Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
SafeNet DataSecure platform Technological leadership in protecting the information lifecycleMarko BobinacInsert Your NameP...
The Data Protection CompanyProtecting high value information inthe worlds most complex environmentsSolutions for persisten...
What We DoYou manage the world’s most sensitive, high-valuedata. Our mission is to protect it.                            ...
SafeNet Data Protection Product Portfolio      Identities                Transactions                      Data           ...
ProtectDB                                                                                Databas                          ...
Cryptography    as an IT Service                                                                                          ...
The Magic Quadrant for User Authentication                               challengers          leaders    Ability to execut...
DataSecure:         The Foundation of Data Encryption & ControlInsert Your NameInsert Your TitleInsert Date
Six Best Practices in DataProtection & Compliance1. Security — Not Just Compliance2. Define your Corporate Policies3. Invo...
Seven Methodologiesfor Data Encryption & Control1. Maintain Control Over Data Types2. Create Points of Trust for Administr...
Worldwide Compliance Requirements• Canadian Electronic          • Basel II Capital Accord        • PCI (WW)  Evidence Act•...
SafeNet Data Encryption & Control Protecting sensitive data throughout its lifecycle...  wherever it residesIn Data Cente...
DataSecure Platform Appliance solution for   •   High-performance encryption   •   Simplified cryptographic key and polic...
Core Benefits of SafeNet DataSecure                                                Centralized encryption and key    Authe...
Security Centralized Policy Management   •   Security administrators control data protection policy   •   Keys created an...
Performance  Encryption Offload     • Optimized, high-performance hardware     • Frees up database and application server...
Flexibility Heterogeneous Environments   •   Comprehensive enterprise solution   •   Web, Application, Database, Mainfram...
Availability               Moscow                Clustering                                       • Keys and policy are  ...
Positioning of the SafeNet DataSecure ®                                                                      SafeNet      ...
ProtectDB Use Case Use Case Steps                                                                        CRM1. Cleartext ...
DataBase protection with native encryption   Heterogene database environments – Oracle, MS SQL, IBM DB2…….   The informati...
ProtectApp Use Case Use Case Steps1. Cleartext value passed via                                                          ...
ProtectZ Features for Database & ApplicationsRunning on IBM Mainframes   Granular Protection     •   Retain ownership of ...
ProtectFile for Servers Features Use Case Steps                                                   File                   ...
ProtectFile Sample Policies• Create policies that align to lines of business• Granular policies can be defined to control ...
Access Policy page example
Access Level – sample I User with Encrypt & Decrypt permissions
Access Level – sample II User with Backup & Restore Ciphertext permissions
Access Level – sample III User with No Access permissions
Information preview: StorageSecure   New appliance (March 2012) for protecting Storage   Supports any kind of NAS (CIFS,...
Tokenization Manager Use Case1.   Sensitive data comes                 Payment Backoffice   Small Enterprise     in throug...
Maintain Ownership and Controlwith DataSecure         Centralized tool to create granular protection policies and control ...
Protection for different Data Types        INDUSTRY   DATA TYPES                                                          ...
DataSecure Supports Separation of Duties DataSecure is the foundation of data encryption &  control by securing a wide ar...
Key Management throughout Lifecycle                                         Oracle DB                            SQL DB   ...
Summary                                                       Tokenization                                                ...
Unrivaled Customer Success with Some of theWorld’s Most Respected and Admired CompaniesFinancialTechnologyHouseholdBrandsR...
marko.bobinac@safenet-inc.com                    Thank youInsert Your NameInsert Your TitleInsert Date
марко Safe net@rainbow-informzashita - februar 2012
марко Safe net@rainbow-informzashita - februar 2012
Upcoming SlideShare
Loading in …5
×

марко Safe net@rainbow-informzashita - februar 2012

799 views

Published on

Технологическая презентация SafeNet на семинаре "Информзащиты".

Published in: Technology
  • Be the first to comment

марко Safe net@rainbow-informzashita - februar 2012

  1. 1. SafeNet DataSecure platform Technological leadership in protecting the information lifecycleMarko BobinacInsert Your NamePreSales Engineer Eastern EMEAInsert Your Title21.02.2012Insert Date
  2. 2. The Data Protection CompanyProtecting high value information inthe worlds most complex environmentsSolutions for persistently protecting information asit moves through its lifecycleProtection that evolves with the customer needs 3
  3. 3. What We DoYou manage the world’s most sensitive, high-valuedata. Our mission is to protect it. 5
  4. 4. SafeNet Data Protection Product Portfolio Identities Transactions Data Communications Data Encryption High-Speed Authentication HSM and Control Network Encryption Offering the broadest Offering The most SafeNet’s DataSecure – a SafeNet high-speed range of authenticators, secure, and easiest to Universal platform network encryptors from smart cards and integrate technology for delivering intelligent data combine the highest tokens to mobile phone securing PKI identities protection and control for performance with a unified auth—all managed from and transactions. information assets management platform a single platform
  5. 5. ProtectDB Databas ProtectFile e ProtectApp File Servers Key Secure SAM Application/ ProtectZ Web Servers Mainframe HSM Email Gateways PKI Infrastructure Datasecure Certificate Authority Data Encryption Storage EncryptionSelf Encrypting HDs & Control Web Gateways eSafeEndpointProtection 1 Firewalls / SSL VPNs High Speed Encryption Communication Protection Protection NAS Communication Protection Cloud / External IT Solutions ProtectApp DataSecure Authentication & Access Management Identity Protection Secure Cloud Storage &Applications HSM HSE Cryptographic Keys Public and Private Virtualized Application Security Cloud Infra Protection Authentication & Access Management SRM SaaS Access to Cloud-Based Apps Software Rights Management Software as a Service
  6. 6. Cryptography as an IT Service 3rd Party Technologies Storage Secure KMIP Appliance HSM Appliance Certificate Infrastructures File Shares Nat. IDs AMI Tape E-Signatures MeteringBackups Network Storage E-Passports Protect Protect Storage Infrastructure Protect V Manager Virtual Appliance Authentication Manager Data Secure Virtual Instances Appliance Virtual Storage Management Center Protect Cloud **##**&Virtual Infrastructure High Speed Protect Encryptors Tokenization Identities Protect Applications Protect Data Centers File Servers Data Transfer Databases Mainframes 8
  7. 7. The Magic Quadrant for User Authentication challengers leaders Ability to execute niche players visionaries Completeness of vision As of January 2012
  8. 8. DataSecure: The Foundation of Data Encryption & ControlInsert Your NameInsert Your TitleInsert Date
  9. 9. Six Best Practices in DataProtection & Compliance1. Security — Not Just Compliance2. Define your Corporate Policies3. Involve the Stakeholders4. Know your Data5. Understand your Threats6. Determine where to Protect your Data 11
  10. 10. Seven Methodologiesfor Data Encryption & Control1. Maintain Control Over Data Types2. Create Points of Trust for Administration and Policy3. Leverage a Secure, Hardened Platform for Heterogeneous Environment4. Chose Standards Based Security when Possible5. Select a Flexible Platform for Encryption and Tokenization6. Pick a Solution with Key Management Best Practices7. Ensure Proof of Compliance is Easy 12
  11. 11. Worldwide Compliance Requirements• Canadian Electronic • Basel II Capital Accord • PCI (WW) Evidence Act• PCI Data Security Standard • AIPA (Italy) (WW) • GDPdU and GoBS (Germany)• CA SB1386 et al • NF Z 42-013 (France)• HIPAA (USA) • EU Data Protection Directive • Electronic Ledger• FDA 21 CFR Part 11 • Financial Services Storage Law (Japan)• GLB Act • Authority (UK) • 11MEDIS-DC (Japan)• Sarbanes-Oxley Act (USA) • UK Data Protection Act • Japan PIP Act 13
  12. 12. SafeNet Data Encryption & Control Protecting sensitive data throughout its lifecycle... wherever it residesIn Data Centers On Endpoints ProtectDB Tokenization• Applications • Desktops 0000 000 00• Databases • Laptops Databases ProtectZ• File Servers • Removable Media ProtectApp• Mainframes Mainframes DataSecure Platform ProtectFile Server WebAppServersIn the Cloud Cloud ProtectDrive ProtectFile• Persistent, secured cloud storage for structured & unstructured data File Servers ProtectDrive 14
  13. 13. DataSecure Platform Appliance solution for • High-performance encryption • Simplified cryptographic key and policy management • Hardened Linux kernel • FIPS and Common Criteria certified • High Availability Combined with connectors (software) • Connectors for applications, databases, file servers, and stations. • Secures the connection to the appliance (connection pooling, SSL).
  14. 14. Core Benefits of SafeNet DataSecure Centralized encryption and key Authentication, authorization, and Security Hardware-based solution management auditing High performance encryption Batch processing for massive Performance offload amounts of data Local encryption capabilities Support for heterogeneous Support for open standards and Range of enterprise deployment Flexibility environments APIs models Simplified appliance-based Manageability approach Web management console CLI (command line interface) Enterprise clustering and Load balancing, health checking, Geographically distributed Availability replication and failover redundancy
  15. 15. Security Centralized Policy Management • Security administrators control data protection policy • Keys created and stored in a single location • Dual Administrative Control • Separation of Duties • Logging, Auditing and Alerts FIPS & Common Criteria Certified Solution • FIPS 140-2 Level 2 & CC EAL2 Certified • Keys are stored in the appliance • Different types of encryption available: AES, 3DES, RSA ... • Certificate authority to manage its integrated SSL access Authentication & Authorization • Multi-factor authentication possible between DS <> db or application. • Access control: Granularity of crypto policy, by key, by schedule, etc. • Support for LDAP
  16. 16. Performance  Encryption Offload • Optimized, high-performance hardware • Frees up database and application servers • Latency less than 300 microseconds per request  Local Encryption Option • Configurable for hardware offload or local encryption  Batch Processing • Perform batch encrypts/decrypts for high performance • More than 100k TPS • Batch tools include: • Transform Utility • ICAPI (SafeNet API protocol) • Easy integration into existing applications Perf. Average - 15 minutes to encrypt 5,000,000 records in 16 octects (char) on MS SQL with x 1 i430 in AES256
  17. 17. Flexibility Heterogeneous Environments • Comprehensive enterprise solution • Web, Application, Database, Mainframe or File Server • Data Center or Distributed Environments • Open Standards-based APIs, cryptographic protocols Scalability • Models with capacity from 2,500 TPS to 100,000 TPS • Clustering further increases capacity and redundancy • Licensing structure enables cost-effective build-out
  18. 18. Availability Moscow  Clustering • Keys and policy are shared/replicated DataSecure Cluster among DataSecures in a global cluster  Load Balancing • Connector software can load balance across a group of appliances • Multi-tier load balancing enables transparent fail over to Saint Petersburg alternate appliance(s)
  19. 19. Positioning of the SafeNet DataSecure ® SafeNet ProtectApp Tokenization 0000 000 00 Application and Web Servers SafeNet ProtectDB Databases Mainframes SafeNet File Servers ProtectFile ProtectZ SafeNet DataSecure SCALABLE FOR GROWTH 21 • Configurations to meet your needs — today and in the future • Extend invest over data types as needed • Scalable to address growth
  20. 20. ProtectDB Use Case Use Case Steps CRM1. Cleartext values passed via database 0000 000 00 server to DataSecure Credit card2. DataSecure returns encrypted values to Value the database server (Encrypted value can be shared across the organization in other environments in a persistently encrypted format)3. Transform Utility can be used to support Transform Utility high performance batch processing 0000 000 00Supported Databases Encrypted Value• Oracle, Microsoft SQL Server, IBM DB2 & Teradata DataSecure• Supports native database encryption key storage/management 0000 000 00 0000 000 00Algorithms 0000 000 00• 3DES, DES, and AES 0000 000 00Supported Platforms 0000 000 00 Credit card 00 0000 000• Windows, Linux, Solaris, HP-UX, AIX, or IBM z/OS Value 22
  21. 21. DataBase protection with native encryption Heterogene database environments – Oracle, MS SQL, IBM DB2……. The information should not be visible to the DBA. (accessible vs. visible) The cryptographic load often requires a hardware upgrade Transparent native encryption requires an upgrade of the software versions Access to the logs is not secure, and their reading complex (unfiltered) Native platforms are not certified, "certifiable" (FIPS, CC) The cryptographic keys are used in a non-secure buffer The keys are not sequestered except with the use of an HSM, but only for the MasterKey Resources are not shared & key rotation process is binding
  22. 22. ProtectApp Use Case Use Case Steps1. Cleartext value passed via DataSecure application layer to DataSecure 0000 000 00 0000 000 002. DataSecure returns encrypted value Encrypted Cleartext3. Encrypted value can be shared with Value E-Commerce Value heterogeneous applications & (Java or .Net) Application databaseSupported Web & Application Servers• Oracle, IBM, BEA, IIS, Apache, Sun ONE, JBossAlgorithms• 3DES, DES, AES, RSA (signatures and CRM ERP encryption), RC4, SHA-I, SHA-2 Application ApplicationSupported Platforms• .NET, MSCAPI, PKCS#11, JCE, ICAPI, XML• Windows, Linux, or IBM z/OS Customer Database 24
  23. 23. ProtectZ Features for Database & ApplicationsRunning on IBM Mainframes Granular Protection • Retain ownership of data on IBM z/OS mainframes Applications in databases and applications Proven Algorithms • Achieve the highest level of database and application security by using proven cryptographic algorithms combined with strong identity and access-policy protection such as AES, DES and DESede Broad Support • Flexible support for APIs such as ICAPI & JCE, DataSecure application support for Cobol, RPG, assembler for environments such as CICS, TSO or batch and data storage in DB2, IMS, VSAM, DASD Data Type Support • Coverage for data types such as BIGINT, CHAR, Databases DATE, DECIMAL, INTEGER, SMALLINT, TIME, TIMESTAMP, and VARCHAR 25
  24. 24. ProtectFile for Servers Features Use Case Steps File Network-attache Server1. Document encrypted by DataSecure Servers based on corporate policy2. Protected file or folder stored on file server in data center Intellectual3. Only privileged users can Property access, view, modify, or delete protected filesInteroperability with Privileged• RIS, SMS, Tivoli, TNG, Active Directory and multi- Users factor authenticatorsAlgorithms• FIPS 140 Level 2 AESSupported Platforms DataSecure• Windows and Linux operating systems, Microsoft, Novell, Netware & Unix (Samba) 26
  25. 25. ProtectFile Sample Policies• Create policies that align to lines of business• Granular policies can be defined to control access to authorized users Finance Managers – gets full Call center reps can encrypt credit access to confidential financial card numbers for phone orders spreadsheets Outside Auditors – get access to Customer contracts sent to the call sensitive files remotely and center are saved to a shared file offline, but need to get re- server by the Call Center reps where authorized by IT every 30 days to they are automatically encrypted regain access. (Policy can be and strict access control is applied. configured based on any set amount of time.) Market analysts are able to access IT Administrators – they get access and share their competitive analysis to perform routine maintenance, on seasonal opportunities in the but cannot see any files that have Finance folder, but only see cipher been encrypted (IT sees only text if they try to click on the cipher text). spreadsheet with analyst salary information.
  26. 26. Access Policy page example
  27. 27. Access Level – sample I User with Encrypt & Decrypt permissions
  28. 28. Access Level – sample II User with Backup & Restore Ciphertext permissions
  29. 29. Access Level – sample III User with No Access permissions
  30. 30. Information preview: StorageSecure New appliance (March 2012) for protecting Storage Supports any kind of NAS (CIFS, NFS) 1Gb/s - 10Gb/s of file encryption Transparent – works on network layer Not a replacement for ProtectFile – decision depends on what fits you best as DataSecure offers wider range of solutions! 32 32
  31. 31. Tokenization Manager Use Case1. Sensitive data comes Payment Backoffice Small Enterprise in through a application support Market Application consumer system2. Sensitive data is passed to Tokenization Manager3. Tokenization encrypts the sensitive data, stores it and returns a token Tokenization Manager4. Payment application passes tokens to Tokenization Manager to request original data it needs for bank transaction DataSecure PCI5. Tokenization decrypts and Auditor returns sensitive data6. PCI Auditor only needs to inspect tokenized database and active applications
  32. 32. Maintain Ownership and Controlwith DataSecure Centralized tool to create granular protection policies and control who and what has access to sensitive data when and where Standards-based encryption with the highest level of security in a commercial platform Logging, auditing and reporting capabilities provide visibility for enforcement, refinement and compliance Persistent protection as data moves within data centers, out to endpoints and into the cloud 34
  33. 33. Protection for different Data Types INDUSTRY DATA TYPES  One platform to protect: Healthcare Patient Records Financial Account Info Services • Personal Identifiable Retail Credit Cards InformationManufacturing Design Specs Energy Land Surveys • Payment & Transactional Government Soc. Sec # Tax ID Data DataSecure • Intellectual Property Key Management Policy Management Control Administration • Non-public Information FileServers Applications Databases Cloud 35
  34. 34. DataSecure Supports Separation of Duties DataSecure is the foundation of data encryption & control by securing a wide array of data types under one platform that: Provides tools for the SECURITY administration, enforcement, monitoring, and report of data protection solution Establishes distinct roles so no single administrator can compromise the system Administration for key and policy management requiring ―m of n‖ credentials 36
  35. 35. Key Management throughout Lifecycle Oracle DB SQL DB DB2 DB Database Administrator Legal Manager Finance IT Manager Manager for Tape HR Storage Manager Security Officer Generate, Certify, Backup, Activate, Deactivate, Rotate, Compromise, Destroy 37
  36. 36. Summary Tokenization Manager SafeNet 000 ProtectApp Data Center Protection 0 000 00 Application and • Designed to secure all of the Web Servers SafeNet ProtectDB sensitive information that is SafeNet ProtectFile File Servers Databases stored in and accessed from Laptop Mainframes enterprise data centers SafeNet ProtectZ • Protecting the structured data SafeNet ProtectDrive SafeNet DataSecure stored in databases, SCALABLE applications, and mainframe FOR GROWTH environments as well as the unstructured data kept in file The Solution Suite Includes: servers • ProtectDB • With DataSecure driving • ProtectApp central enforcement of • ProtectZ corporate policies and access • ProtectFile control • Tokenization Manager 38
  37. 37. Unrivaled Customer Success with Some of theWorld’s Most Respected and Admired CompaniesFinancialTechnologyHouseholdBrandsRetail 39
  38. 38. marko.bobinac@safenet-inc.com Thank youInsert Your NameInsert Your TitleInsert Date

×