Presentation is loading. Please wait.

Presentation is loading. Please wait.

Industry Accolades Security Product of the Year 2006.

Similar presentations


Presentation on theme: "Industry Accolades Security Product of the Year 2006."— Presentation transcript:

1 Industry Accolades Security Product of the Year 2006

2 What is Assureon?

3 Compliance CAS ILM & retention policies 3 rd Party Witness Time Stamping Version Control Single Instance Store File Access Control Encryption & compression Electronic Discovery Disposition control Constant file Integrity check Disaster Recovery Replication File Access History (log) Best Business Practices Admissibility of Evidence Real Time Data movements Complete Solution! The tools you need to Secure, Access Control, Manage and Organize your business assets What is Assureon ?

4 Software What is Assureon ? Servers Storage Solution Software CAS AD Based Compliance Servers From single Upto 400+ nodes Storage Nexsan SATA Hardened RAID6 Plasmon UDO option Solution Comes pre-configured Quick & Easy to install Plugs into current AD Scalable Nodes & storage are independently scaleable Scaleable

5 Content Addressable Storage for Fixed Content/Reference Data What is Assureon ? Advanced MS Exchange Archiving using 3 rd Party Ie. ZipLip & Messaging Architects Scans & Medical

6 SATAboy 14TB SATAbeast 42TB SATAblade 8TB Hardened RAID – RAID6 Dual Store disk storage What is Assureon ?

7 Assureon Configurations?

8 Assureon Configurations

9 Compliance – who needs it?

10 Legal (Best Practices and Evidentiary Weight) Insurance (HIPAA, State Regs) Manufacturing (SOX) Pharmaceutical (FDA 21 CFR part 11) Financial Services (SEC 17 a-4) Public Companies (SOX, Privacy Regs) Medical (HIPAA) Auditors (SOX) Government (DOD, NARA) Compliance : Who needs it?

11 Assureon & CAS

12 Takes a file’s 0’s & 1’s & processes it to create a unique fingerprint Example…SHA-1 produces a 160 bit output… SHA-1("The quick brown fox jumps over the lazy dog") == "2fd4e1c67a2d28fced849ee1bb76e7391b93eb12" SHA-1("The quick brown fox jumps over the lazy cog") == "de9f2c7fd25e1b3afad3e85a0bd17d9b100db4b3" BUT single Hash could potentially give same fingerprint for two different files Assureon’s Failsafe CAS Technology uses Dual Cryptographic Algorithms SHA-1 & MDA-5 This gives a totally unique digital “fingerprint” of file contents… Assureon & CAS SHA-1 & MDA-5 Fixed Content Totally Unique

13 Single Instance Store

14 Single Instance Storage using CAS

15 Moving the Data

16 Linux Red Hat Linux SuSe Linux Fedora Windows XP Windows 2003 Corporate Network File System Watcher –Multiple O/S Support Windows (2003, XP, 2K) Linux (SuSe, Redhat, Fedora) –Data Moving Agent –No API (works at block level) –Server Managed –3 rules for data retention in FSW folder 1.Move file & Leave original 2.Move file & Delete original 3.Move file & Leave a Short Cut –Offline Journaling –Customizable by file type Filter Driver –Makes an OS think a short cut is a file –Allows files to be opened by the OS in the correct format –Allows seamless application integration File System Sync –Allows Scheduled Movement of Data –File Transfer Status Report How Does Assureon Work?

17 To Assureon FSW Can be sent once released by application scans All files saved to C:/Watched by FSW/ are sent to Assureon How Does Assureon Work?

18 Securing your Assets with Assureon

19 Encryption – –AES 256 encryption at rest –IP-Sec for transit files –Https option for management Access Control –Based on your current Active Directory –File level access control –Company owned file not user owned Self healing All assets serialized in chain No file stored in plain format Tamper proof storage 3 rd Party Witness Securing your assets

20 Files are safeguarded against: –Accidental Deletion –Deliberate Deletion (Even by Administrators!) –Viruses / Worms –Software Errors –Tampering –Inserting Bogus Files –Date / Time Falsification –Hardware Failure (disks, servers, etc) –Disaster (fire, flood, etc) Information for LIFE Securing your assets

21 How Does Assureon Work?

22 The GUI… simple & intuitive HTML based Platform independent Single Point of Management The GUI… Simple & intuitive HTML based Platform independent

23 How Does Assureon Work?

24

25

26 Assureon Processes in brief

27 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Which Clients Which Folders Asset Classifications Retention Policies

28 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose FSW monitors folders for new or changed files

29 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose FSW captures new and changed files immediately FSW-Sync captures on a schedule

30 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose 288 bit fingerprint (SHA-1 + MD5) calculated Follows asset though entire life Integrity + CAS

31 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Supervised by FSW on clients Error-free Fault-tolerant Guaranteed transactions

32 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Each instance gets serial number Used to track and audit files Just like any other valuable company asset

33 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Multiple cross- checked time sources (Stratum) Digitally signed Tamper resistant

34 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose CAS used internally to de-dupe CAS assists with integrity

35 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Fully automatic AES- 256 encryption Replicated keys Key per file for crypto-delete

36 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Written to two separate storage managers Can be RAID-6 HDD-WORM Anti-tamper

37 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Embedded Replication Auto-repair of corrupted files Won’t replicate corruption!! 2x2xRAID-6

38 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Manifest of s/n, fingerprints, time- stamps, and retention date sent to Key Server Enables 3 rd party validate

39 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose WORM-CAS Immutable Audit / Repair Access control RAID Lockdown

40 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Shortcuts Assureon Explorer Admin Search Restore Restore shortcuts

41 Assureon in Brief Configure Monitor Capture Fingerprint Transfer Serialize Time Stamp CAS De-Dupe Encrypt Write 2 Replicate Manifest Protect Retrieve Dispose Retention date with hold and confirm Max versions DoD scrub Key scrub

42 Best Business Practices & Government Regulations

43 USA Government Compliance Regulations –HIPPA –US - SEC 17a-4 –Basel II –Data Protection Acts EU –CA SB 1386 –Sarbanes Oxley –PIPEDA Euro Government Compliance Regulations –UK BSI BIP008 (British Legal Admissibility Std) –Basel2 (Euro banking Standard) –EU Data privacy act –GDPdU (Germany’s Data Access & Auditing of digital docs) Best business Practices & Legal Considerations –Retain files –Authenticate files –Secure files –Access files –Delete files Best Business Practices & Regulations

44 Retention Policies - Assureon can assign and enforce retention policies How long for a file to be saved Flexiblity is also an option with Assureon –Hard set to 3 yrs (law min.) then flexible for 1yr after File Authentication (Immutability) –Assureon’s CAS fingerprint can guarantee whether a file’s content has been tampered with –Stratum1 time server stamp (3 rd Party Witness) –Audit trails of file changes, access & disposition –Any file changes are recorded (Versioning) - only the changes are saved! –Constant integrity checking between two stores (self healing) –Serialization cryptographic chain of all files, if chain broken = missing file Electronic Discovery (Speed & Performance) –Rich Metadata Layer for Searching –Access the information in sub-second response versus traditional tape or optical –SATA Disk Arrays – external hardened RAID6 – MAJOR advantage over competitors Best Business Practices & Regulations

45 Data Protection

46 Security Breaches: Jan '06 - Providence Home Services (OR): Backup tapes and disks are stolen –Cost from $7 million to $9 million Nov '05 – ChoicePoint breach affects 162,000 customers –The FTC imposes with highest-ever civil penalty: $15 million June '05 – BJ'S Wholesale Club penalized by FTC for many reasons, including "failing to encrypt consumer information." –Fines plus audit requirements for 20 years Additional Security Breaches: April 18, 2005 DSW/ Retail Hacking 1,300,000 May 2, 2005 Time WarnerLost backup tapes 600,000 May 11, 2005 Stanford Univ. Hacker9,900 June 6, 2005CitiFinancialLost backup tapes 3,900,000 June 25, 2005 Univ. of CT Hacker72,000 Data Protection

47 News results for Lost Backup tapes - View today’s top stories USA Today - 15 hours ago Web Images Groups News Froogle Local more » Advanced Search Preferences Lost Backup tapes Web Results 1 – 10 of about 2,700,000 for Lost Backup tapes. (0.04 seconds) Data Protection

48 Access Control –Assureon is the policy enforcement point that controls access to information –Fully integrated your current Microsoft Active Directory infrastructure –Alternatively can work with Security Certificates on differing infrastructures Encryption of Data at Rest –Assureon uses AES 256-bit Encryption –Selective Encrypting at the File Level –For offline media (tapes) just delete key forget the Crypto file on the tape (Crypto-Shredding) Secure Key Management –Designed to meet the standards of the Enterprise but be cost-effective for the SME market –Provides redundancy in three locations worldwide Absolute Disposition –Assureon scrubs all online files at the end of their retention period –Assureon virtually deletes all offline files (optical, tape, WORM media) by scrubbing the files encryption key –Disposition (on & off line) is performed at the file level Data Protection

49 Case Study

50 Initial Project: Archiving Business Challenge Data growth Compliance & legal considerations Replication for disaster recovery Decision Criteria Scaleable: No limit on number of objects Content authenticity for legal & regulations Low maintenance & ease of implementation Cost Assureon Value No application impact Reduced storage requirements by 40% Replaced high maintenance & vulnerable tape Meets SEC and Sarbanes-Oxley requirements Opposition EMC Offered Centera for FREE Brought in big guns to do deal THEY STILL PURCHASED Assureon! MORGAN KEEGAN Morgan Keegan: Division of Regions Bank Financial Services Company with 300 offices & 3500 Employees Case Study

51 The Competition

52

53 Centera CE is hardened to prevent file deletion only Consists of a cluster of 1U servers with internal disks (lots of nodes needed for TB’s!!!) Redundancy is accomplished by mirroring data between nodes, or doing a RAID 5 stripe across them (Bad for performance!!!) Requires integration of data management applications with their Application Programming Interface (API) – (install times increase & restricted to EMC tested/approved applications) Pretty good at assuring immutability (MD5 on its own is weak) Does not address encryption, removable media (tape/optical), secure time stamping, 3 rd party witness, serialization, business continuance Very awkward and expensive for large capacity points; also extremely slow The Competition EMC’s Centera

54 NetApp provides “SnapLock” option for write protection for files only Protection time can be permanent (or variable) (Not Flexible) (It’s a manual process) – set “Read Only” flag to enable feature & once the retention time is over, user turns off “Read Only” flag and then deletes the file Possible for Read Only to be invoked by script during file copy (Labour intensive) Does not have automatic process for locking files as they are created Does not address encryption (add-on HW box required – extra cost) Does not address serialization, immutability, removable media, 3 rd party witness, etc. No space saving CAS technology The Competition NetApp

55 File System Interface –Capture of Information –Ease of Implementation: NAS, CDP and/or D2D modes Flexible Architecture –Increase storage or Nodes based on requirements –Scalability Extensive Auditing Capabilities –Meets Virtually All Regulations Encryption –Built Into the Product Replication –Built Into the Product Disposition –Online & Offline Performance –300+ million objects today, >1 billion objects 1Q2007 Differentiators

56 What’s Next for Assureon?

57 The Assureon Appliance’s NX (Secure Archive) AS (Secure Archive with Intelligent Search)

58 NX Overview Secure WORM storage NAS interface to user network 5U Appliance 3.75TB usable CAS based storage File level integrity check Single Instance Storage/Data De-duping File immutability Serialization of objects to enable archive audits Full read and write audit trail

59 SA Overview Searchable archive appliance NAS interface to user network Search and manage up to 20 million documents 2TB usable Easy to use browser style interface Advanced search page with filtering options Specific search functions –Foreign language search –OCR capabilities –Date, location, author –Drill down search –Quick View –Highlighted keywords –Searches within user permissions

60

61

62 Small/Medium/Departmental Appliance Delivery Medium/Large Enterprises System Delivery Appliance or System? NX or SA GX Has Remote Key Manifests & Encryption

63 Each of Assureon’s main services are world-leading in features Encryption CAS ILM Interface Assureon provides the richest feature sets in the industry for each of encryption, CAS, ILM, backup and true single-instance storage services File-by-file – separate keys World class key management Transparent to use Full AES-256 Designed for security Designed for offsite disposition Multiple hashing algorithms – MD5 + SHA-1 + file length CAS on file separate from metadata Use CAS tag check for file integrity Configure via simple GUI No APIs needed Disposition from offsite media (tape, optical) Controlled optional delete override Separate tracking by different metadata FSW  No API  Folders on applications server Interface to certain applications via drives – i.e. ZipLip  Potential for many more Security / Integrity Serialization Authentication Archive Classify Protect Access & Use Create Migrate Retrieval Expire


Download ppt "Industry Accolades Security Product of the Year 2006."

Similar presentations


Ads by Google