Presentation is loading. Please wait.

Presentation is loading. Please wait.

SafeNet The Foundation of Information Security Zen and the Art of Data Protection Preparing for the Evolution Adel Hajrasuliha – Regional Account Manager.

Published byLeonard McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "SafeNet The Foundation of Information Security Zen and the Art of Data Protection Preparing for the Evolution Adel Hajrasuliha – Regional Account Manager."— Presentation transcript:

1 SafeNet The Foundation of Information Security Zen and the Art of Data Protection Preparing for the Evolution Adel Hajrasuliha – Regional Account Manager ISSA Honolulu—October 2009

2 Sharing, Collaboration Threat Drivers Market Forces Cyber Crime Identity Theft Data Loss, Theft The Outsider Becomes the Insider Data Breaches Fear of Downstream Legal and Financial Liabilities Penalties & Fines Compliance Outsourcing Shared Service Centers SaaS Cloud Computing Globalization Boundaries? What's sensitive? Sharing without risk? Who’s good, who’s bad? Market Trends, Threat Drivers

3 Questions You Should Be Asking How do I protect salary information? Large Oil company oil at $160 barrel How do I allow my call center reps to support customers without having access to SSN/CC data? 10 records per hour or 8-5 access Launching a new product? How do I make sure that only authorized users see relevant data? SAS apps such as SalesForce.com How do I make sure that people accessing protected data are who they say they are? MLS website Can my firewall help me? My IPS? My Disk Encryption? Should I just encrypt all of my databases? (Good luck with that…..) If you don’t know where your data is, or what it is, you are Data Blind, Now it the time to be Conscious about it.

4 Data Breaches in the US Jan 10, 2000: Hacker steals 300,000 credit cards from CD Universe June 16, 2005: Cardsystems is hacked, exposing 40,000,000 records Jan 17, 2007: TJ MAX is hacked, exposing 45,000,000 records Jan 20, 2009: Heartland Payment Systems is hacked, exposing 130,000,000 records See the Trend, GOING UP!!! For full reports see: http://datalossdb.org http://datalossdb.org

5 The Market is Changing—Customers Demand Intelligent Data Protection Data Protection 2.0 Perimeter-level security All-or-nothing encryption Keep bad guys out, authorized users get full access Multiple products to meet business and security needs Limited to no visibility Data-centric data protection—intelligent to protect the data itself at the point of creation Granular protection—protect specific data elements (files, fields, columns), data types (structured or unstructured) Granular protection for authorized users—who can access what, when Solution that addresses many business, compliance & security issues Greater data control and visibility with centralized key/policy mgmt, logging & auditing Data Protection 1.0

6 Today’s Trends Create the Need for Enlightenment Disk Encryption, Network Encryption, Firewalls, NAP/IDS/IPS/ACLs, Storage Encryption Network-centric: Protect the Network Protect Devices Network-centric: Protect the Network Protect Devices Reactive, Blind to Data & Its Whereabouts, Fear-based, Compliance and Penalty- driven File Protection, Database/Application Protection, Email Encryption, Authentication, Content Security Data-centric: Protect the Data Itself Centralize Keys, Attach Policies Secure Access Control Data-centric: Protect the Data Itself Centralize Keys, Attach Policies Secure Access Control Comprehensive/Data Agnostic, Intelligent, Persistent Protection, Selective/Portable Encryption Content Awareness, Security Information Management, Granular Control & Reporting Proactively Monitor Data Flow, Discover, and Protect. Align Policies to Processes Proactive, Self Aware, Pre-emptive, Data Protection Data Consciousness Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Awareness Become Data Aware Data Awareness Become Data Aware Data Blindness Understand Your Security Blindness Technologies Policies Characteristic Stages of Data Consciousness Preparing for the Evolution

7 Full disk encryption, NAP/IDS/IPS/ACL’s, network encryption, perimeter-level security Blind to what data is in use, at rest, and unaware of where and how data travels, and whom is accessing it Binary, all-or-nothing approach to data protection Reactive to data breaches Blind to what data is in use, at rest, and unaware of where and how data travels, and whom is accessing it Binary, all-or-nothing approach to data protection Reactive to data breaches Protect transmissions between networks Secure access to devices and infrastructure Protect transmissions between networks Secure access to devices and infrastructure Technologies Policies Characteristic Step 1: Understand Your Security Blindness Data Consciousness Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Awareness Become Data Aware Data Awareness Become Data Aware Data Blindness Understand Your Security Blindness Secure settlements and transactions between merchants, payment processors, and acquiring banks Secure laptop access using user credentials Use Case Scenarios Limited to No Visibility to Data Whereabouts All-or-Nothing Encryption Restricts Business Process and Provides Unrestricted Access to Authorized Users Limited to No Visibility to Data Whereabouts All-or-Nothing Encryption Restricts Business Process and Provides Unrestricted Access to Authorized Users Risks

8 Step 2: Becoming Data Aware Data Consciousness Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Awareness Become Data Aware Data Awareness Become Data Aware Data Blindness Understand Your Security Blindness Data-centric technologies that protect the data itself—database encryption, application encryption, file encryption, strong access control Intelligent, fine-grain encryption Comprehensive to protect all data types Persistent—policy is attached to data Selective, portable—user controlled Intelligent, fine-grain encryption Comprehensive to protect all data types Persistent—policy is attached to data Selective, portable—user controlled Protect structured data: CCs, SSNs, PII Protect unstructured data: spreadsheets, medical records in shared file servers Intelligent policies defined by users, data type (.doc,.xls), folder and directory, time, and # of encryption/decryption operations Protect structured data: CCs, SSNs, PII Protect unstructured data: spreadsheets, medical records in shared file servers Intelligent policies defined by users, data type (.doc,.xls), folder and directory, time, and # of encryption/decryption operations Technologies Policies Characteristic A controller needs to update a revenue report for the CEO before an earnings call—he selectively encrypts that specific file and sends it to the CEO (user controlled encryption) A Call Center encrypts only SSNs in patient records to allow service reps to support clients without gaining accessing to sensitive data An HR dept protects salary files ending in.doc in the Employee HR folder in the file server. To augment access control, HR admins require authen- tication to access encrypted HR files Use Case Scenarios

9 Content awareness, security information management, reporting Proactive, self-aware, pre-emptive Data-aware + proactive Proactive, self-aware, pre-emptive Data-aware + proactive Proactively monitor data flow, discover, and protect Align policies to business processes so sensitive data can move freely and is efficiently accessible to authorized users Proactively monitor data flow, discover, and protect Align policies to business processes so sensitive data can move freely and is efficiently accessible to authorized users Technologies Policies Characteristic Step 3: Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Awareness Become Data Aware Data Awareness Become Data Aware Data Blindness Understand Your Security Blindness A Healthcare provider applies policies to auto-detect SSNs from patient medical records and encrypt them, even as new ones are created A Bank classifies executive bonuses, stock options, and SSNs to monitor and enforce protection, and applies intelligent access policies based on different user profiles in Finance & Acct Use Case Scenarios A security architect unifies the mgmt of authentication keys and encryption keys, using a single centralized platform as the universal key manager to provision key creation and key changes

10 Invest in Your Growth Data Consciousness Gaining Data Consciousness Data Consciousness Gaining Data Consciousness Data Awareness Become Data Aware Data Awareness Become Data Aware Data Blindness Understand Your Security Blindness Stages of Data Consciousness Get on the Path of Enlightenment

11 Intelligent Data Protection

12 Data Protection Evolution Architecture Authentication and Access Management Data Access Control and Management Data Protection Management Data Protection Infrastructure Structured and Unstructured Data From Creation, and While in Use/ Motion Across Applications, Mainframes, Databases, and Endpoints Key Life Cycle Management Policy Life Cycle Management Logging, Auditing, Reporting First, know your users and apply strong access control to secure access to sensitive data. Second, the design goal of a well designed data protection program = Secure centralized key management and policy life cycle management that provides visibility into who is logging into systems, creating & changing keys, automatic rotation of keys. The idea is greater visibility gives you more control over your data. Finally, apply enforcement points to where protection needs to happen—across databases, file servers, etc. and out to endpoints for both structured and unstructured data.

13 Data Protection Evolution Secure, Centralized Key Management Data-centric Policy Management Identity & Access Management Visibility via Logging, Auditing, Reporting Secure, Centralized Key Management Data-centric Policy Management Identity & Access Management Visibility via Logging, Auditing, Reporting Authentication and access management

14 Authentication Evolution Secure, Centralized Key Management Data-centric Policy Management Identity & Access Management Visibility via Logging, Auditing, Reporting Secure, Centralized Key Management Data-centric Policy Management Identity & Access Management Visibility via Logging, Auditing, Reporting

15 Thank You Zen and the Art of Data Protection Preparing for the Evolution Adel Hajrasuliha – Regional Account Manager ISSA Honolulu—October 2009

Download ppt "SafeNet The Foundation of Information Security Zen and the Art of Data Protection Preparing for the Evolution Adel Hajrasuliha – Regional Account Manager."

Similar presentations

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.

Property Inventory Valuation Replacement Cost Value The amount it would take to replace property with like property of the same quality and construction.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.

ANNUAL SECURITY AWARENESS TRAINING – 2011 UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
BalaBit Shell Control Box

BalaBit Shell Control Box
Internet of Things Security Architecture

Internet of Things Security Architecture
Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.

Current impacts of cloud migration on broadband network operations and businesses David Sterling Partner, i 3 m 3 Solutions.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
Data Leak Prevention: Safeguarding Corporate Information in a world of vanishing perimeters Kostas Papadatos MSc InfoSec, CISSP, ISO 27001 Lead Auditor,

Data Leak Prevention: Safeguarding Corporate Information in a world of vanishing perimeters Kostas Papadatos MSc InfoSec, CISSP, ISO Lead Auditor,
Solutions & Services to ‘Multiply your Business Performance’ 2013.

Solutions & Services to ‘Multiply your Business Performance’ 2013.
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.

Persistent Protection Using E-DRM Technology Jason Fasoo 06/18/2008.
Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.

Sophos / Utimaco Data Loss Prevention Peter Szendröi, SOPHOS Nordics Jan 20, 2010.
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.

Symantec Vision and Strategy for the Information-Centric Enterprise Muhamed Bavçiç Senior Technology Consultant SEE.
Sensitive Data Accessibility Financial Management College of Education Michigan State University.

Sensitive Data Accessibility Financial Management College of Education Michigan State University.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
© 2004-2014. Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

© Centrify Corporation. All Rights Reserved. Unified Identity Management across Data Center, Cloud and Mobile.

Similar presentations

Ads by Google