how to maximise innovation and efficiencies in a changing...
TRANSCRIPT
Insert Your NameInsert Your TitleInsert Date
How to Maximise Innovation and Efficiencies in a Changing Market
Jean-Philippe RantinSEMEA Presales [email protected]
Placeholder
Introduction
In today’s threat landscape, how are emerging European regulations combined with new technologies impacting the way organisations are delivering services to their customers and constituents ?
How to take advantage of this market intelligence to protect information throughout its lifecycle ?
How to provide innovative services and deliver efficiencies to the business?
2
Enterprise Market Forces
3
Internal Influences External Influences
GOALS • Enable the Business• Drive Transformation and Operational Efficiency
ENTERPRISE
Evolving Budgets
• Consolidation
• Demonstrate ROI
• Integration
• Budget Scrutiny
Evolving Security Framework
• Increase Transparency
• Apply Governance
Evolving Threat Landscape
• Growth
• Complexity
• Web 2.0 focus
• Cyber Fraud
Evolving User Landscape
• Consumerization of IT
• Increased Mobility
• Increased Risk
OPERATIONAL EXCELLENCE OPTIMIZED SECURITY
Insert Your NameInsert Your TitleInsert Date
ThreatsAre they Getting Worse? What’s Really at Risk?
THREATSJean-Philippe RantinSEMEA Presales [email protected]
CyberCrime Continues it’s Evolution
5
The Usual External Threat Soup
6
2million New virus samples per month
2trillion Spam messages per day
3.5million New botnet infections per month
Source McAfee 2011
Internal Threats – Data Breaches
45% of Data Breach Incidents involved theft of Authentication credentials
67% through exploitation of default / guessable credentials
52% through Bruteforce
57% of breaches affected Servers (76% of records)
56% of breaches affected user devices (22% of records)
7Source: 2011 Verizon DBIR
Insert Your NameInsert Your TitleInsert Date
Regulations
Continuous Evolution
8
REGULATIONS
The Evolving Compliance BurdenChallenges to managing a repeatable, reasonable program
9
Worldwide Compliance Requirements• Canadian Electronic
Evidence Act
• CA SB1386 et al
• HIPAA (USA)
• FDA 21 CFR Part 11
• GLB Act
• Sarbanes-Oxley Act (USA) • AIPA (Italy)
• GDPdU and GoBS (Germany)
• NF Z 42-013 (France)
• EU Data Protection Directive
• Financial Services Authority (UK)
• UK Data Protection Act
• Electronic Ledger Storage Law (Japan)
• 11MEDIS-DC (Japan)
• Japan PIP Act
• PCI (WW)• Basel II Capital Accord
• PCI Data Security Standard (WW)
A Compliance Infrastructure…. Evolves with mandates.
Many Regulations and Many Controls Unified Framework Regulatory Framework
All regulations are based on the same confidentiality and integrity goals
Common Data Protection Mandates
Limit use of confidential data
Control access to confidential data
Guarantee confidentiality of confidential data
Maintain the integrity of confidential data
Enforce administrator separation of duties on systems confidential data
Maintain audit and log records of confidential data activities
Regulations Continue to Evolve
PCI 1.0 – 2004• Encryption data (Section 3.4)• IT: Huge Issues in data discovery
PCI 1.1 – 2006• Key Management Clarifications,
Compensating Controls• IT: Needed time to comply, begin
using compensation controls PCI 1.2 – 2008
• More Key management clarifications• IT: Better use of encryption, issues
with key management compliance, compensating controls in use
PCI 2.0 - 2011• Clarifications on virtualisation• Mentions from 3 to 26 times!
12
EndpointsApplicationsDatabasesServersStorage
Do I know you?Can I trust you?What are you authorized for?
Transactions
Store & Access Sharing
Is the transaction validated?
Files Credit Cards PII
0
Users Servers Applications
Store & Access
Control access and sharing
Enforce usage rights
Internal Network
Critical Points in the Information Lifecycle
Why a New Thinking is Needed
Storage Servers Databases Applications
Cloud
Data Sharing
Transactions
Mobile Users
Transactions
Data Sharing
Users Servers Applications
ExternalEnterprise
Mobile Users
>Protect the identities of users, applications, and servers
>Secure the transactions they perform
>Enable data ownership and control by encrypting data when it is created, accessed, shared, stored, and moved
>Encrypt the critical communication paths on which data travels
Persistent Information Lifecycle Protection
A Compliance Infrastructure…. Evolves with mandates.
Unified Framework Regulatory Framework Encryption Directly Addressing Requirements
Data encryption directly addresses the same core confidentiality and integrity requirements common across all regulations
Common Data Protection Mandates
Limit use of confidential data
Control access to confidential data
Guarantee confidentiality of confidential data
Maintain the integrity of confidential data
Enforce administrator separation of duties on systems confidential data
Maintain audit and log records of confidential data activities
Encryption enables authentication and authorization layer.
Encryption fundamentally isolates your data from other tenants in a share cloud environment, shields from unauthorized data breach.
Encryption inherently provides for integrity controls.
Encryption can add additional authentication and authorization layer for administrators separate from data owners
Encryption Key ownership is tangible proof to data ownership. Encrypt/Decrypt actions become easy log and audit proofs.
Data encryption and tokenization limits exposed footprint of data.
A Compliance Infrastructure….Unifying control of data
16
• Unified encryption across multiple tiers
• Across multiple vendor platforms
• Centralized policy enforcement
• Central key management
• Logging and auditing
• Role-based controls
Unified Environment
Evolutionary ExampleEncryption hits the cloud requirements
Encryption is becoming a fundamental technology for protecting data in the cloud:• Isolation of data in multi-tenant
environments• Separation of duties• Role and policy based access
The cloud changes everything– Multiple uses for a virtual
resource that contains sensitive data make it difficult to apply the needed controls
The cloud changes nothing– Every rule of a mandate still
applies when migrating sensitive data to the cloud
– Many infrastructure roles and responsibilities may drop out of view, but compliance responsibility remains with you
Database
Mainframe
File Shares
Virtual Instances
Virtual Storage
Storage
Customer On-Premises
Database
Mainframe
File Shares
Application ServersApplication Servers
Virtual Instances
Virtual Storage
Customer On-Premises
Database
Mainframe
File Shares
Application Servers
•Maintains control (Separation of duty)•Maintains visibility (& ‘Auditability’)•EAL & FIPS level of key security & management
On-Premises Key Management
Encryption – Helping To Adopt the Cloud!
20
“Lawful Order” to Cloud Provider for Data
Destruction of Cloud Data
Physical Location Issues of Cloud Data
Corporate Responsibility
Virtual Instances
Virtual Storage
Applications
Databases MainframesFile Servers
**##**
Tokenization
Crypto as an IT Service
22
File Shares
NetworkStorage
TapeBackups
High SpeedEncryptors
Over-the-wirePIN Issue e-Banking
$e-Statements
E-Passports
Certificate InfrastructuresHSM
Appliance
3rd PartyTechnologies
KMIP
Protect Cloud&Virtual Infrastructure
Protect Cloud&Virtual Infrastructure
ProtectData Centers
ProtectData Centers
Protect StorageProtect Storage
ProtectData Transfer
ProtectData Transfer
ProtectIdentities
ProtectInfrastructure
ProtectInfrastructure
KMIP
Crypto as an IT Service
Standard Packages• Deployed by Business
Units• Integrates with local
system• No encryption expertise
required• Calls to central IT for
encryption services and policy
23
Managed as IT Service• Central policy, Key Storage,
Audit interface• Serve packages and APIs to
the rest of the organization• Streamlined key management
and rotation
HSMAppliance
KeySecureAppliance
BusinessUnits
CryptoDomains
SafeNet – A Security Technology Leader
24
Enabling Increased Value
From YourIT Security
Investments
Providing Business
Innovation And Agility With
Reduced Risk
Protecting Business
Information Throughout Its
Lifecycle
Top Data Protection Projects
25
Move operational expense towards the funding of innovation projects to enable the business
Enable the business and user productivity through adoption of ‘Consumerization’.
Automate IT security process including key lifecycle management and policy enforcement
Consolidate and integrate security functions to fewer consoles to reduce operational cost & speed up audit times
Deliver solutions that minimise the amount of data that falls into scope of auditors