The document outlines SafeNet ProtectV, a comprehensive solution for data protection in virtual infrastructure, addressing risks associated with virtualization such as data accessibility and control. ProtectV enables isolation, secure migration, and encrypts entire virtual machines while managing authentication and providing an audit trail for data governance. It supports various environments, including AWS and VMware, and adds minimal performance impact of 10-15%.

1. SafeNet ProtectV
Data Protection for Virtual Infrastructure
ProtectV Overview
Insert Your Laptev
Andrey Name
Insert Your Title
PreSales Consultant,
Insert Date
Russia & CIS
© SafeNet Confidential and Proprietary

2. Virtualization Risks
How secure is my data in a virtualized world?
APP
APP
APP
APP
OS
OS
OS
VMs are easy to copy (and steal).
OS
VMs are easy to move.
Hypervisor
Compute Layer
VMs introduce a new class of
privileged users and
administrators—server, storage,
backup, and application—all
operating independently.
Storage
Snapshots
Snapshots
Backup
VMs have multiple instances,
snapshots and backups of data.
And what about your Disaster
Recovery site?

3. Cloud Risks
Mail Servers
•
•
Who is accessing my data?
•
Where is my data?
•
E-commerce
App server
Do I have control of my data?
Is InfoSec going to stop me from
moving to the cloud?
SharePoint
Services
File Servers
Web Servers
Payment info
Intellectual
Property
Customer data
Critical data
Sensitive
Communications

4. Data Protection for Virtual Infrastructure
ProtectV is the industry’s first comprehensive solution
for protecting virtual environments.
With ProtectV you can:
•
Isolate your data
•
Authorize virtual machine instance launches
•
Track key access to all copies of your data
•
Revoke key access in case of a breach
ProtectV enables you to migrate your sensitive
data to virtual datacenters, the cloud and untrusted
or shared environments securely.
© SafeNet Confidential and Proprietary
6

5. Anatomy of Securing Your Data
in Virtual or Cloud Environments
1
2
ProtectV Manager
ProtectV Client
Storage
Protected Volumes
Hypervisor
Protected Virtual
Machines
3a
KeySecure
3b
Virtual
KeySecure
Protected on-premise servers
in physical datacenter
1. ProtectV Manager is a virtual
machine instance that runs
in a virtualized/cloud
environment.
2. ProtectV Client is installed on
your virtual machine or your
servers in your datacenter.
3. KeySecure is a hardened, highassurance enterprise key management
solution in a hardware or in a new
virtualized platform, Virtual KeySecure

6. ProtectV: Secures Your Virtual Data
Power On
1
ProtectV API makes server provisioning automated
and efficient enabling you to PowerOn a VM securely
5
Delete
Every time you
delete a key, it
“digitally shreds”
the data, rendering
all copies of VMs
inaccessible
4
Start
2
You must be
authenticated and
authorized to launch
a VM
Snapshot
Every copy of VM in
storage or backup is
encrypted
© SafeNet Confidential and Proprietary
Daily Operations
3
All data and VMs are
encrypted
8

7. ProtectV Delivers Complete VM Encryption
•
Encryption of entire virtual machine (VM)
•
Entire VM is
encrypted
Encryption of system/OS partition
Secured Volumes
•
•
Encryption of data partition
Encryption of associated snapshots and
backups (DR sites etc.)
Secured VMs
© SafeNet Confidential and Proprietary
9

8. ProtectV Delivers Ownership & Control of Your Data
StartGuard Pre-Launch Authentication &
Authorization
•
StartGuard pre-launch user
authentication and authorization to
launch a virtual machine instance
•
Separation of duties between
infrastructure and security
administrators
•
Secured VMs
NEW!
KeySecure Hardware based FIPS
140-2 level 3 certified Enterprise Key
Manager or Virtual KeySecure
hardened virtual security
appliance
Virtual EKM
On-Premise EKM
© SafeNet Confidential and Proprietary
10

9. ProtectV Delivers Visibility & Proof of Data Governance
Centralized security management
•
Unified management - at-a-glance
dashboard view and central audit
point
•
On-premise or virtualized key
management audit for encryption
keys
Virtual EKM
On-Premise EKM
© SafeNet Confidential and Proprietary
11

10. Deployment Scenario: Public Cloud
Trusted on-premise location
KeySecure (HA)
Public Cloud
ProtectV Manager (HA)
ProtectV Client
Example of an AWS EC2 deployment
© SafeNet Confidential and Proprietary
12

11. Deployment Scenario: Virtual Datacenter
Trusted on-premise location
Virtualized Data Center
ProtectV Manager (HA)
KeySecure (HA)
ProtectV Client
Example of a VMware deployment
© SafeNet Confidential and Proprietary
13

12. ProtectV: Environments, Impact, Products
• ProtectV currently supports the following environments:
• Amazon Web Services EC2
• Amazon Web Services VPC
• VMware vCenter
• ProtectV impacts performance by 10% - 15% in standard
AWS EC2 scenarios
• Complementary products to ProtectV:
• KeySecure (k150 and k460) and Virtual KeySecure (k150v)
• DataSecure (i150 and i450) and Virtual DataSecure (i150v)
© SafeNet Confidential and Proprietary
14

13. At-a-Glance Control of Your Data
© SafeNet Confidential and Proprietary
15

14. ProtectV Delivers
 Encryption of entire VM or server
Complete VM or
server encryption
 Encryption of associated storage volumes (mapped drives),
VM instances (snapshots, backups) and locations (DR sites
etc.)
 Even the entire OS partition is protected
 Pre-launch user authorization to access a VM
Ownership and
control of your
data
 Encryption based separation of duties across virtual and
physical environments
 Unified HW based FIPS 140-2 level 3 certified key
management to ensure VM ownership
 Unified management - at-a-glance dashboard view and
Visibility and
proof of data
governance
central audit point
 Manage physical, virtual and cloud servers from a single
management console.
 On-premise key management audit for encryption key
usage
© SafeNet Confidential and Proprietary
16

15. Thank You
© SafeNet Confidential and Proprietary
18