, and boost user productivity. Designed to adapt with your evolving business needs, SafeNet’s trusted authentication solutions ss pe r secure remote access, enhance network access security, simplify password management, and e TR A fo c ES NS enable new online services with the industry’s broadest range of authenticators, management ac rm TI I AC NT platforms, and security applications. SafeNet authentication and HSM solutions can be TIO IDE NS INFORMATION LIFECYCLE combined to ensure the strongest levels of digital signature security. As a result, organizations COM PROTECTION can protect the identities connected to business transactions while allowing for faster time to rol MU market and lower operational costs. TA nt IC N AT DA co ION sh S d re an a ct te pro HARDWARE MULTI-FACTOR AUTHORIZED SECURITY MODULE AUTHENTICATION ACCESS SafeNet offers both multi-factor authentication solutions and hardware security modules that SafeNet for Transactions: ASSURED PROTECTION OF HIGH-VALUE KEYSensure only authorized users can access sensitive information. SafeNet HSMs provide reliable protection for transactions, identities, and applications by securing cryptographic keys and provisioning encryption, decryption, authentication, and digital signing services. SafeNet HSMs provide the highest performing, most secure, and easiest to integrate application and transaction security solutions. SafeNet HSMs are highly tamper resistant, featuring FIPS and Common Criteria validation. With a broad range of HSM offerings and a full range of API s pe support, SafeNet HSMs enable application developers to easily integrate security into custom es TR A r fo c S NS applications. In partnership with leading application solution providers, SafeNet has produced ac rm E TI I AC NT HSMs that offer end-to-end protection for organizations, helping them achieve regulatory TIO IDE NS INFORMATION compliance, streamline business processes, reduce legal liabilities, and improve profitability. LIFECYCLE COM PROTECTION rol MU TA nt IC N AT DA co ION sh S d re an a ct te pro Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 8
  9. 9. For example, SafeNet HSMs are used in a host of digital workflows where ensuring trust throughout the process is critical, such as e-invoicing, electronic mortgage processing, online credit card PIN issuance, and more. Digital signatures, powered by encryption and public key infrastructure (PKI), represent the means for establishing trust in these digital processes. SafeNet HSMs are dedicated systems that physically and logically secure the cryptographic keys and cryptographic processing that are at the heart of digital signatures. SafeNet HSMs secure thecryptographic keys that protect CRYPTO- transactions, identities, and GRAPHIC SECURES KEYS TRANSACTIONS IDENTITIES APPLICATIONS applications. s pe SafeNet for Data: es r TR A DELIVERING PERSISTENT ENCRYPTION AND CONTROL fo c ES NS ac rm TI I AC NT TIO IDE SafeNet delivers comprehensive data encryption and control solutions that enable you to NS INFORMATION LIFECYCLE maintain ownership of your data throughout its lifecycle—as it is created, shared, stored, and COM PROTECTION moved within and beyond your organization. With SafeNet, protection extends from the data rol MU TA nt IC N AT DA center to the endpoint and into the cloud. co ION sh S d re an a ct te SafeNet delivers secure and easy to manage key lifecycle and policy management capabilities, pro offering the following solution suites: • The Data Center Suite secures customer information, cardholder data, and social security numbers stored as structured data in databases, applications, and mainframes—as well as unstructured data kept in file servers. • The Endpoint Suite protects and controls documents, pictures, patents, and designs stored as unstructured data on laptops and mobile devices, while also offering full-disk encryption and content security for data loss prevention. Data Center Suite Endpoint Suite • DataSecure • Tokenization • ProtectFile • ProtectDB Manager • ProtectDrive • ProtectApp • eSafe SmartSuite • ProtectZ • MDeX • Protect File Server SafeNet delivers comprehensive solutions that offer granular, persistent controls to ensure data is protected throughout its lifecycle—from the data center to the endpoint and into the cloud. Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 9
  10. 10. SafeNet for Communications: s pe TRUSTED AND TRANSPARENT TRANSMISSION OF SENSITIVE INFORMATION es TR A r fo c ES NS ac rm TI I AC NT Enterprise network and security engineering groups must reach an appropriate balance TIO IDE NS INFORMATION between enabling communication and securing corporate information. Maintaining this balance LIFECYCLE COM PROTECTION becomes trickier as organizations expand and become more geographically dispersed; they rol MU TA need secure and transparent high-speed communications across the network to facilitate global nt IC N AT DA ION co collaboration among partners, suppliers, and customers. sh S d re an a ct te pro SafeNet high-speed WAN encryptors provide the fastest, simplest, and easiest way for organizations to implement network security solutions that protect mission-critical data. Designed to integrate seamlessly into a network topology, SafeNet encryptors deliver proven reliability and scalability. With high throughput and low latency, SafeNet network security devices are the ideal solution for protecting massive amounts of data, including applications in which quality of service and continuous availability are vital, such as voice and video conferencing streams.With SafeNet high-speed WAN encryptors, organizations can enjoy secure, high-speed Communication Protection - High-Speed Network Encryption communications across Ethernet SONET Space Link Voice Security Encryptor Encryptor Encryption Encryption Encryption Management distributed sites. Center (SMC) Conclusion In many organizations, today’s security deployments are fragmented, fractured, and inefficient—hardly a recipe for success in contending with the challenges of the immediate future. Long term security—as well as business success—will hinge on an organization’s ability to more comprehensively and strategically manage its security efforts. By enabling organizations to take a data-centric approach that secures sensitive information across its entire lifecycle, SafeNet enables customers to both optimize security and business performance. About SafeNet SafeNet is a global leader in information security, founded more than 25 years ago. The company protects identities, transactions, communications, data and software licensing through a full spectrum of encryption technologies, including hardware, software, and chips. More than 25,000 corporate and government customers in 100 countries trust their security needs to SafeNet. In 2007, SafeNet was acquired by Vector Capital, a private equity firm specializing in the technology sector. For more information, visit Contact Us: For all office locations and contact information, please visit Follow Us: ©2010 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (A4)-09.07.10 Securing Information Throughout Its Lifecycle with SafeNet Data Protection White Paper 10