Brave new world of encryption v1


Published on

  • Be the first to comment

  • Be the first to like this

Brave new world of encryption v1

  1. 1. Brave New World – Encryption and the Cloud Ashvin Kamaraju – VP of Product Development
  2. 2. Agenda Cloud Market Overview Security for the Cloud Encryption & Key Management Q&A2
  3. 3. Cloud Market Overview
  4. 4. Data Centers Are Evolving Cloud Virtual Physical4
  5. 5. Enterprises Are Moving to the Cloud
  6. 6. There Are Different Types of Public Clouds Fully functional applications provided such as SaaS CRM, ERP, email, Project Management, Software s a Travel Services, etc. Service PaaS Operating environments included such as Platform as a Service Windows/.NET, Linux/J2EE, applications of choice deployed Virtual Data Centers IaaS Infrastructure Virtual platform on which required operating Cloud Centers as a Service environment and application are deployed. Also includes storage as a service offerings Data Centers6
  7. 7. Market Landscape Gartner September 2012 Public cloud services market is forecast to grow 19.6 percent in 2012 to $109 billion Business process as a service (BPaaS) represents 77 percent of the total market Infrastructure as a service (IaaS) is forecast to be $6.2 billion in 2012 and growing at a rate of 45.4 percent The total public cloud services market is forecast to grow to $206.6 billion in 20167
  8. 8. Security for the Cloud
  9. 9. Barriers to Cloud Adoption Performance Security
  10. 10. Cloud Adoption  Need for Data Security Data = Cash • Reputation, Compliance, Penalties Layers of Network Security Applied Today • Next Gen Firewalls, VPNs, IPS, SIEM, DAM/DAP, Move to Include Data Security • Encryption, Key and Policy Management
  11. 11. Security of cloud infrastructure - SurveyResults What data types would you place in the cloud infrastructure environment? Regulated data (such as credit cards, health data, SSN, driver’s license number Employee data Non-regulated confidential business data (such as intellectual property, business plans, financial records) Non-regulated customer data (such as purchase history, email address list, shipping information) 0 10 20 30 40 50 60 70 80 Responses (%) Encrypted Not Encrypted Source: Ponemon Institute survey of 1000 U.S IT and Compliance practioners (600 IT; 400 Compliance) – November 201111 Copyright © 2011 Vormetric, Inc. - Proprietary and Confidential. All Rights Reserved.
  12. 12. Why does encryption make data secure inthe cloud? Cloud is inherently multi-tenant All infrastructure i.e. compute and storage are shared among different customers (serially) In the event there is a physical theft at the service provider facilities unprotected data is left vulnerable In the event there is unauthorized access (malicious or inadvertent) unprotected data ends up in the wrong hands Sensitive data must be protected to meet regulatory requirements Payment Card Industry (PCI) Data Security Standard (DSS) HIPAA HITECH Safe Harbor Enable governance for hybrid clouds Seamlessly manage private and public clouds by complying with the corporate regulatory and security standards
  13. 13. Two Different Perspectives Cloud Service Provider • Want to provide assurances to their customers that the service is secure • This is a competitive differentiator Cloud Service Provider Customer • Some will trust that their data is being properly secured • Some will demand that they maintain complete control of their data
  14. 14. Encryption and Key Management
  15. 15. 3 Components of Data Security in the Cloud Policy Management Key Management Encryption
  16. 16. Encryption, Policy and Key ManagementPolicy and key management are extremelyimportant aspects of encryptionKeys are used to encrypt/decrypt dataPolicies, which are tied to business need, definehow keys are distributed and authorized for useEnterprises typically have several encryptionsolutions and keys are not centrally managedCentralized policy and key management is essentialto meet the business needs, governance andregulatory requirements
  17. 17. Centralized Key ManagementBenefits Central repository for secure storage of keys Key life cycle management (creation, deletion, expiry notification, reporting) Policies (define how keys will be used) Separation of duties Secure backup Compliance with standards such as FIPS 140-2 Manage encryption solutions using industry standards e.g. PKCS #11, KMIP
  18. 18. Centralized Key ManagementKey Management: As a service or On Premise?Approach Tradeoffs Custodianship Risk Cost Separation of Multi- duties TenancyOn-Premise solution High (can be Low Lines of Customer amortized across Yes (customized) business large deployment) KeyManagement Yes. But only if data isas a Service Depends on not managed by key Multiple Service Provider Low the SLA management service customers provider
  19. 19. Understanding Data Security with Softwareas a Service (SaaS) Doing your research: Data security due diligence Customer does not control how information is handled but can effect it The risk: data security threats Data exposure By SaaS provider By IaaS partner By customer through application controls SaaS touch points: SaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Solutions Data encryption used by SaaS providers to fulfill customer requirements Tokenization by on-premise network appliances (Cloud Gateways)
  20. 20. Understanding Data Security forInfrastructure as a Service (IaaS)Doing your research: data security due diligence Customer does not control how infrastructure security is handled Customer responsible for data securityThe risk: data security threats Data exposure By IaaS provider By customer through application controlsIaaS touch points: IaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Encryption/Key Management for data protectionSolutions Customer encrypts data; Customer is custodian of keys Customer encrypts data; Different service provider for key management
  21. 21. Summary Cloud computing is a pervasive trend with compelling economics Ensuring data security and privacy is necessary to embracing cloud computing Encryption protects data and makes it safer to migrate to cloud Policies, separation of duties and key management are the underpinnings of encryption Tradeoffs in risk, costs and compliance to regulations must be considered in choosing a solution
  22. 22. Thank you!