Achieving Data Privacy in the Enterprise


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • So What: >25 years focus on information security >Size matters >Private, Profitable, and Proud of it >Certifications are important >Customers count on SafeNet
  • We can’t be complacent, even when the numbers are steady, there is always a spike pending
  • Traditional enterprise boundaries evolve - data is hosted, outsourced, moved to the cloud or accessed by partners, 3 rd party vendors and the mobile workforce Cyber Security – in an increasingly interconnected world, the ability to protect information and access online - cybersecurity - has shifted from science fiction to a glaring necessity for governments, businesses and everyday people Insider Threats – Malicious or unintentional access to sensitive data by trusted insiders places businesses and their customers at risk Compliance and Regulations - intense pressure to demonstrate compliance with internal governance guidelines and external regulations Information and Identity Protection - a key business enabler – from online banking to eCommerce to collaborations networks, more business initiatives and ability to compete is now dependent on the ability to persistently protected information
  • Since the PCI mandate was introduced in 2005, you will notice that the cost per breached record has increased 47%. Several elements go into this figure: litigation costs associated with the breach, pr costs, cost for notifications, consulting and repairs, and campaigns for brand repair. What can not be measured, is the lost opportunity costs and revenues from people turning away from your organization.
  • The market is changing…DP 1.0 technologies are no longer adequate for today’s enterprise organization. 1.0 is where many organizations are at today, this is where many companies are stuck. 2.0 is where the data protection market is headed. Let’s take a look at each one of these…(go through each row) SafeNet’s Approach: Data-centric Protection What's Changing Data-conscious vs. perimeter/network-centric Proactive protection vs. passive protection Why Is It Happening Data was born to be free. Passive protection techniques of trying to constrain data movement based on ‘source/destination’ or ‘all or nothing’ protection are not enough anymore What To Do Data-conscious security infrastructure, providing persistent data protection as data is created, used, stored, moved What You Gain Proactive data protection: Protect once, comply many Protected infrastructure What To Look At Scalable and extensible infrastructure with integrated policy, key and ID management platform
  • After data and discovery phase, you can establish what your threat model is Example, CSR who pages through screens of customer data and writes down CC#s or takes pictures using their cell phone (rate limiting would help and/or masking data) Business need to know
  • Centralized Key and Policy Management Security administrators control data protection policy Keys created and stored in a single location Dual Administrative Control Separation of Duties Logging, Auditing and Alerts FIPS & Common Criteria Certified Solution FIPS 140-2 Level 2 & CC EAL2 Certified Keys stored separately from sensitive data Authentication & Authorization Multi-factor system-to-system authentication and access control Granular, key-based, cryptographic policy Support for LDAP Encryption Offload Optimized, high-performance hardware Frees up database and application servers Latency less than 300 micro seconds per request Local Encryption Option Configurable for hardware offload or local encryption Batch Processing Perform batch encrypts/decrypts for high performance More than 100k TPS Batch tools include: Transform Utility ICAPI Easy integration into existing applications Heterogeneous Environments Comprehensive enterprise solution Web, Application, Database, Mainframe or File Server Data Center or Distributed Environments Open Standards-based APIs, cryptographic protocols Scalability Models with capacity from 2,500 TPS to 100,000 TPS Clustering further increases capacity and redundancy Licensing structure enables cost-effective build-out Clustering Keys and policy are shared/replicated among DataSecures in a global cluster Load Balancing Connector software can load balance across a group of appliances Multi-tier load balancing enables transparent fail over to alternate appliance(s)
  • Achieving Data Privacy in the Enterprise

    1. 1. Achieving Data Privacy in the Enterprise SafeNet Derek Tumulak, VP Product Management REV 0.1
    2. 2. SafeNet Data Protection Protecting the Information Lifecycle REV 0.1 From idea to action, SafeNet smartly protects information as it moves through its lifecycle.
    3. 3. <ul><li>Founded: 1983 </li></ul><ul><li>Ownership: Private </li></ul><ul><li>Global Footprint with more than 25,000 customers in 100 countries </li></ul><ul><li>Employees: 1,600 in 25 countries </li></ul><ul><li>Recognized Security technology leadership, over 600 encryption engineers strong </li></ul><ul><li>Accredited with products certified to the highest security standards </li></ul>The largest company exclusively focused on the protection of high-value information assets. SafeNet Fact Sheet
    4. 4. Online Fraud is on the Rise Source: Anti-Phishing Working Group, March 2009 The number of crimeware‐spreading sites infecting PCs with password‐stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January of 2008. Phishing: $3.2 Billion lost in 2007 in the US alone Gartner Dec. 2007
    5. 5. What Are the Threats? Source: Ponemon Institute, 2009
    6. 6. The New IT Security Realities <ul><li>Traditional Enterprise Boundaries Evolve </li></ul><ul><li>Cyber Security </li></ul>REV 0.1 <ul><li>Insider Threats </li></ul><ul><li>Compliance and Regulations </li></ul><ul><li>Information and Identity Protection—A Key Business Enabler </li></ul>
    7. 7. Where Is Sensitive Data? Inside the Network Partners’ & Interagency networks Consultant / Contractor Networks Outside the network (cloud / SaaS) <ul><ul><li>Databases </li></ul></ul>Laptops Desktops Mobile Devices Removable Drives <ul><ul><li>CDs/DVDs </li></ul></ul><ul><ul><li>File Servers </li></ul></ul><ul><ul><li>NAS/SAN Devices </li></ul></ul><ul><ul><li>Log Files </li></ul></ul><ul><ul><li>Excel Spreadsheets </li></ul></ul><ul><ul><li>PDFs </li></ul></ul><ul><ul><li>Word Docs </li></ul></ul><ul><ul><li>Image Files </li></ul></ul><ul><ul><li>PowerPoint Presentations </li></ul></ul><ul><ul><li>Email Text </li></ul></ul><ul><ul><li>Email Attachments </li></ul></ul><ul><ul><li>Instant Messages </li></ul></ul>
    8. 8. Where Is Sensitive Data? EVERYWHERE! Inside the Network Partners’ & Interagency networks Consultant / Contractor Networks Outside the network (cloud / SaaS) <ul><ul><li>Databases </li></ul></ul>Laptops Desktops Mobile Devices Removable Drives <ul><ul><li>CDs/DVDs </li></ul></ul><ul><ul><li>File Servers </li></ul></ul><ul><ul><li>NAS/SAN Devices </li></ul></ul><ul><ul><li>Log Files </li></ul></ul><ul><ul><li>Excel Spreadsheets </li></ul></ul><ul><ul><li>PDFs </li></ul></ul><ul><ul><li>Word Docs </li></ul></ul><ul><ul><li>Image Files </li></ul></ul><ul><ul><li>PowerPoint Presentations </li></ul></ul><ul><ul><li>Email Text </li></ul></ul><ul><ul><li>Email Attachments </li></ul></ul><ul><ul><li>Instant Messages </li></ul></ul>
    9. 9. Worldwide Compliance REV 0.1 Electronic Ledger Storage Law (Japan) 11MEDIS-DC (Japan) Canadian Electronic Evidence Act PCI Data Security Standard (WW) CA SB1386 et al FDA 21 CFR Part 11 Sarbanes-Oxley Act (USA) AIPA (Italy) GDPdU and GoBS (Germany) EU Data Protection Directive UK Data Protection Act NF Z 42-013 (France) Financial Services Authority (UK) Basel II Capital Accord GLB Act Japan PIP Act PCI (WW) Note: International companies must adhere to regulations in each country of operation HIPAA (USA)
    10. 10. Compliance Hype Cycle REV 0.1
    11. 11. What Is It Costing? Source: Ponemon Institute, 2009 47%
    12. 12. Approaches to Achieving Data Privacy <ul><li>Persistently protect access to data where it rests, as it moves through the network, and after it has left the network </li></ul><ul><li>Intelligently secure critical points of the information lifecycle using a platform approach that includes standards-based key management and centralized policy </li></ul><ul><li>Combine commercial agility with government grade security solutions </li></ul><ul><li>Extensible to evolve to support changing cloud delivery models—from today’s SaaS and private clouds, to the evolving demands of hybrid and public clouds. </li></ul>
    13. 13. Data Ownership and Control Requires a Holistic Data Privacy Strategy REV 0.1
    14. 14. As Threats Change Approaches Must Change Data Privacy Approaches Traditional Approaches <ul><li>Perimeter focused security </li></ul><ul><li>All-or-nothing encryption </li></ul><ul><li>Keep bad guys out, authorized users get full access </li></ul><ul><li>Multiple products to meet business and security needs </li></ul><ul><li>High level or very specific policy only, </li></ul><ul><li>No proper central policy management </li></ul><ul><li>Data-centric protection—intelligence to protect the data itself throughout its lifecycle </li></ul><ul><li>Granular, selective protection over subset of unstructured or structured data (files, fields, and columns) </li></ul><ul><li>Granular data protection for authorized users, assure compartmentalization </li></ul><ul><li>Centrally managed solution that addresses business, compliance, data governance & security </li></ul><ul><li>Centralized policy and key management providing data use tracking and control </li></ul>
    15. 15. Six Best Practices in Data Privacy
    16. 16. Five Core Technology Components of Data Privacy
    17. 17. SafeNet Data Protection SafeNet persistently protects information throughout its lifecycle, empowering customers to efficiently adapt to change and act on opportunity.
    18. 18. SafeNet Data Protection Portfolio <ul><li>Offering the broadest range of authenticators, from smart cards and tokens to mobile phone auth—all managed from a single platform </li></ul><ul><li>The industry’s only unified authentication platform offering customers the freedom to adapt to changing environments </li></ul><ul><li>The market leader in certificate-based token authentication </li></ul><ul><li>Unique technology offerings with client-less tokens, high-assurance solutions, and more </li></ul><ul><li>SafeNet high-speed network encryptors combine the highest performance with the easiest integration and management. </li></ul><ul><li>Solutions for Ethernet, SONET up to 10Gb </li></ul><ul><li>Best-in-class Security Management Center </li></ul><ul><li>Zero bandwidth loss, low- latency encryption </li></ul><ul><li>Unparalleled leverage across classified and COTS communication protection (FIPS 140-2 Level 3) </li></ul><ul><li>The fastest, most secure, and easiest to integrate application & transaction security solution for enterprise and government </li></ul><ul><li>Market leader in enterprise-grade HSMs </li></ul><ul><li>Industry innovator in payment HSMs </li></ul><ul><li>Widest portfolio of platforms and solutions </li></ul><ul><li>Delivered over 75,000 HSMs— the most in the industry </li></ul><ul><li>Only leading HSM with the option of keys ALWAYS in Hardware </li></ul><ul><li>World’s first and only unified platform that delivers intelligent data protection and control for ALL information assets </li></ul><ul><li>Data-centric, persistent protection across data centers, endpoints, and into the cloud </li></ul><ul><li>Centralized policy, key management, logging, and auditing </li></ul><ul><li>Integrated perimeter data leakage prevention </li></ul><ul><li>Appliance-based, proven scalability, and high performance </li></ul>Identity Protection - Authentication Communication Protection - High-Speed Network Encryption Transaction and Identity Protection - HSM Data Encryption and Control - DataSecure
    19. 19. Persistent Information Lifecycle Protection REV 0.1 <ul><li>Secure, Centralized Key Management </li></ul><ul><li>Data-centric Policy Management </li></ul><ul><li>Identity & Access Management </li></ul><ul><li>Visibility via Logging, Auditing, Reporting </li></ul>
    20. 20. <ul><li>Questions? </li></ul>