Data Security Not Optional Anymore
Kurt Zimmerman Strategic Accounts Manager Sun Microsystems (home of StorageTek solutions)
Data Encryption – The Last Layer of Defense
Data Encryption – Without performance penalties
2
Agenda
• Sun Microsystems Update – Our Fit With Unisys
• Data Takes Center Stage
• Today’s Focus: Security and Integrity
• Encryption – The Last Layer of Defense
3
Participation Age
Our Mission
Our Cause
Our Strategy
Sharing creates communities,
and communities create value.
Everyone and everything participating
on the network.
To create the technologies,
products and services that power the
participation age.
To eliminate the digital divide, while making the planet better off.
Sun's Vision, Mission, Cause & Strategy
4
A Market Leader
• 6.5M+ Solaris TM 8, 9 and 10 OS licenses
• Runs on 500+ systems
• 3M+ Solaris 10 OS licenses
• OpenSolaris
• One of the most recognized technology brands
• 4.5M developers • 2.8B devices and millions of PCs, phones, PDAs, smart cards, set top boxes and digitally connected devices
• Open architecture • Optimized with Solaris and Sun systems
• Proven, world record performance
• World class reliability, availability and serviceability
• 4 th largest global storage player
• Sun now protects and manages more data than anyone
• Unisys partner
Core Components of Network Computing
5
Did You Know That…
• Sun Solaris is open source, free and with lowerpriced services than Red Hat?
• Sun’s highperforming x64 servers runs Solaris, Linux, Windows and VMWare?
• Sun’s chip multithreading servers have the highest energy, space, cooling efficiency on the planet?
• Sun’s Java Enterprise System runs on Solaris, Linux, Windows, HPUX?
• Sun is the industry leader in identity management and business integration (SOA)?
• 37% of the world's data is archived on Sun StorageTek? • Most of Sun’s products are available from Unisys either
on their platforms or for use in other environments.
6
A Systems Approach Enabling Your Business
Servers Storage Software Services
7
%
Sun/StorageTek: Trusted With the World's Data
8
9
Data Takes Center Stage
10
The Ability to Manage Identity, Access, Control & Accountability
Data Management Requirement:
11
Accurate and Timely Data Retrieval
Data Management Requirement: The Ability to Recover From Business Interruptions
12
Reduce Business Risk
Slide #7
Data Management Requirement:
13
Our Vision for Data: Data stored securely, managed intelligently
and shared by everyone and everything
participating on the network.
14
Our Strategy for Data
Identity Management
Virtualization Security Data Integrity
Integration
Continuous Innovation
World Class Service and Support
15
Today's Focus: Security & Integrity
Continuous Innovation
World Class Service and Support
Identity Management Virtualization Security
Data Integrity Integration
16
The Security Threat Landscape Shift Threats are noisy and visible to everyone Threats are indiscriminate hit everyone Threats are disruptive → Impact is readily visible Remediation action is technical (“remove”) Only a few named threats to focus upon Old
17
The Security Threat Landscape Shift Threats are noisy and visible to everyone Threats are indiscriminate hit everyone Threats are disruptive → Impact is readily visible Remediation action is technical (“remove”) Only a few named threats to focus upon Old Threats are silent and unnoticed Threats are highly targeted and regionalized Threats damage reputation → Impact is unclear Remediation is more complex, may need to investigate Overwhelming amounts of variants, nameless threats
New
18
All It Takes is One Missing Tape
19
It is Not Just “Headlines” Four Dimensions of Business Risk
Direct Direct Losses Losses
Indirect Indirect Losses Losses
Productivity Productivity Losses Losses
Legal Legal Exposure Exposure
Theft, Money, Theft, Money, Digital Assets Digital Assets
Computer Computer Resources Resources
Consumer Data Consumer Data Employee Data Employee Data Customer Data Customer Data
Loss of Loss of Potential Sales Potential Sales
Negative Negative Brand Impact Brand Impact
Loss of Loss of Competitive Competitive Advantage Advantage
Loss of Loss of Consumer Consumer Confidence Confidence
Diversion Diversion of Funds of Funds
Continuity Continuity Expenses Expenses Corruption Corruption
of Data of Data Recovery Recovery Expenses Expenses
Failure to Meet Failure to Meet Contracts Contracts
Failure to Meet Failure to Meet Privacy Privacy
Regulations Regulations Illegal User Illegal User
Activity Activity Director Director Liability Liability
20
Protecting Data is a Fiduciary Responsibility.. • Host of privacy legislation passed or pending on a global basis: > Most countries have laws on the books holding company executives accountable
21
Encryption Implementation Choosing the Right Solution to Meet Your Unique Needs
At Creation In the Tape Drive By Virtualization
22
Security Requires a Delicate Balance
Height of Fences? Ease of Access?
A Balancing Act: Cost vs. Risk
23
Encryption The Last Layer of Defense • Data security can be implemented in a series of protective layers
• The last layer of defense, is to alter the data, in such a way that the intruder will not find it useful, without increasing complexity risk and cost
• Encryption insures data integrity as it cannot be altered once encrypted without the key
24
Implementing an Encryption Strategy
Data Encryption is “Old News”
• Why is data encryption not being used?
World War II “Enigma” Encryption
Device
25
• Why is data encryption not being used?
• The answer is performance, cost, complexity and risk
Implementing an Encryption Strategy
Data Encryption is “Old News”
World War II “Enigma” Encryption
Device
26
Our Approach to Encryption
• Reduce the risk factors that lead to business losses
• Integrate encryption into current workflows
• Make it less complex to encrypt data and manage the “keys”
27
Encryption In The Device Tape Based Encryption Solutions
• Data can be encrypted on a tape drive device, making it easy to validate and eliminating the performance penalty on the server
• Most secure solution, AES256, device independent key management
• Easiest to implement, low cost • No performance penalties!!! Bottom line: This is a good fit for
heterogeneous environments including Unisys platforms; inherently secure, reduces complexity, risk, and total cost of ownership
Tape Drive
28
Business Value of Tape Encryption Reduces Immediate Risks and Lowers Costs
• Customer or regulatory body notification is not required as information is not accessible to unauthorized parties
• Provides protection from both offsite and onpremise information loss
• Enables secure shipment of data
• Allows secure reuse of tapes
29
Tape Encryption Promotion (ends 6/29)
•Buy 2 T10000 drives, and KMS Integration Services, get encryption hardware free!
FREE ITEMS – US List Pricing: •Crypto Key Management Station $35,000 •Encryption feature upgrade (2 each) $10,000 •Crypto accessory kit $ 8,000
30
Managing Encryption Customer Questions
• How do we structure the key management process?
• What if the key is lost or damaged?
• How many keys do we need? • How much key management training will we need?
• What about disaster recovery? • And more...
31
Managing Encryption Being “Ready” to Implement and Manage Encryption
• Understanding key management and having a welldefined key management strategy is crucial
• A select group of people manage a select group of keys – so if a key is lost, it can be replaced without jeopardizing data
• StorageTek/Sun via Unisys offers a four phase Encryption Readiness Planning Service in order to be ready to encrypt
32
Encryption Readiness Planning Assessment Scope via Unisys
Resilience to Risk Encryption based data recovery practices and course of action for data recovery
Operational policy Portrayal of security and encryption policies and regulations that effect service levels required of the business
Key Management Best practices of encryption key management systems to meet security and business requirements
Information Security Readiness
Maturity capability of the information security infrastructure to assimilate and implement a security strategy
33
Take Action Today > Get a better understanding of
where data can be encrypted and the tradeoffs before you decide on a data encryption method
> Engage Unisys and Sun/StorageTek to do a Data Security Assessment or Encryption Readiness Analysis to find out where you are at risk and how we can help reduce that risk
34
“The value provided by securing sensitive data with encryption, access controls, and audit functionality outweighs the cost of implementation. With regulations requiring security at varying levels, and noncompliance costs adding up quickly, can you afford not to secure your data?”
Source: Avivah Litan Gartner Security Analyst IT Security Summit May 2006
35
Encryption – What to Remember
Data Encryption Not Optional Anymore
Data Encryption – The Last Layer of Defense
Data Encryption – Without performance penalties