Hyperconverged: The Future of Data Centers Presentation

www.thales-esecurity.com
OPEN
Thales e-Security &
SECURING THE DIGITAL TRANSFORMATION

2
This document may not be reproduced, modified , adapted, published,
translated, in any way, in whole or in part or disclosed to a third party
without prior written consent of Thales - Thales © 2017 All rights reserved.
OPEN
The Data Security Partner Program
Service
Provider
Distribution
Channel
OEM Technology
Application
The Partner Ecosystem
By partnering with cloud service providers, we aim to capitalize on this opportunity by enabling our
mutual customers to secure their sensitive data anywhere. The result? Flexibility and control that
securely supports cloud initiatives.
Our Data Security Channel Partner Program provides the solutions necessary to meet your
customers security requirements. With a comprehensive onboarding, enablement and program,
our channel partners are fully equipped to address todays security and compliance challenges
while architecting the business for the future. One of our most important goals is to help you
develop unique value proposition as a trusted security advisor, so you can build revenue and forge
the long lasting relationships with your customers .
Security needs to be built in rather than being an afterthought. Our OEM partners provide the
powerful ability to natively instill trust in any data environment without sacrificing business
opportunity or readiness. Leveraging Thales e-Security as part of a core technology.
We partner with some of the strongest technology leaders in the world to offer fully integrated and
field proven solutions in the most demanding environments. Whether deploying a specific platform,
technology or infrastructure, our deep partnerships with these technology leaders ensure that the
organization can securely drive digital transformation without having to try to make disparate
standalone technologies work together.

3
OPEN
Digital transformation success is rooted in secure and trusted solutions
▌ Enterprise requires safeguarding against data breaches, hackers, nation states and
malicious privileged users.
▌ New compliance enforced by governments require comprehensive protection of
consumer data
▌ Breaches of customer information result in costly notification processes and
damage brand reputation
▌ Interconnected systems and devices need to be authenticated and their data
trusted

4
OPEN
Secure and trusted solutions are required for digital transformation
Data
Center
Data InternetPayments
Cloud &
Containers
Big Data Digital
Payments
Internet of
Things (IoT)
IoT

5
OPEN
Customer
Use Cases
Thales e-Security Solutions
Cloud
Securi
ty
Payments
IoT Security
Data
Security
Key
Managemen
t
General
Purpose
Payment HSM
Tokenization
Data Masking
Code
Signing
PKI
App
Encryption
Data
Encryption
Container
Security
Digital
Signing

6
OPEN
Thales e-Security Product Portfolio
Big Data
Security
Tokenization with
Data Masking
Application
Encryption
Cloud
Encryption
Gateway
Transparent
Encryption
nShieldFamily
payShield
Vormetric Data Security Manager
Datacryptor 5000
DATA PROTECTION
HARDWARE
DATA PROTECTION
SOFTWARE
Batch Data
Transformation
Key Management
as a Service
KMaaS

www.thales-esecurity.com
OPEN
THALES GROUP INTERNAL
THALES GROUP CONFIDENTIAL
THALES GROUP SECRET
The Data Security Partner Program
Partnering to secure the digital transformation

8
OPEN
Nutanix + Thales
▌ Encryption of Big Data
▌ KMIP Key Management

9
OPEN
Would You Have Predicted That Five Years Ago?
New Technology – New Threats

10
OPEN
How do we Encrypt?
Sensitive Data Protection Technologies
SSL, SSH,
HTTPS, IPSEC
Data in Motion
Between Devices
Data at Rest
ENCRYPTION,TOKENIZATION,
DATA MASKING
Application/Database
File System
Disk
File System
Disk

11
OPEN
Types Of Encryption
Risk mitigation vs deployment complexity
File encryption with access
control
App Level Encryption,
Tokenization,
TDE, Data Masking
Full Disk Encryption
(FDE)
File System
Disk
SECURITY
COMPLEXIT
Y

12
OPEN
Types Of Encryption
Risk mitigation vs deployment complexity
File encryption with access control
App Level Encryption,
Tokenization,
TDE, Data Masking
Full Disk Encryption
(FDE)
External Threats, Privileged User
Database Admins, SQL
Injections
Protects Media
File System
Disk
SECURITY
COMPLEXIT
Y

13
OPEN
Types Of Encryption
Vormetric covers the most use cases
Nutanix & Vormetric Cover The Encryption Sweet Spot
 ~90% of use cases
 Easy to deploy at much lower cost and complexity
 Ubiquitous coverage
Transparent
Encryption
Key
Management
Tokenizatio
n
Application
Encryption
File System
Disk
SECURITY
COMPLEXIT
Y

14
OPEN
e
Volume
Managers
2) Vormetric Transparent Encryption (VTE)
SIEM
Vormetric Security Intelligence
Storage
User
File
Systems
Volume
Managers
Big Data, Databases or Files
Allow/Block
Encrypt/Decrypt
Vormetric
Data Security Manager
virtual or physical appliance
Cloud Admin,
Storage
Admin, etc.
*$^!@#)(
-|”_}?$%-:>>
DSM
*$^!@#)(
-|”_}?$%-
:>>
Encrypted
& Controlled
Privileged
Users
John Smith
401 Main
Street
Clear Text
Approved
Processes and Users
Nutanix
Database
Application
User
Encryption Access Control Security Intelligence

15
OPEN
1) External Key Management for Nutanix SED
Joint Value Prop
▌ Encryption
▌ Compliance
▌ Quick and seamless scalability
▌ Simplified key management
▌ High Availability
▌ Multitenant operations
KMIP
SEDs
SEDs
SEDs
External Key Management

16
OPEN
Vormetric Data
Security Manager
(Key Management)
www.shopping.com
Web Server
Vormetric Application Encryption Workflow
Granular Field-Level Protection of Data
Application
VAE
Agent
Application Server
2
3
4
5
1 Credit Card#
Credit Card#
Encrypted Keys
Credit
Card#
Encrypted Credit Card#
Encrypted Credit Card#
Database, Big Data
or File Storage
DSM
High performance encryption libraries for developers
Design security directly into applications
Centralized key management (DSM)
FPE (Format Preserving Encryption)

17
OPEN
Vormetric + Security Analytics
• Audit/block root imitation
• Audit/block unauthorized attempts to access data

18
OPEN
attempted a read
and was denied access
Admin Dirk Snowman imitated user steve
this file because he violated this policy
Vormetric Security Intelligence, Detecting Abuse

19
OPEN
F5 + Thales
▌ SSL + HSM

20
OPEN
Enterprise-Wide Data Protection
SSL
Link
encryption
PIN processing
Protecting Data
in MotionTape encryption
Database
encryption
Server file
encryption
SAN Switch
encryption
Protecting Data
at Rest
Credential
management
PKI
DRM
Document signing
Application level
encryption
Card issuance
Tokenization Protecting Data in Use
Code signing
Smart metering

21
OPEN
Today’s Challenge
▌ Organizations Growing Dependence on Web
For many, their livelihood hinges on these services
Cannot afford service interruptions or downtime
Must ensure fast dependable transactions at peaks
▌ Application Delivery Controllers Address Challenge
Enhance performance by managing network traffic
Increase reliability by offloading high volume SSL
▌ F5 BIG-IP Manages High Volume SSL Traffic
Optimize web server utilization
Maximize transactional speed

22
OPEN
Why Enhanced Security?
▌ Increased SSL traffic results in more crypto keys
Keys maintained in software can be exposed to threats
Increasing number of crypto keys are harder to manage
Many customers looking for FIPS-certified key protection
▌ Built-in FIPS not available in some BIG-IP models
Critical Keys can Exist in
Multiple Places and are
Vulnerable to Physical
and Software Attacks

23
OPEN
Integration with BIG-IP ADCs
Thales nShield Connect Integrates with F5
BIG-IP to Enhance Security of SSL Keys

24
OPEN
Integration with BIG-IP ADCs
A
D
C
Web
Server
Web
Server
Web
Server
WWW
Tens of
Thousands
of
Connections
Load
Balancing
Data Center Web Server
Farm
BIG-IP
Connectio
n
Originatio
n

25
OPEN
Value Added
▌ External nShield HSM enables hardened solution
Safeguard and manage critical SSL keys used by F5 BIG-IP
Isolate cryptography and keys in FIPS 140-2 Level 3 boundary
Deliver lifecycle hardware key management and mitigate
risks
Critical Keys are Protected and
Managed Within the Secure Confines
of a FIPS 140-2 Level 3 Certified HSM
where they are not Exposed to
Physical and Software Attacks

26
OPEN
HSMs and Problems they Address
▌ What are HSMs?
Hardware Security
Module
Hardened, tamper-
resistant devices
isolated from host
environment
Alternative to software
crypto libraries
▌ What do HSMs do?
Secure cryptographic
operations
Protect critical
cryptographic keys
Enforce policy over use
of keys
HSM security boundary
Business Application Application Data
HS
M
Application Keys inside
security boundary
Secure crypto
processing
engine
Encrypted/decrypted
or signed data
Data to be signed,
encrypted/decrypted

27
OPEN
nShield HSMs are FIPS 140-2
Level 3 Certified
High Performance Network-Attached HSMs
Designed for multi-client/high availability environments
Deliver robust crypto key protection and management
Offer certified implementations of all leading algorithms
Fast ECC key generation and signing performance
Certified to FIPS 140-2 Level 3 standards
Facilitate auditing and compliance to data security regulations
nShield Connect

28
OPEN
In Summary…
▌ Thales nShield Connects Support F5 BIG-IP
Enhance SSL security across the product line
Isolate crypto processes and the critical keys
Provide upgrade capability for installed base
Enable FIPS 140-2 Level 3 security compliance
▌ Key Benefits
Isolate crypto keys and processes from host environment
Segregate administration domains
Enforce dual controls for mutual supervision
Facilitate security compliance reporting

29
OPEN
With Thales e-Security customers can
Satisfy compliance
requirements using
encryption and key
management
Safeguard against
unauthorized insider
access and other data
breaches
Secure ePHI wherever it
is created, shared or
stored
Defend against
unauthorized code
Protect your data and
meet PCI DSS
requirements
Ensures the authenticity
of connected
components

30
OPEN
More Environments
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Ways
Most Comprehensive
More Securely
Lowest Cost
More Environments

31
OPEN
SECURING DIGITAL TRANSFORMATION

32
OPEN
©AccudataSystems, Inc. 2017
Contact Thanh Nguyen at
TNguyen@AccudataSystems.com to:
• Review your data security strategy
• Schedule a Security Health Check
• Set up a complimentary Proof of
Concept (POC)
Interested in Learning More?

Hyperconverged: The Future of Data Centers Presentation

More Related Content

What's hot

Similar to Hyperconverged: The Future of Data Centers Presentation

Recently uploaded

Hyperconverged: The Future of Data Centers Presentation