Data Protection in 2016 - Top 5 Use Cases

1. www.thales-esecurity.com Data Protection in 2016: Top 5 Use Cases KRISTINA CAIRNS, SENIOR PRODUCT MARKETING MGR SANDER TEMME, SENIOR PRODUCT MANAGER FEBRUARY 17, 2016

2. 2 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Welcome ▌Today’s outlook ▌How Hardware Security Modules will help secure the future ▌Top 5 Use Cases for Hardware Security Modules ▌Further resources

3. 3 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Today’s reality: targeted and successful data breaches www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

4. 4 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Many Connected “Things” ▌ 6.4B Connected "Things" will be in use in 2016 Up 30% from 2015 ▌ Manufacturers must secure the data that connected devices are sharing Robust device authentication & data protection will be crucial Public Key Infrastructures will play strong role Source: Gartner, http://www.gartner.com/newsroom/id/3165317 Thales Blog post: “How to safeguard your data in the age of the Vulnerability of Things”

5. 5 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Security Trends Today’senvironment Continual cyber attacks New data privacy regulations Connected everything Mobile payments on the rise

6. www.thales-esecurity.com Securing the future

7. 7 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Hardware Security Modules provide utmost security ▌What’s the best way to protect your organization’s sensitive data in today’s highly connected world? More companies than ever are turning to Hardware Security Modules (HSMs) Un-paralleled protection of cryptographic operations Manage encryption keys, digital signatures, and more, within tamper-resistant hardware devices.

8. 8 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. HSMs: certified platform for trust management ▌ What are HSMs? Hardened, tamper-resistant devices isolated from host environment Alternative to software crypto libraries ▌ What do HSMs do? Secure cryptographic operations Protect cryptographic keys Enforce policy over use of keys Business Application Application Data Encrypted/decrypted or signed data Data to be signed, encrypted/decrypted HSM security boundary HSM Application Keys inside security boundary Secure crypto processing engine

9. 9 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. The nShield HSM family nShield Connect Network attached appliance Shared crypto resource High-volume transactions High availability nShield Solo Server-embedded card Dedicated processing Compact PCIe design Certified implementations of all leading algorithms nShield HSMs are FIPS 140-2 Level 3 certified Market leading platform for trusted applications nShield Edge Portable HSM Small footprint USB interface

10. 10 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. How are organizations using HSMs today? PKIs Custom applications Digital signing SSL Code signing

11. 11 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. #1 Use case: PKIs ▌ Public Key Infrastructures (PKIs) 61% of customers surveyed said PKI was their main HSM application Average PKI supports seven enterprise applications ▌ PKI use growing Rise of cloud and mobile Devices, applications, and “things” require credentialing and a secure way to communicate

12. 12 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. PKI use cases Digital Cinema Authentication between playback devices and servers, content encryption, watermarking Manufacturing Unique identities & device authenticity to prevent counterfeiting, IoT Polycom Case Study PRIMA CINEMA Case Study

13. 13 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. #2: Custom Applications ▌ It’s not just data… Applications need to be protected too Protecting sensitive applications is critical for safeguarding IP Running applications within a protected environment is increasingly popular as more mission-critical apps handle sensitive data In 2016, we expect to see more organizations moving sensitive algorithms off their application servers and executing them inside the FIPS boundary of an HSM. Thales’s CodeSafe runs apps inside HSMs

14. 14 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. bitcoin ▌ Critical trust challenge Keys must be protected and stored in a secure location. Because transactions are anonymous and non-reversible, they are vulnerable to theft. If stolen, they are pretty much untraceable. ▌ HSMs offer Private key protection Key derivation Multi-signature capability for dual control bitcoin basics  Users record transactions in an open “ledger”  Ledger consists of a “blockchain” of transaction data  To send a bitcoin, you need • A private key from which a public key is derived • A bitcoin address • A wallet for your private key Blockchain experts Thales partner

15. 15 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. #3 Digital Signing ▌ 26% of customers cite digital signing as the primary HSM use case ▌ Popular application is signing barcodes used in electronic transactions Examples include e-tickets for sporting events or airlines ▌ In 2016, we expect to see digital signing to rise New regulations Increasing adoption of cloud-based signing models, where signing keys are protected, stored and managed on behalf of the signer by a cloud provider e-Ticketing Securing e-Tickets  Data such as loyalty numbers can be extracted from barcodes  Signing barcodes with cryptographic keys helps ensure integrity  Digital signature keys managed in HSMs

16. 16 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. #4 SSL ▌26% of our customers use HSMs for SSL ▌Poised to grow in 2016 ▌Rising use of application delivery controllers (ADCs) driving HSM adoption Security of keys Performance demands of networking environment in today’s world of web applications and cloud-based services

17. 17 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. SSL Use Case DNS InternetInternet SSL SSL SSL SSL SSL SSL SSL WebAddress IPAddress Application Delivery Controllers (ADCs) balance traffic while HSMs protect keys. ADCs Servers Hosting applications HSMs

18. 18 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. #5 Code Signing ▌ Lessons from attacks like Stuxnet and Duqu Attackers who steal an organization’s private signing keys can replace legit code with malware  both malware installation plus identity fraud ▌ Not just a problem for companies producing software Banks who develop mobile apps Manufacturers who produce control systems for cars Media providers that need to control access to content  With such a variety of organizations now at risk, more will look toward HSMs to help authenticate code.

19. www.thales-esecurity.com New nShield XC Series

20. 20 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Faster! Bigger! ▌Thales introduces nShield XC Solo & Connect HSMs Accelerated transactions Best in class Elliptic Curve Cryptography (ECC) More room for customer apps run in HSM boundaries using CodeSafe, unique Thales feature

21. 21 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. XC Benefits More Powerful Apps nShield XC expands memory, letting our customers run larger and more powerful apps in CodeSafe. Fastest ECC = Versatility nShield supports the fastest ECC transactions of any HSM on the market. Ideal for helping secure variety of apps including emerging IoT. Speed + Volume nShield XC helps our customers manage crypto keys and sign apps at higher rates. ECC, one of today’s most efficient security algorithms, is favored where low power consumption is crucial.

22. 22 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Why THALES e-Security? Summary ▌Solutions for 2016 and beyond Secure increasingly important PKIs partnering with Thales experts Protect custom applications in unique run-time environment within secure HSM boundary (CodeSafe) Benefit from experience from hundreds of use cases across traditional, virtualized, and cloud-based environments ▌Outstanding global support and services to help you succeed

23. 23 This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third party without the prior written consent of Thales - © Thales 2016 All rights reserved. Resources and questions ▌ Resources referenced in this webcast www.thales-esecurity.com Blog post: How to safeguard your data in the age of the Vulnerability of Things www.thales-esecurity.com/blogs/2016/february/safeguarding-your-data PRIMA CINEMA case study: www.thales-esecurity.com/knowledge-base/case-studies/prima-cinema Polycom case study: www.thales-esecurity.com/knowledge-base/case-studies/polycom ▌ Next Thales e-Security webcast Global Encryption Trends 10 A.M. ET on March 23, 2016 Thank you!