alliance key manager hsm: how, why, and when would i use on-board encryption services?
TRANSCRIPT
724 Columbia Street NW, Suite 400 | Olympia, WA 98501 | 360.359.4400 | www.townsendsecurity.com
Alliance Key ManagerHow, Why, and When Would I Use On-Board Encryption Services?
Townsend Security
www.townsendsecurity.com
What You Will Learn in this VideoTraditional encryption key retrieval operation
When to use on-board encryption
When to NOT use on-board encryption
How Alliance Key Manager implements on-board
encryption
How applications use on-board encryption
Performance and connection persistence
Further resources
www.townsendsecurity.com
Traditional Encryption Key Retrieval
Sensitive Data
Encryption Key Manager
Secure Key Transfer
www.townsendsecurity.com
Securing Data with On-Board EncryptionThe Encryption Key Never Leaves the Server
Plain Text
Cipher Text Plain Text
Cipher Text
www.townsendsecurity.com
When to Use On-Board Encryption Client application is more vulnerable
Web application
ATM type of application
Amount of data to be encrypted is small
Don’t have encryption library – embedded systems
www.townsendsecurity.com
When to NOT Use On-Board EncryptionLarge amounts of data
Large number of small chunks of data
E.G. Batch applications processing many rows in a table
www.townsendsecurity.com
How Alliance Key Manager Implements On-Board EncryptionSecure TLS connection
Request for encryption or decryption with key name
Encrypt / Decrypt with AES ECB or CBC mode
Response returned to application
Persistent and non-persistent connections
www.townsendsecurity.com
How Developers Use On-Board EncryptionSoftware libraries
Sample code
Purpose built applications
www.townsendsecurity.com
Performance – Persistent and Non-Persistent Connections With non-persistent connections new TLS negotiation every time
With persistent connections you do TLS negotiation only one time - Much faster
Persistent option available on the interface specification
www.townsendsecurity.com
Additional ResourcesAlliance Key Manager Supplemental
Sample source code
API documentation
HOWTO guides
Support Site
Get customer support
Get developer support
www.townsendsecurity.com
Contact Townsend Security:www.townsendsecurity.com800.357.1019 | 360.359.4400
Any Questions About Encryption Key Management?
> Secure Keys. Meet Compliance Requirements.Securely manage keys for data encrypted on ANY platform: Windows Linux, UNIX, IBM i, IBM z
FIPS 140-2 certified. | Low cost. Comprehensive solution.