Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Published byAndra Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President."— Presentation transcript:

1 www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing

2 Presentation Overview Evolution of encryption management systems and integrated key IT operations and will then be examined support challenges Review of the future compliance regulations industry initiatives and Conclude with brief Vormetric Key Management introduction to Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 2

3 Importance of Enterprise Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 3 Two Types of Key Management Systems Third PartyIntegrated “ i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012

4 IT Imperative: Secure Enterprise Data Direct access to enterprise data has increased the risk of misuse. Attacks on mission critical data are getting more sophisticated. Security breach results in substantial loss of revenue and customer trust. Compliance regulations (HIPAA, PCI DSS) mandates improved controls. 1 2 3 4 What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise. “ ! A Data Breach Costs > $7.2M Per Episode i 2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 4

5 Enterprise Key Management 8 Requirements Enterprise Key Management Generation Storage Backup Key State Management Security Auditing Authentication Restoration Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

6 Interoperability Standards PKCS#11 EKM OASIS KMIP Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE) Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management Single comprehensive protocol defined by consumers of enterprise key management systems ! Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed. Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 6

7 Complex management : Managing a plethora of encryption keys in millions Security Issues : Vulnerability of keys from outside hackers /malicious insiders Data Availability : Ensuring data accessibility for authorized users Scalability : Supporting multiple databases, applications and standards Governance: Defining policy-driven, access, control and protection for data Encryption Key Management Challenges Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 7 Disparate Systems Different Ways of Managing Encryption Keys

8 Industry Regulatory Standards Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 8 Gramm Leach Bliley Act (GLBA) U.S. Health I.T. for Economic and Clinical Health (HITECH) Act Payment Card Industry Data Security Standard (PCI DSS) Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions. Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation. Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.

9 Vormetric Key Management Benefits Improve Operational Efficiency Reduce Key Management Burden Minimize Solution Costs Stores Keys Securely Provides Audit and Reporting Manages Heterogeneous Keys / FIPS 140-2 Compliant i VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure. “ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9

10 Vormetric Key Management Capabilities Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 10 Manage Vormetric Encryption Agents Manage 3rd Party Keys Vault Other Keys Create/Manage/Revoke keys of 3rd party encryption solutions Provide Network HSM to encryption solutions via  PKCS#11 (Oracle 11gR2)  EKM (MSSQL 2008 R2) Provide Secure storage of security material Key Types:  Symmetric: AES, 3DES, ARIA  Asymmetric: RSA 1024, RSA 2048, RSA 4096  Other: Unvalidated security materials (passwords, etc.).

11 Vormetric Key Management Components Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 11 Data Security Manager (DSM) Report on vaulted keys Key Vault Provides key management services for:  Oracle 11g R2 TDE (Tablespace Encryption)  MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption) Licensable Option on DSM Web based or API level interface for import and export of keys Same DSM as used with all VDS products FIPS 140-2 Key Manager with Separation of Duties Supports Symmetric, Asymmetric, and Other Key materials Reporting on key types

12 TDE Key Architecture before Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 12 Master Encryption keys are stored on the local system in a file with the data by default. TDE Master Encryption Key Local Wallet or Table Oracle / Microsoft TDE !

13 TDE Key Architecture after Vormetric Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 13 TDE Master Encryption Key Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database server SSL Connection Key Agent Oracle / Microsoft TDE

14 VKM Architecture-Key Vault Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 14 Symmetric Asymmetric Certificates Web GUI Command Line / API Supported Key Types:

15 Security Policy and Key Management Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Vormetric Key Management is the only solution today that can: Minimize IT operational and support burdens for encryption key management, Protect data without disrupting you business Secure and control access to data across the enterprise and into the cloud, and Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 15

16 Vormetric Key Management is the only solution today that can: A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available. Protecting the enterprise’s valuable digital assets from accidental or intentional misuse are key goals for every IT team today Security Policy and Key Management Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 16 “ i The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy. Forrester Research, Inc., “Killing Data”, January 2012 Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business

17 www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President of Marketing Download Whitepaper Click - to - tweet

Download ppt "Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
BalaBit Shell Control Box

BalaBit Shell Control Box
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Oracle Database Security

Oracle Database Security
Vormetric Data Security

Vormetric Data Security
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
Security Controls – What Works

Security Controls – What Works
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.

Pre-adoption concern 60% cited concerns around data security as a barrier to adoption 45% concerned that the cloud would result in a lack of data control.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
1 Andrew Fryer Technical Evangelist R2 Data Governance for the IT Manager.

1 Andrew Fryer Technical Evangelist R2 Data Governance for the IT Manager.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

Similar presentations

Ads by Google