¿está seguro que está seguro en la nube? · other data breaches defending against unauthorized...
TRANSCRIPT
www.thales-esecurity.com
ISEC INFOSECURITY TOUR 2019 “I´LL BE WATCHING YOU”
¿Está seguro que está seguroen la NUBE?
Estrategias de Protección en la NUBE
Industry analysts state that
85%
85% of enterprise decision-makers say they have a time frame of two years to make significant inroads into digital
transformation or they will suffer financially and fall behind their competitors.
Source: PWC
We see digital transformation of traditional industries
There are risks associated with the digital transformation
Satisfying compliance requirements around encryption
and key management
Safeguarding against unauthorized insider access and
other data breaches Defending against unauthorized
code
Protecting retail customer data to meet PCI DSS requirements
Securing patient data wherever it is created, shared or stored
Ensuring the authenticity of connected components
DIGITAL TRANSFORMATION WITHOUT DATA SECURITYIT’S LIKE DRIVING OFF A CLIFF!
HEADLONG ADOPTION COMPOUNDS THE PROBLEM
94% use digital transformation technologies with sensitive data
(cloud, big data, IoT, containers, blockchain and mobile payments)
42% use more than
50 SaaS applications
99%use Big
Data
94%implement
IoT
91%working on or
usingmobile payments
53% use
3 or more PaaS environments
57% use
3 or more IaaS vendors
ENCRYPTION – A KEYSTONE TECHNOLOGYFOR PROTECTING DATA
Privacy Requirements: Encryption the top tool needed to meet newPrivacy requirements like GDPR
44%
35%
38%
48%
41%
Cloud: The top tool for more cloud use
Secure Identity needed to drive Big Data Adoption
Big Data: Encryption needed to drive Big Data Adoption
IoT: Encryption the top tool to increase ability to use IoT
Containers: Encryption drives Container usage
42%
Encryption tools top the plan for data security related spending to be purchased in the next year
Global tools US tools
45%
43%
42%
Tokenization
Encryption with BYOK
Hardware Security Modules
44%
43%
41%
Encryption needed to drive the adoption of the technologies needed for digital transformation
DEPLOYING TO THE CLOUDDATA SECURITY REQUIRED
Top Cloud Security Concerns
(rates of very/extremely concerned)
64%
62%
58%
58%
57%
54%
Attacks at the Service Provider
Lack of control over location of data
Security of my organization’s
data in the cloud
Managing Encryption Keys acrossmultiple cloud environments
Custodianship of encryption keys
Meeting compliance requirements
Encryption The top IT security control
needed to expand cloud adoption
44%42% 41%
34%
Encryption of Detailed ITcloud data with and Physical
Enterprise premises key management and storage
Security information
Encryption ofcloud data
with CSP key management and storage
HSMs on premises or in
the cloud
What are enterprises doing about the problem today?
Implementing CASB
46%
Enabling encryption
services offeredby the CSP
51%
Deploying orusing a BYOK
solution
40%
www.vormetric.com VORMETRIC COMPANY CONFIDENTIAL
CLOUD DATA SECURITY
Application Workload Migration to Cloud
Shared Responsibility Model Illustrates Data Security Roles
Software as a Service (SaaS)
Data
Application
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
Customer Responsibility
Provider Responsibility
Infrastructure as a Service (laaS)
Platform as a Service (PaaS)
Data
Application
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
Data
Application
Runtime
Middleware
O/S
Virtualization
Servers
Storage
Networking
Broad Cloud Security Concerns
59%
57%
54%
47%
51%
40% 50% 60%
SECURITY BREACHES / ATTACKS ON CSP
SHARED INFRASTRUCTURE VULNERABILITIES
CLOUD PRIVILEGED USER ABUSE
COMPLIANCE
ENCRYPTION KEY OWNERSHIP
2017 Thales Data Threat Report/451 Research – 1100 IT Professionals
Concerns
Multiplied
By
Multi-Cloud
You’re responsible for
data security.
What do you do?
Analysts: Advanced Encryption and Centralized Key Management
Use File Encryption Centralize Key Management
• File encryption is used for critical
data that needs to be encrypted
at all times
• File encryption is very good at
protecting from the insider threat
• Build a robust key management
infrastructure
• Essential components are a flexible
key management platform, the
data encryption, and access
control
IDC, Encryption a Powerful Risk-Reducing Tool, But a Business Impact Analysis Is Essential,
Robert Westervelt, April 2017 US42425317
IDC, Worldwide Endpoint Encryption and Key Management Infrastructure Forecast, 2016–2020,
Robert Westervelt et. al., August 2016 US41632016
Thales Technology Focus (VTE, CCKM)
Secure data encryption and strong key management to support any
enterprise cloud security strategy - public, private or hybrid
15
Block Privileged Users
Block access to data
(CSP, Subpoena)
Unstructured data, non
CSP data
Cloud Key Assurance
Visibility, Portability, DR,
Compliance
Single Pane of Glass
Securely leave the cloud
Automate Security
Logs, unstructured data, DBs
Block Root / Privileged Users
DevOps Automation
Key
ManagementRoles Based
Encryption
Container
Security
Remove Data Lock
Supply chain data share
Key ownership
Role ownership
Application
Encryption
Advanced Data Encryption Provides Real Protection and Control
Unified Encryption, Key and Policy Management
Security Intelligence Logs
➢ Capture granular data
access logs of authorized and
unauthorized access
Live Data Transformation
➢ No downtime: files or database
remain online during initial
encryption or key rotation
Container Awareness
➢ Establish fine-grained access
controls for each container
AES Encryption
Granular Access Control
Policies
Privileged User Access
Control
Files and Databases
Secure Data Portability
Tokenization with Dynamic Data
Masking
FIPS 140-2 Compliant Secure Key StoragePhysical
Appliances
On-premises
Key Management
Private
& Hosted
Clouds
In-cloud
Key Management
Application Layer
Encryption
Virtual
Appliances
Ad
va
nc
ed
BY
OE
Na
tive
En
cry
ptio
n
CipherTrust Cloud Key Manager
▌Centralized, multi-cloud key
control and management for
IaaS and SaaS
▌As a service or on-premises
deployment
▌Secure Key Storage
▌Logging and Reporting for
enhanced visibility and compliance
▌ As a Service
Subscribe
Configure
Go!
▌ Secure Key Storage
FIPS 140-2 Level 1
Deployment Choices to Fit Your Needs
▌ Your Deployment
Subscribe
Deploy
- Private Cloud
▪ All virtual appliances for cloud deployment
▪ FIPS 140-2 Level 1 Secure Key Storage
- On Premises
▪ CipherTrust Cloud Key Manager virtual appliance
▪ Up to FIPS 140-2 Level 3 secure key storage
▪ Configure
Go!
As a
Service
FIPS 140-2 L1 Secure
Key Storage
On Premises
FIPS 140-2 L3 Secure
Key Storage
Private
Cloud
FIPS 140-2 L1 Secure
Key Storage
True Encrypted Data Mobility is Only Possible with BYOE
Financial Data
HIPAA
On-Premises
Private Cloud
PII
Centralized Keys Provide
Data Mobility
Intellectual
Property
Securing your digital transformation by encrypting everything
Structured and unstructured data at rest
In motion and in use
Within and Across devices
Process, platforms and environments
Thales eSecurity solutions - Supporting a wide range of use cases
Customer Use Cases
Cloud
Security
Data
Security
IoT Security
Payments
Code Signing
PKI
Tokenization
Data Masking
Digital
Signing
Key
Management
App
Encryption
Data
Encryption
Container
Security
Hardware
Security
Modules