ibm cloud data encryption services
TRANSCRIPT
© IBM Corporation 1
Presented by:
IBM CloudData Encryption ServicesSoftware-defined data protection with built-infault tolerance Isabel Sanz
© IBM Corporation 2
text
The number of hacks and data breaches are growing every year.
Over 2 millionthe number of records compromised in cyber attacks daily1
205the number of days before a breach is detected4
49the percentage of data breaches that occur due to criminal attacks3
429the number of cyber breaches that happen every week5
12014 Data Breach Trends, Risk Based Security Open Security Foundation, February 20152,32015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 20154 M-Trends 2015: A View from the Front Lines, Mandiant 20155 2014 Global Report on the Cost of Cyber Crime, Ponemon Institute, October 2014
More than 3.8 million USDthe cost to recover from a cyber breach2
© IBM Corporation 3© IBM Corporation 3
Security remains the primary barrier to cloud adoption.1
Nearly 50% think security is a barrier
to cloud adoption, while 41% feel the
related issues of data loss and leakage risks are impediments.2
1, 3Cloud Adoption Practices & Priorities Survey Report, Cloud Security Alliance, January 20152 The LinkedIn Cloud Security Spotlight report, 2015
61% of companies think that security
of data in the cloud is an executive or board-level concern.3
© IBM Corporation 4
text
How do we prepare ourselves: Key questions…
– Are you worried about failing to meet Compliance requirement for data
security?
– Are you struggling to keep up with scaling your IT infrastructure in
house?
– Are you worried about the wrong people gaining access to your data?
– Do you think any of your data has even been stolen/hacked?
– Have you ever lost access to your data?
© IBM Corporation 5
text
How do we prepare ourselves…
IBM Cloud Data Encryption Services (ICDES) is data protection that goes well beyond traditional security products to safeguard your data even when your network protection fails
IBM Cloud Data Encryption ServicesSoftware defined data protection
© IBM Corporation 6
text
Addressing main pillars of the data protection with ICDES
ICDES
PRIVACY AND INTEGRITY
© IBM Corporation 7
text
What’s Inside ICDES – SPx™ Cryptographic Splitting
“M of N” Resiliencyfor Fault Tolerance
10010101110
01000011010
01010100001
101011
000110
101000
AES-256-GCM Encryption& Integrity Checks
f8^w#DATA IN
IDA RandomCryptographic Splitting
(f8^w#) is
100010100101101010
101011
000110
101000
Share 1 Share 2 Share 3
Server
Key
Write Cryptographically Split Dataand Keys to Shares
Workgroup Key
Encryption & Integrity Checks
Cryptographic Splitting
© IBM Corporation 8
text
Server Key – Created at initial configuration of ICDES on server
• Stored on separate server or in external keystore with config file
• Must be present at time of boot (key location in config) and is stored in RAM
• Server Key used to encrypt / decrypt / split Workgroup Key
Workgroup Key – Each top level directory is protected by the software automatically, and gets its own key
• Workgroup Key is stored in the internal ICDES File System Keystore.
• Workgroup Key is used to encrypt internally generated file keys every time a file is written.
File Keys – A File Key is created when the data is encrypted (AES-256-GCM) and another for IDA Randomization
IDAAES
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
Encrypted AES File Key Encrypted IDA File Key Encrypted File Keys are split and wrapped with data by Workgroup Key
DATA # # # # # # # # # ## # # # # ## # # # # ## # # # # #
# @ # # # ! # # & ## # $ # # ##! # # @ ## # # ? # #
# # # # # # # # # ## # # # # ## # # # # ## # # # # #
Workgroup Key is encrypted and split using Perfect Secret Sharing
Cryptographically split data shares and keys sent to Storage
Simplified Key Manager
© IBM Corporation 9
text
IBM Cloud Data Encryption Services: 3 different models
© IBM Corporation 10
text
IBM Cloud Data Encryption Services: 3 different models
– Secure provides you with:• Encryption and cryptographic splitting
Management Console covering ICDES usage at:
SoftLayer®
IBM OpenStack
Customerdata center
Competitorclouds
© IBM Corporation 11
text
IBM Cloud Data Encryption Services: 3 different models
– Advanced secure provides you with:• Encryption and cryptographic splitting
• Resiliency for fault tolerance
• High availability – “always on”
Management Console covering ICDES usage at:
SoftLayer®
IBM OpenStack
Customerdata center
Competitorclouds
M<N
© IBM Corporation 12
text
IBM Cloud Data Encryption Services: 3 different models
– Advanced multisite provides you with:• Encryption and cryptographic splitting
• Resiliency for fault tolerance
• High availability – “always on”
• Multisite resiliency (disaster recovery)
Management Console covering ICDES usage at:
SoftLayer®
IBM OpenStack
Customerdata center
Competitorclouds
© IBM Corporation 13
text
ICDES Pricing
$20 / month
per core (based in
usage)
$50 / month
per core (based in
usage)
$35 / month
per core (based in
usage)
Try for 30 Days Try for 30 Days Try for 30 Days
Install it everywhere:
© IBM Corporation 14
text
IBM Cloud Data Encryption Services is designed to beeasy to install and use.
PURCHASE
ICDES Advanced Secure
DOWNLOAD
IBMCLOUD Marketplace 2 of 4
/share1
/share2
/share3
/share4
CONFIGURE
START PROTECTING DATA
DATAPROTECTEDDIRECTORY
Share 1 Share 2 Share 3 Share 4
Step 1
Step 2
Step 3Install and begin protecting your data in three simple steps.
© IBM Corporation 15
text
Why IBM Cloud Data Encryption Services delivers robust data protection
– Ground-breaking data security technology
• Designed to provide data-centric, file-level protection
• Helps safeguard data even when network protection fails
• Combines security-rich data encryption and cryptographic splitting
– Easier management of regulatory requirements
• Helps manage compliance for HIPAA, HITECH, FISMA, Sarbanes-Oxley and PCI DSS more effectively1
• FIPS 140-2 certified2
– Data resiliency added at server edge
• Allows for simplified architecture
• Supports a reduced-cost high availability and disaster recovery (HA and DR) architecture
– Helps reduce overall storage costs
• Helps reduce copies of data needed for HA and DR
• Helps eliminate need for expensive bulk key storage
1Health Insurance Portability and Accountability Act of 1996 (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Federal Information Security Management Act of 2002 (FISMA); Payment Card Industry Data Security Standard (PCI DSS)2Federal Information Processing Standard (FIPS)
© IBM Corporation 16
text
ICDES Support
– ICDES Support details:
• If additional information is needed, please contact:
Isabel Sanz
Skype: Isabel_sanz_garces