Upload
ulf-mattsson
View
248
Download
0
Embed Size (px)
Citation preview
Security for What Matters
Most: Data & Identities
The digital world is transforming the way your
enterprise works
2
90%AMOUNT OF THE
WORLD’S DATA
CREATED IN
LAST TWO
YEARS1
23.6bnNUMBER OF
CONNECTED
DEVICES
BY 20203
35%AMOUNT OF ALL
CORPORATE
DATA STORED
IN THE
CLOUD2
1 IBM2 Ponemon Institute3 Cisco Visual Networking Index
Security solutions must align with current and
future business needs
More data
produced,
stored, &
shared
More networks, clouds, & devices
More advanced
threats
More risk of human error
More compliance &
regulatory mandates
The
Reality
The
Perception
94%
of enterprises say their perimeter security
technology is quite effective at keeping
unauthorized users out of their networks.
of enterprises aren’t confident their
data would be secure after a breach.
Source: 2017 Gemalto Data Security Confidence Index report
65%94%
Would your data be secure after a breach?
Attacks are overcoming traditional security
methods every minute
1,378,509,261Records exposed in 2016
As a result of
1,792data breaches globally
More than 95% of all data breaches involved data that was NOT ENCRYPTED
Number of records
compromised
3,776,738
EVERY DAY
2,623
EVERY MINUTE
157,364
EVERY HOUR
Source: 2016 Breach Level Index
44
EVERY SECOND
6
With no defined perimeter in the digital world, it’s time for a
fundamental shift in the security paradigm…
…by moving security closer to what
matters most – Data and Identities
7
SECUREACCESS AND
DEVICES
PROTECTDATA ACROSS
NETWORKS AND
THE CLOUD
What if you could centralize security across your
enterprise – at the edge and the core?
Move security beyond the perimeter to defend what’s
really under attack
ENCRYPT SENSITIVE DATA
• Secure data at rest and data in motion
• Secure data across cloud, virtual, and
on-premises environments
OWN & SECURE ENCRYPTION KEYS
• Manage key lifecycle
• Store keys securely
• Manage cryptographic resources
CONTROL ACCESS
• Manage and ensure appropriate access to
resources across enterprise environments
• Provide strong multi-factor authentication to
corporate resources
Secure your digital transformation with Gemalto
• Large enterprises
• Financial services
• Governments
• Healthcare organizations
• Retailers
• Cloud service providers
• Internet of Things
Digital Payments & Transactions
ComplianceThe Enterprise
Internet of Things Big Data
Cloud
Cloud Access
Management & SSO
Multi-factor Authentication
Encryption & Enterprise
Key Management
High Assurance Key
Protection
SE
CU
RIT
Y F
OR
: S
OLU
TIO
NS
:
OUR CUSTOMERS:
We provide trusted security for today’s industry leaders
10
8 of the
world’s
largest
retailers
14 of
the world’s
largest
banks
5 of the
world’s
largest
healthcare
providers
5 of the
world’s largest
cloud service
providers
10 of the
world’s largest
software
companies
12 of the
world’s largest
manufacturing
companies
Security delivered the way you want it
ENCRYPTIONKEY MANAGEMENT
AND PROTECTION
IDENTITY AND ACCESS
MANAGEMENT
• Data-at-rest encryption
• Data-in-motion encryption
• Enterprise key lifecycle management
• High assurance key protection
• HSM orchestration and crypto operations
• Access management
• Multi-factor authentication
• PKI credential management
Hybrid
On-PremisesHardware or Software
On DemandCloud-based | as-a-Service
CO
NS
UM
PT
ION
MO
DE
LS
UN
IFIE
D D
ATA
SE
CU
RIT
Y S
OL
UT
ION
S
Digital Payments &Transactions
Compliance EnterpriseSecurity
Internet ofThings
Big Data CloudPR
OT
EC
T
AN
YT
HIN
G
Integrated with the technologies you use everyday
CLOUD & SAAS APPS IAAS & PAAS
STORAGE
INTERNET OF THINGS
BIG DATA
BLOCKCHAIN
VPN ACCESS END POINT PROTECTION
DIGITAL SIGNING
VDI ACCESS
*Not a complete list of available integrations. Please contact us for more information.
Overcome your complex data security challenges
Centrally
manage
access and
secure data &
identities
Eliminate islands of security
Reduce costs
Define unified security policies
Ease compliance
Gain
portability
and control
ON
DE
MA
ND
Clo
ud-b
ase
d
SafeNet Data Protection Solutions
SafeNet KeySecureCentralized key lifecycle management
SafeNet Virtual KeySecureCentralized key lifecycle management available as a hardened
virtual appliance
SafeNet Luna HSMHigh assurance key protection
SafeNet Payment HSMHardware security module for financial transactions
SafeNet ProtectServerHardware security module for server & web apps
SafeNet CryptoCommand CenterHardware security module orchestration
SafeNet ProtectVFull disk encryption for VMs/cloud instances/bare metal servers
SafeNet ProtectFileFile system-level encryption
SafeNet ProtectAppApplication-level encryption
SafeNet ProtectDBColumn-level encryption
SafeNet TokenizationApplication-level tokenization
SafeNet High Speed EncryptorsHigh-assurance certified Layer 2 encryption
SafeNet HSM On DemandCryptographic key generation, storage, and management
SafeNet Key Management On Demand (Coming soon)KMIP and key brokering services
EncryptionKey Management & Crypto Operations
SafeNet Data Protection On Demand
ON
-PR
EM
ISE
SH
ard
wa
re &
So
ftw
are
SafeNet Identity and Access Management SolutionsC
RE
DE
NT
IAL
MA
NA
GE
ME
NT
• High Assurance Authentication
• Converged Badge
• Digital Signing
• Email Encryption
• Pre-boot Authentication
SafeNet Authentication Manager
SafeNet Authentication Client
SafeNet Authentication Service
SafeNet Trusted Access
• Identity As A Service
• Single Sign On
• Access Management• Authentication as a Service
• Context-based Authentication
Multi-factor
Authentication
AC
CE
SS
MA
NA
GE
ME
NT
What is GDPR?
• Updates 1995 EU Data Protection Directive• Adopted April 2016• Takes effect May 2018
The protection of natural persons in relation to the processing of personal data is a
fundamental right.
Expands Scope
Affects all companies doing business with individuals located in EU member nations
They need neither reside nor process data within the EU
GDPR applies wherever that is sent, processed or stored
12.10.17
Broadens Definitions
GDPR Defines Personal Data as:
Any information that can be used to identify directly or indirectlyan individual
Includes such identifiers as:• Name• Identification numbers• Location data• Online identifiers • Factors specific to the physical, physiological, genetic, mental,
economic, cultural or social identity of a person
12.10.17
The Challenge
GDPR will apply to
organizations that didn’t worry
about EU data before
Data that previously didn’t need
to be protected, will now need
to be protected
12.10.17
Your GDPR Data Security Obligations
12.10.17Title20
Data Control
12.10.17Title21
To preserve subjects’ privacy,
organizations must control their data.
Per GDPR, they must:
• Only process data for authorized use
• Ensure data accuracy and integrity
• Minimize subject identities’ exposure
• Implement data security measures
• Only process data for authorized
purposes
Data Security
12.10.17Title22
GDPR puts security at the service of
privacy. To preserve subjects’ privacy,
organizations must implement:
• Safeguards in order to keep data
for additional processing
• Data protection by design as a
default
• Security as a contractual
requirement
• Encryption or pseudonymization
• Security in response to risk their
assessment
Right to Erasure
12.10.17Title23
Subject data cannot be kept
indefinitely. GDPR requires
organizations to completely erase
data from all repositories when:
• A data subject revokes their
consent (‘Right to be forgotten’)
• A partner organization requests
data deletion
• A service or agreement comes to
an end
Risk Mitigation and Due Diligence
12.10.17Title24
Organizations must assess risks to
privacy/security and demonstrate they’re
mitigating their risks.
They must:
• Conduct a full risk assessment
• Implement measures to ensure and
demonstrate compliance
• Proactively help third-party
partners/customers comply
• Demonstrate full data control
Breach Notification
12.10.17Title25
When a security breach threatens the
rights and privacy of a data subject,
organizations need to notify customers
and/or supervisory authorities.
They must:
• Notify supervisory authority within 72
hours
• Describe the data breach’s
consequences
• Communicate breach directly to data
subjects
12.10.17Title26
Depending on the violation, fines may
range from €10 million to 4 % of the total
global profit - whichever is higher.
Supervisory authorities will base
penalty on:
• Level of negligence involved
• Steps taken to mitigate damage and
risk
Fines and Penalties
Where to Begin?
12.10.17Title27
A 6 Step Approach to Complying
Understand GDPR /
Legal Framework
Create road map /
Data registerData classification
Start with top priorities
• Procedures &
Policies
• Data protection
Assess & document
other risksRevise & repeat
Gemalto’s Solution to the GDPR
Challenge
12.10.17Title29
The SafeNet Portfolio’s Three Pillar
Approach
Encryption restricts access and processing to authorized
users. It maintains the data’s integrity
Encryption and key management satisfy…
12.10.17Title31
Data
Control
Data
Security
Right to
Erasure
Breach
Notification
Due
Diligence
Key management records encryption usage to produce the
logs that demonstrate GDPR compliance.
Encryption and key management satisfy…
12.10.17Title32
Data
Control
Data
Security
Right to
Erasure
Breach
Notification
Due
Diligence
Encryption attaches security directly to the data itself to
keep it safe in the event of a security breach
Encryption and key management satisfy…
12.10.17Title33
Data
Control
Data
Security
Right to
Erasure
Breach
Notification
Due
Diligence
Encrypted data is not subject to breach notification
requirements
Encryption and key management satisfy…
12.10.17Title34
Data
Control
Data
Security
Right to
Erasure
Breach
Notification
Due
Diligence
Encrypting data and deleting the key completely deletes
data to honor the Right to be Forgotten
Encryption and key management satisfy…
12.10.17Title35
Data
Control
Data
Security
Right to
Erasure
Breach
Notification
Due
Diligence
Strong authentication restricts access to networks
containing subject data to authorized users only
Multi-factor Authentication satisfies…
Title36
Data
Control
Due
Diligence
Authentication management tools record data access
usage to produce the logs that demonstrate compliance.
Multi-factor Authentication satisfies…
Title37
Data
Control
Due
Diligence
The SafeNet Portfolio
12.10.17Title38
Multi-factor Authentication Placeholder
12.10.17Title39
Encryption and Key Management
12.10.17Title40
Taking Customers to a Unified Approach
41
File Servers
Applications
& Web Servers
SQL & NoSQL
Databases
Mainframes
Storage
Backup Media
• Costly & Complex Administration
• Inconsistent Security Policy
Enforcement
• No Repeatable Process
• Inhibited Data & Business
Workflow
• Audit Challenges
Today – Silos
UNIFIED DATA
PROTECTION
PLATFORM
COMPLIANCE
CRYPTO
FOUNDATION
SECURITY
KEY
MANAGEMENTPOLICY
MANAGEMENT
CLOUDON-PREMISES
VIRTUAL
• Single Vendor
• Centrally Defined & Managed
Security
• Strong Compliance & Low Audit
Cost
• Increased Security, Business
Agility, & Lower IT Costs
Tomorrow - Unified
Data Security: Best Practices
Confidential and Proprietary | For Internal Gemalto Use
Only42
Separate key management
from encryption/tokenization
• Encrypt or Tokenize
• Apply Access Controls
Secure Data
• Manage Key Lifecycle
• Apply Access Controls
Protect Keys
Data Protection: A Three Step Approach
Confidential and Proprietary | For Internal Gemalto Use Only43
(DAS, SAN, NAS,
HDFS)(SQL & NoSQL) (Application servers) (Cloud Servers
and Virtual Machines)
File Servers Databases Applications Public Cloud
• Centralized Key Management (Generation, Rotation, Expiration, etc.)
• Audit reporting and compliance management
• Separation of duties – Encryption keys decoupled from data
• File/Folder/Share-level encryption
• Database level encryption
• Application level encryption
• Virtual machine encryption
• Tokenization
+ Access Control
Customer-Controlled Key Management
KeySecureOn-premises
Virtual KeySecureCloud/Virtual environments
ProtectDBTransparent column level encryption
ProtectFileTransparent database file encryption
ProtectAppApplication level encryption
TokenizationApplication level tokenization
TDETransparent data encryption
SQL Database Encryption NoSQL Database
ProtectFileTransparent database file encryption
TokenizationApplication level tokenization
ProtectAppApplication level encryption
ProtectFileTransparent file encryption at the
file-system level
ProtectAppAPIs perform data encryption at
the application level
File/Folder/Share Encryption
(DAS/NAS/SAN)
44
Transform UtilityBulk encryption of structured file
Cloud Storage
Encryption Gateway (CSEG)File & Object encryption gateway
ProtectVTransparent database file
ProtectVTransparent FDE
ProtectVTransparent FDE
Identify the Architecture: The Right Tool for the Right Job
Works in Physical, Virtual, and Cloud Environments
ProtectApp
• IBM
• BEA Systems
• Sun Microsystems
• The Apache
Software
Foundation
• Oracle
• Java
• Jboss
ProtectDBTokenization
ProtectFileProtectV
Ecosystem
• IBM DB2
• Oracle Database
• Microsoft
SQL Server
• IBM
• SAP Software
Solutions
• BEA Systems
• The Apache
Software
Foundation
• Sun Microsystems
• Oracle
• Java
• Jboss
• IBM DB2
• Oracle Database
• Microsoft SQL Server
• Linux
• Samba
• Windows Server
• Novell
• Apache Hadoop
• Cassandra
• mongoDB
• Microsoft SharePoint
• Amazon EC2 & S3
• Chef
• Docker
• Amazon Web
Services
• VMware
• IBM SoftLayer
• Microsoft Azure
• Multiple programming languages
• SOAP and REST interfaces
• OPEN XML interface
• KMIP interface
• Tape Libraries
• Storage
• Cloud gateways
• Databases
• Applications
KeySecure Platform
Distributed Key Management
Apps | GW | Tape
Disk | KMIP | TDE
Virtual
MachinesFile Servers
& Shares
Application
ServersDatabases
Web and
Application
Servers
• Key and crypto engine
• Authentication and authorization
• Key lifecycle management
• SNMP, NTP, SYSLOG
Gemalto SafeNet Data Protection Solutions
Confidential and Proprietary | For Internal Gemalto Use Only45
PARTNERSHIPS
Holistic Enterprise Data Protection Framework
ECOSYSTEM
• Amazon Web Services
• Microsoft Azure HP
Dell
NetApp Storage
Chef
Docker
Oracle
Microsoft SQL
IBM DB2
MySQL
MongoDB
Cassandra
Apache Hadoop
IBM BigInsights
IBMz – mainframes
IBMi – AS400
NoSQL
Databases
SQL
Databases
Storage
Archive Tapes
Files, Folders & Shares -
DAS/NAS/SAN
Big Data P-to-NonP
Tokenization
Application
EncryptionCloud Public
& Private
Application Key
Management
ERP & CRMPOINTS OF
PROTECTION
ENCRYPTION &
TOKENIZATION
SafeNet
ProtectApp
SafeNet
ProtectDB
SafeNet
ProtectFile
SafeNet
Tokenization
Database Native TDE
Transform
Utility
Bulk
Tokenization
Web Services
SafeNet KeySecure
ENTERPRISE
KEY MANAGEMENT
Hardware Security Modules (HSM)
12.10.17Title47
Render Data Useless in
Case of Attack
Strong encryption key protection and ownership are
critical
Secure your data and ensure it
useless in case of a
cyber attack
Strong Key Storage in Hardware -
Not Software
Hardware Root of Trust
for your master
cryptography keys
High assurance,
tamper-resistant hardware
appliances
FIPS-140-2 Level 3-
validation protection
Flexible, Secure
Deployment Options
Deployed in more public
cloud environments than any other
HSM
On-premises, private, public,
hybrid and multi-cloud
environments
Help Achieve Compliance
Simplify auditing
process and reduce costs
Preserve the integrity of your data
Delete encryption keys and
render data useless
Reduce Legal and
Reputation liabilities
Trust HSMs to…
Securely generate and
store cryptographic
keys
Centrally control and
manage keys
Enforce security policies
Perform crypto operations securely
Render critical keys and data inaccessible
Strongest
Protection
Against a
Cyberattack
Enhance
Compliance
& Simplify
Audits
Secure Cloud,
Hybrid &
On-premises
Environments
Always
Store Your
Keys in
Hardware
FIPS-140
Level 3
Protect
Against Data
Breaches
SafeNet Luna HSMs benefits
12.10.17Title48
Crypto Keys Remain in Hardware
High assurance,
FIPS-validated key
vault
Keys never leave the hardware appliance
Keep key safe from
breach, unlike alternative
keys in software solutions
High Performance
Three performance models to suit
your needs
Up to 20,000 ECC
transactions per second
Route to Cloud
De facto HSM for the cloud
Centrally manage
HSMs in the cloud, hybrid cloud, and
on-premises
Broad Ecosystem of Partners
Over 400 partners and
solutions
Plug-and-play documented integrations for leading use cases
Extend HSM TCO
Develop applications
on a common SDK that integrates
with all form factors
Improve compliance & audit process
with centralized
management & reporting
Delegated administration
model enables HSMaaS
Emerging Technologies
Capitalize on emerging
technologies:
Internet of Things (IoT)
Blockchain
Bitcoin
More…
Ease of Use with SafeNet
Crypto Command
Center
Centrally manage crypto
resources
Provide on-demand
provisioning in minutes
vs.days
Enforce security &
consistency with custom, repeatable
policy templates
12.10.17Title49
A full portfolio to address even complex GDPR
challenges according to your needs
Stay in control. You choose what happens to you data
and your customers’ privacy
Side step breach notification obligations
Avoid heavy penalties in the case of a security breach
GDPR Compliance with Gemalto
Thank you!
12.10.17Title50