• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
 

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

on

  • 2,472 views

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . ...

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html

The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk.

This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family.

According to the whitepaper, encryption key management should meet four primary criteria:

1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data.
2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network.
3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change.
4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Statistics

Views

Total Views
2,472
Views on SlideShare
2,450
Embed Views
22

Actions

Likes
0
Downloads
43
Comments
0

4 Embeds 22

http://pinterest.com 14
https://twitter.com 6
http://www.linkedin.com 1
http://www.pinterest.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team todayA centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.Vormetric Key Management is the only solution today that canMinimize IT operational and support burdens for encryption key management,Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric Presentation Transcript

  • Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketingwww.Vormetric.com
  • Presentation Overview Evolution of encryption IT operations and and integrated key support challenges management systems will then be examined Review of the future Conclude with brief industry initiatives and introduction to compliance regulations Vormetric Key ManagementSlide No: 2 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Importance of Enterprise Key Management The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, “ therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012 Two Types of Key Management Systems Integrated Third PartySlide No: 3 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • IT Imperative: Secure Enterprise Data 1 Direct access to enterprise 2 Attacks on mission critical data has increased the risk data are getting more of misuse. sophisticated. A Data Breach Costs > $7.2M Per Episode 2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute 3 Security breach results in 4 Compliance regulations substantial loss of revenue (HIPAA, PCI DSS) mandates and customer trust. improved controls. What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, “ security, and manageability of encryption keys Across the enterprise.Slide No: 4 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Enterprise Key Management 8 Requirements Backup Storage Key State Management Generation Enterprise Key Authentication Management Restoration Auditing SecuritySlide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Interoperability Standards PKCS#11 EKM OASIS KMIP Public Key Cryptographic Cryptographic APIs used Single comprehensive Standard used by by Microsoft SQL server protocol defined by Oracle Transparent to provide database consumers of enterprise Data Encryption (TDE) encryption and secure key management systems key management ! Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed.Slide No: 6 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Encryption Key Management Challenges Complex management: Managing a plethora of encryption keys in millions Disparate Systems Security Issues: Vulnerability of keys from outside hackers /malicious insiders Data Availability: Ensuring data accessibility for authorized users Scalability: Supporting multiple databases, applications and standards Different Ways of Managing Governance: Defining policy-driven, Encryption Keys access, control and protection for dataSlide No: 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Industry Regulatory Standards Requires encryption key management systems with controls and procedures for managing key use and performing decryption Payment Card Industry Data functions. Security Standard (PCI DSS) Requires firms in Includes a breach USA to publicly notification clause acknowledge a data for which encryption breech although it provides safe harbor can damage their in the event of a reputation. data breach. U.S. Health I.T. for Gramm Leach Economic Bliley Act (GLBA) and Clinical Health (HITECH) ActSlide No: 8 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Vormetric Key Management Benefits Stores Keys Securely Provides Audit and Reporting Minimize Solution Costs Manages Heterogeneous Keys / FIPS 140-2 Compliant VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to “ ensure keys are secure.Slide No: 9 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Vormetric Key Management Capabilities Manage Manage Vault 3rd Party Keys Other Keys Vormetric Create/Manage/Revoke Provide Secure storage of Encryption keys of 3rd party security material Agents encryption solutions Key Types: Provide Network HSM to  Symmetric: AES, 3DES, ARIA encryption solutions via  Asymmetric: RSA 1024, RSA  PKCS#11 (Oracle 11gR2) 2048, RSA 4096  EKM (MSSQL 2008 R2)  Other: Unvalidated security materials (passwords, etc.).Slide No: 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Vormetric Key Management Components Data Security Report on Key Vault Manager (DSM) vaulted keys Same DSM as used with all Provides key management Licensable Option on DSM VDS products services for: Web based or API level  Oracle 11g R2 TDE FIPS 140-2 Key Manager interface for import and (Tablespace Encryption) with Separation of Duties export of keys  MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption) Supports Symmetric, Asymmetric, and Other Key materials Reporting on key typesSlide No: 11 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • TDE Key Architecture before Vormetric Oracle / Microsoft TDE Master Encryption keys are stored on the local system in a file with the data by default. TDE Master Encryption Key Local Wallet or TableSlide No: 12 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • TDE Key Architecture after Vormetric Oracle / Microsoft TDE TDE Master SSL Connection Encryption Key Key Agent Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database serverSlide No: 13 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • VKM Architecture-Key Vault Web GUI Supported Key Types: Asymmetric Command Line / APISlide No: 14 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Security Policy and Key Management Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Vormetric Key Management is the only solution today that can: Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you businessSlide No: 15 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Security Policy and Key Management The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, “ therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012 Vormetric Key Management is the only solution today that can: Protecting the enterprise’s valuable digital A centralized enterprise key management Minimize IT operational and support burdens for assets from accidental or intentional solution is critical to ensuring all sensitive encryption key management, misuse are key goals for every IT team enterprise data is secure and available. Secure and control access to data across the today enterprise and into the cloud, and Protect data without disrupting you businessSlide No: 16 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
  • Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Download Whitepaper Tina Stewart, Vice President of Marketing Click - to - tweetwww.Vormetric.com