Enterprise Encryption and Key                    Management Strategy                                     THE TIME IS NOW  ...
Overview             ““                                                                                      “            ...
The Time is Now• Your Business Data is Everywhere and Accessed by Everyone• Ad hoc Data Security = increased risk and busi...
Drivers of Enterprise-Class Data Security Solutions                                                             Regulatory...
Top Investment: Data Encryption        Which of the following security technology products/solutions has your organization...
Data Security Growing Pains                                       Each tool has its own administration                    ...
Data Security Growing Pains                    Issue                             Cost                                 Risk...
Considerations for Enterprise Strategy                                                                 Transparent        ...
Key Enterprise Architectural Features            1            1 Central Command &             2 Distributed Policy        ...
The Bigger Truth – The Time is Now.            “                                          “                               ...
Enterprise Encryption and Key                    Management Strategy                                      THE TIME IS NOW ...
Upcoming SlideShare
Loading in …5
×

Enterprise Encryption and Key Management Strategy from Vormetric and ESG

2,595 views

Published on

Understand the importance of a long term enterprise encryption and key management strategy over the short term fix of an ad hoc encryption to address any data security concerns.
This presentation is based on the whitepaper - Enterprise Encryption from Vormetric and ESG.
Register to download the whitepaper: http://enterprise-encryption.vormetric.com/EMAILPTNRESGWhitepaper.html .

CISOs and their peers realize that ad hoc encryption is no longer adequate: It leads to higher costs and increased risk. So, what's needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization.

Published in: Technology
3 Comments
4 Likes
Statistics
Notes
No Downloads
Views
Total views
2,595
On SlideShare
0
From Embeds
0
Number of Embeds
36
Actions
Shares
0
Downloads
76
Comments
3
Likes
4
Embeds 0
No embeds

No notes for slide
  • In this presentation we share key insights from EGS’s whitepaper on:Enterprise Encryption and Key Management Strategy -- The Time Is Now.This white paper was commissioned by Vormetric,and is distributed under license from ESG.
  • Your Business Data Is Everywhere and being accessed by everyone. And with all this unprotected data floating around, the bad guys are targeting companies for profit at alarming rates.  Making the wrong decision to protect your data – big or small - can result in high costs, increased risk and executive exposure. Large organizations need an enterprise encryption strategy, and Security leaders need to assess their encryption and policies that are unique to the business.This should include central command and control, distributed policy enforcement, tiered administration, and an enterprise-class key management service.  The overall goal should be transparent encryption service owned by the security team but designed to support business needs without disrupting business or IT operations.
  • Most large organizations have progressively increased adoption of data encryption technologies. Encryption usage is growing due to several factors, including:Increased Regulatory ComplianceIntellectual Property Protection ProtectionThe depth and breadth of Publically Disclosed Breaches
  • CEOs have been dragged into data security due to the rise of Advanced Persistent Threats (APTs) at organizations like Lockheed Martin, RSA Security, and Sandia National Labs. Unlike past security exploits, APTs are targeted attacks with a concrete objective: stealing your intellectual property. This is why Large Organizations Are Purchasing Data Encryption Technologies at such a significant rate.
  • Like many other initiatives, the use of data encryption has grown organically. Functional storage, database, applications, and server groups have unknowingly implemented data encryption technologies within their individual domains across disparate heterogeneous technologies on an ad hoc basis.
  • Multiple point products in an enterprise do a good job of protecting private data in isolated areas, but they don’t provide a comprehensive solution to data privacy issues across the enterprise. Additionally, ad hoc encryption and key management creates a number of increasingly troubling issues, costs and risks.
  • An ad hoc encryption and key management solution is no longer adequate: And most know it leads to higher costs and increased risk. So, what’s needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization. From an organizational perspective, an enterprise encryption strategy will only work if it: • Remains transparent. • Is owned by the security team. • Provides executive-level visibility into risk management At a more fundamental level, an enterprise data security strategy must counteract the growing issues around ad hoc encryption. In other words, an enterprise encryption strategy must be designed around three objectives: streamlining operations, reducing costs, and decreasing the risk of an accidental or malicious data breach.
  • A true enterprise encryption architecture addresses each of the shortcomings associated with ad hoc encryption described above. it includes: Central Command & Controlwith All management policy, configuration, reporting and auditing from one central locationDistributed Policy Enforcementwith Central encryption and key management policies enforced on heterogeneous systems distributed across enterpriseTiered AdministrationwhereEnterprise and departmental level policies are implemented by security administrators and not functional IT staff.Enterprise-class Key ManagementwithCentral key management including creation, storage, rotation and revocation, designed for fault tolerance and services systems across the enterprise.
  • Note to large organizations: One of your most valuable assets, sensitive data, faces an increasing level of risk. Yes, you are addressing sophisticated malware threats and complying with regulations, but when it comes to data encryption, you are doing so while increasing costs and complicating IT/security operations. ESG highly recommends that CISOs develop an enterprise encryption strategy as soon as possible. To accomplish this, some simple guidelines may help: 1. Define encryption nirvana. Start with a clean slate and create an effective encryption and key management strategy for your company. 2. Assess what you have. Find out what types of encryption technologies are in place, who owns them, and how they are managed on a day-to-day basis. 3. Find gaps. Compare what you have to your ideal solution in order to identify and prioritize the holes. 4. Begin replacing or augmenting ad hoc solutions based upon data value. Select a solution that adheres to the architecture defined above.
  • Enterprise Encryption and Key Management Strategy from Vormetric and ESG

    1. 1. Enterprise Encryption and Key Management Strategy THE TIME IS NOW Vormetric Contact: Name: Tina Stewart Email: Tina-Stewart@vormetric.com Download ESG WhitepaperWhite Paper: Enterprise Encryptionand Key Management Strategy 1
    2. 2. Overview ““ “ “ Large organizations need an enterprise encryption strategy. This should include central command and control, distributed policy enforcement, tiered administration, and an enterprise-class key management service. Vormetric is the leader In this presentation This ESG white paper in enterprise encryption we share key insights from was commissioned by and key management. EGS’s whitepaper on: Vormetric, Inc. Our Data Security solution Enterprise Encryption and and is distributed under encrypts any file, Key Management Strategy license from ESG. any database, The Time Is Now, any application, anywhere. By Jon Oltsik White Paper: Enterprise Encryption and Key Management Strategy 2
    3. 3. The Time is Now• Your Business Data is Everywhere and Accessed by Everyone• Ad hoc Data Security = increased risk and business exposure• Large organizations need an enterprise encryption strategy – Central Command and Control – Distributed Policy Enforcement – Tiered Administration – Enterprise-class key management service White Paper: Enterprise Encryption and Key Management Strategy 3
    4. 4. Drivers of Enterprise-Class Data Security Solutions Regulatory Compliance State, industry and international privacy regulations require or recommend encryption for data security. Intellectual Property Protection Publically Disclosed Breaches Advanced Persistent Threats (APTs) 126 breaches and 1.5Million personal resulting in IP theft are forcing records reported in 2012 alone. Including enterprises to aggressively respond with well known names – Arizona State data encryption technologies. University and Zappos.com. White Paper: Enterprise Encryption and Key Management Strategy 4
    5. 5. Top Investment: Data Encryption Which of the following security technology products/solutions has your organization purchased in response to APTs? (Percent of respondents, N=95, multiple responses accepted) Data encryption technologies 54% Web gateway for blocking suspicious URLs and web based content 49% Application firewalls 44% Specific technology defenses designed to detect and 44% prevent APT attacks Database security technologies 43% Managed security services 39% DLP (data loss prevention) technologies 35% New types of user authentication/access controls 31% Endpoint white-list/black-list enforcement technologies 24% Third-party penetration testing service from specialty 21% firm Source: Enterprise Strategy Group,2012 0% 10% 20% 30% 40% 50% 60% White Paper: Enterprise Encryption and Key Management Strategy 5
    6. 6. Data Security Growing Pains Each tool has its own administration ! and key management Source: enterprise Strategy Group, 2012 White Paper: Enterprise Encryption and Key Management Strategy 6
    7. 7. Data Security Growing Pains Issue Cost Risk Redundancy- processes, tools, High risk of data loss or a security Lack of standards licenses, training breach. No central view for risk Redundancy- processes, tools, No central command and control management or measurement of licenses, training KPIs. Increased security risk. Multiple key management Redundancy- processes, Encryption keys systems training exposure. Additional/ unfamiliar tasks for Human intervention increases Organizational misalignment functional IT staff security risks. ! All of these issues create operational overhead and increased risk. White Paper: Enterprise Encryption and Key Management Strategy 7
    8. 8. Considerations for Enterprise Strategy Transparent Encryption must fit into existing infrastructure and processes without altering or affecting existing systems and application. Provides Executive Visibility Owned by the security team CISO’s should be able to assess risk across Key Management responsibilities must the enterprise at all times and keep reside with specific, trained staff executive management informed. dedicated to this function. White Paper: Enterprise Encryption and Key Management Strategy 8
    9. 9. Key Enterprise Architectural Features 1 1 Central Command & 2 Distributed Policy 2 Control Enforcement 3 Tiered 3 4 Enterprise-class Key 4 Administration Management White Paper: Enterprise Encryption and Key Management Strategy 9
    10. 10. The Bigger Truth – The Time is Now. “ “ “ One of your most valuable assets, sensitive data, faces an increasing level of risk … ESG highly recommends that CISOs develop an enterprise encryption strategy as soon as possible. 1 2 2 3 4 DEFINE ASSESS IDENTIFY AUGMENT the ideal encryption what you have in gaps in your current current ad hoc solution for your needs place today implementations solutions White Paper: Enterprise Encryption and Key Management Strategy 10
    11. 11. Enterprise Encryption and Key Management Strategy THE TIME IS NOW Download ESG Whitepaper @Vormetric Vormetric Contact: Tina Stewart Tina-Stewart@vormetric.com Click - to - tweetWhite Paper: Enterprise Encryptionand Key Management Strategy 11

    ×