Insert Your NameInsert Your TitleInsert Date

How to Maximise Innovation and Efficiencies in a Changing Market

Jean-Philippe RantinSEMEA Presales Managerjprantin@safenet-inc.com

Placeholder

Introduction

In today’s threat landscape, how are emerging European regulations combined with new technologies impacting the way organisations are delivering services to their customers and constituents ?

How to take advantage of this market intelligence to protect information throughout its lifecycle ?

How to provide innovative services and deliver efficiencies to the business?

2

Enterprise Market Forces

3

Internal Influences External Influences

GOALS • Enable the Business• Drive Transformation and Operational Efficiency

ENTERPRISE

Evolving Budgets

• Consolidation

• Demonstrate ROI

• Integration

• Budget Scrutiny

Evolving Security Framework

• Increase Transparency

• Apply Governance

Evolving Threat Landscape

• Growth

• Complexity

• Web 2.0 focus

• Cyber Fraud

Evolving User Landscape

• Consumerization of IT

• Increased Mobility

• Increased Risk

OPERATIONAL EXCELLENCE OPTIMIZED SECURITY

Insert Your NameInsert Your TitleInsert Date

ThreatsAre they Getting Worse? What’s Really at Risk?

THREATSJean-Philippe RantinSEMEA Presales Managerjprantin@safenet-inc.com

CyberCrime Continues it’s Evolution

5

The Usual External Threat Soup

6

2million New virus samples per month

2trillion Spam messages per day

3.5million New botnet infections per month

Source McAfee 2011

Internal Threats – Data Breaches

45% of Data Breach Incidents involved theft of Authentication credentials

67% through exploitation of default / guessable credentials

52% through Bruteforce

57% of breaches affected Servers (76% of records)

56% of breaches affected user devices (22% of records)

7Source: 2011 Verizon DBIR

Insert Your NameInsert Your TitleInsert Date

Regulations

Continuous Evolution

8

REGULATIONS

The Evolving Compliance BurdenChallenges to managing a repeatable, reasonable program

9

Worldwide Compliance Requirements• Canadian Electronic

Evidence Act

• CA SB1386 et al

• HIPAA (USA)

• FDA 21 CFR Part 11

• GLB Act

• Sarbanes-Oxley Act (USA) • AIPA (Italy)

• GDPdU and GoBS (Germany)

• NF Z 42-013 (France)

• EU Data Protection Directive

• Financial Services Authority (UK)

• UK Data Protection Act

• Electronic Ledger Storage Law (Japan)

• 11MEDIS-DC (Japan)

• Japan PIP Act

• PCI (WW)• Basel II Capital Accord

• PCI Data Security Standard (WW)

A Compliance Infrastructure…. Evolves with mandates.

Many Regulations and Many Controls Unified Framework Regulatory Framework

All regulations are based on the same confidentiality and integrity goals

Common Data Protection Mandates

Limit use of confidential data

Control access to confidential data

Guarantee confidentiality of confidential data

Maintain the integrity of confidential data

Enforce administrator separation of duties on systems confidential data

Maintain audit and log records of confidential data activities

Regulations Continue to Evolve

PCI 1.0 – 2004• Encryption data (Section 3.4)• IT: Huge Issues in data discovery

PCI 1.1 – 2006• Key Management Clarifications,

Compensating Controls• IT: Needed time to comply, begin

using compensation controls PCI 1.2 – 2008

• More Key management clarifications• IT: Better use of encryption, issues

with key management compliance, compensating controls in use

PCI 2.0 - 2011• Clarifications on virtualisation• Mentions from 3 to 26 times!

12

EndpointsApplicationsDatabasesServersStorage

Do I know you?Can I trust you?What are you authorized for?

Transactions

Store & Access Sharing

Is the transaction validated?

Files Credit Cards PII

0

Users Servers Applications

Store & Access

Control access and sharing

Enforce usage rights

Internal Network

Critical Points in the Information Lifecycle

Why a New Thinking is Needed

Storage Servers Databases Applications

Cloud

Data Sharing

Transactions

Mobile Users

Transactions

Data Sharing

Users Servers Applications

ExternalEnterprise

Mobile Users

>Protect the identities of users, applications, and servers

>Secure the transactions they perform

>Enable data ownership and control by encrypting data when it is created, accessed, shared, stored, and moved

>Encrypt the critical communication paths on which data travels

Persistent Information Lifecycle Protection

A Compliance Infrastructure…. Evolves with mandates.

Unified Framework Regulatory Framework Encryption Directly Addressing Requirements

Data encryption directly addresses the same core confidentiality and integrity requirements common across all regulations

Common Data Protection Mandates

Limit use of confidential data

Control access to confidential data

Guarantee confidentiality of confidential data

Maintain the integrity of confidential data

Enforce administrator separation of duties on systems confidential data

Maintain audit and log records of confidential data activities

Encryption enables authentication and authorization layer.

Encryption fundamentally isolates your data from other tenants in a share cloud environment, shields from unauthorized data breach.

Encryption inherently provides for integrity controls.

Encryption can add additional authentication and authorization layer for administrators separate from data owners

Encryption Key ownership is tangible proof to data ownership. Encrypt/Decrypt actions become easy log and audit proofs.

Data encryption and tokenization limits exposed footprint of data.

A Compliance Infrastructure….Unifying control of data

16

• Unified encryption across multiple tiers

• Across multiple vendor platforms

• Centralized policy enforcement

• Central key management

• Logging and auditing

• Role-based controls

Unified Environment

Evolutionary ExampleEncryption hits the cloud requirements

Encryption is becoming a fundamental technology for protecting data in the cloud:• Isolation of data in multi-tenant

environments• Separation of duties• Role and policy based access

The cloud changes everything– Multiple uses for a virtual

resource that contains sensitive data make it difficult to apply the needed controls

The cloud changes nothing– Every rule of a mandate still

applies when migrating sensitive data to the cloud

– Many infrastructure roles and responsibilities may drop out of view, but compliance responsibility remains with you

Database

Mainframe

File Shares

Virtual Instances

Virtual Storage

Storage

Customer On-Premises

Database

Mainframe

File Shares

Application ServersApplication Servers

Virtual Instances

Virtual Storage

Customer On-Premises

Database

Mainframe

File Shares

Application Servers

•Maintains control (Separation of duty)•Maintains visibility (& ‘Auditability’)•EAL & FIPS level of key security & management

On-Premises Key Management

Encryption – Helping To Adopt the Cloud!

20

“Lawful Order” to Cloud Provider for Data

Destruction of Cloud Data

Physical Location Issues of Cloud Data

Corporate Responsibility

Virtual Instances

Virtual Storage

Applications

Databases MainframesFile Servers

**##**

Tokenization

Crypto as an IT Service

22

File Shares

NetworkStorage

TapeBackups

High SpeedEncryptors

Over-the-wirePIN Issue e-Banking

$e-Statements

E-Passports

Certificate InfrastructuresHSM

Appliance

3rd PartyTechnologies

KMIP

Protect Cloud&Virtual Infrastructure

Protect Cloud&Virtual Infrastructure

ProtectData Centers

ProtectData Centers

Protect StorageProtect Storage

ProtectData Transfer

ProtectData Transfer

ProtectIdentities

ProtectInfrastructure

ProtectInfrastructure

KMIP

Crypto as an IT Service

Standard Packages• Deployed by Business

Units• Integrates with local

system• No encryption expertise

required• Calls to central IT for

encryption services and policy

23

Managed as IT Service• Central policy, Key Storage,

Audit interface• Serve packages and APIs to

the rest of the organization• Streamlined key management

and rotation

HSMAppliance

KeySecureAppliance

BusinessUnits

CryptoDomains

SafeNet – A Security Technology Leader

24

Enabling Increased Value

From YourIT Security

Investments

Providing Business

Innovation And Agility With

Reduced Risk

Protecting Business

Information Throughout Its

Lifecycle

Top Data Protection Projects

25

Move operational expense towards the funding of innovation projects to enable the business

Enable the business and user productivity through adoption of ‘Consumerization’.

Automate IT security process including key lifecycle management and policy enforcement

Consolidate and integrate security functions to fewer consoles to reduce operational cost & speed up audit times

Deliver solutions that minimise the amount of data that falls into scope of auditors