Presentation is loading. Please wait.

Presentation is loading. Please wait.

KMIP Key Management with Vormetric Data Security Manager

Published byHartanti Budiono Modified over 5 years ago

Similar presentations

Presentation on theme: "KMIP Key Management with Vormetric Data Security Manager"— Presentation transcript:

1 KMIP Key Management with Vormetric Data Security Manager
Controlling your keys with Thales eSecurity

2 9 Object types catering for many more security objects include:
What does KMIP do? Key Material & Metadata Transport Security Applications or Appliances KMIP Key Management Server Create, Register, Locate and Retrieve Encryption Keys Many extended services: Encrypt, Decrypt, Signing, Split-Keys, etc. Supports Symmetric Keys, Asymmetric Keys, Certificates, Signing, etc. Rich metadata for essential cryptographic management Much more than just add, modify & delete The KMIP specification includes an incredibly broad range of capabilities for full lifecycle management of security objects, with almost unlimited extensibility through a flexible, yet interoperable attribute model. 46 Operations (much more than just add, modify & delete) enables Security Appliances/Applications to perform tasks including: Encryption, Decryption, Authentication, Certification, Signing, Verification and Split-Key operations. 9 Object types catering for many more security objects include: Certificate, Certificate Request, Opaque Object, PGP Key, Private Key, Public Key, Secret Data, Split Key, Symmetric Key 54 Attributes to represent information (meta-data) about each Object under management

3 KMIP Deployed in Solutions
KMIP solutions are deployed across in all industry sectors, delivering management of security objects for: Cloud Storage Identity Management Financial systems Automotive Healthcare Provisioning and supply chain PKI Communications Authentication Defense

4 KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations
8 client implementations 9 Server Implementations >33,000 successful test runs 72 test combinations 4 encodings 9 KMIP Technical Committee members testing 17 implementations 8 Client Implementations 9 Server Implementations Over 33,000 successful test runs 72 Test combinations across 4 encodings

5 Vormetric DSM KMIP Key Management

6 Vormetric Data Security Manager
Available as: Virtual Appliance, FIPS Level 1 V6000, FIPS Level 2 hardware appliance V6100, FIPS Level 3 Includes nShield Solo PCIe card

7 Vormetric DSM Unified Key Management
Vormetric TDE Key Agent KMIP Server License KMIP Encrypted Databases Key management for native encryption Self-encrypting drives, tape libraries, other storage Key management for native TDE Oracle and MS SQL databases Vormetric Data Security Manager Vormetric Application Encryption Vormetric Vault Storage for Keys and Certificates Multi-purpose applications FIPS-certified storage Key management for wide variety of applications Symmetric Asymmetric Certificates The products that support these solutions fall into these categories: KMIP, where, typically, a storage company offers native encryption but the end customer wants strong, secure, centralized key management Customers using the Oracle or SQL native encryption, and, again, wanting strong, secure, centralized key management Customers with home-grown or custom applications looking for a vault to store their keys and certificates And finally, these same customers who want key management for their applications. In this case they’ll use a portion of the capabilities available in VAE. MK comment: For the last bullet I would add that VAE also comes with crypto APIs and customers can additionally leverage that.

8 Thales eSecurity key management for KMIP
Stronger than native key management Data storage vendors, Big Data Shipping KMIP v1.4 Demonstrating v2.0 Centralizes keys, separate from data and workloads Extensible platform solution Vormetric KMIP Client License Variety of KMIP environments Vormetric Data Security Manager as KMIP Server Storage solutions Self- encrypting drives Big data NO SQL Key Management Interoperability Protocol  WEF view again emphasizing potential of process improvement and stressing application to select use cases. DLT/Blockchain won’t fix or improve the world as a whole but it can have significant positive impact in specific use cases where processes can be improved.

9 What we’re demoing at RSA 2018
KMIP version 2.0 support Managing KMIP objects Managing attributes of KMIP objects Client/server communication to create, register, locate and retrieve KMIP objects in more than 200 test cases KMIP v1.4 is generally available today

10 Thales eSecurity KMIP Partners
Partial list of qualified and in-flight partners Many organizations are relying on KMIP to ensure management and visibility of their security object It remains the default standard for full lifecycle security object management

11 Thank You

12 KMIP for VMware Vmware vCenter vSAN Storage Joint value prop
KEK – KMS provides Key Encryption Key Protected by customer’s Key Management Server Joint value prop DEK – ESXi Generated Data Encryption Protected by a KMS Key Encryption Key Encryption Simplified key management Compliance High availability Quick and seamless scalability Multitenant operations VM Data Protected by an ESXi generated internal Key that is encrypted by the KMS key

13 The Vormetric Data Security Platform
Platform is extensible to many applications. KC This slide shows the familiar Vormetric solution platform, which is a collection of many products that serve multiple use cases for data protection and enterprise key management. Customers usually start with one or two use cases and then expand to others, which is the value that the platform brings to our customers. Today’s session will include products primarily in the Key Management category but also within App Encryption, and KMaaS for BYOK solutions.

Download ppt "KMIP Key Management with Vormetric Data Security Manager"

Similar presentations

System Center 2012 R2 Overview

System Center 2012 R2 Overview
Vormetric Data Security

Vormetric Data Security
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
© Hitachi Data Systems Corporation 2014. All rights reserved. 1 1 Det går pænt stærkt! Tony Franck Senior Solution Manager.

© Hitachi Data Systems Corporation All rights reserved. 1 1 Det går pænt stærkt! Tony Franck Senior Solution Manager.
Public Key Infrastructure from the Most Trusted Name in e-Security.

Public Key Infrastructure from the Most Trusted Name in e-Security.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam
SODA Archiving October 2013

SODA Archiving October 2013
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
Key Management with the Voltage Data Protection Server Luther Martin IEEE P1619.3 May 7, 2007.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.
What is Driving the Virtual Desktop? VMware View 4: Built for Desktops VMware View 4: Deployment References…Q&A Agenda.

What is Driving the Virtual Desktop? VMware View 4: Built for Desktops VMware View 4: Deployment References…Q&A Agenda.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
What is EKMI? Enterprise Key Management Infrastructure Take the tour.

What is EKMI? Enterprise Key Management Infrastructure Take the tour.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Actualog Social PIM Helps Companies to Manage and Share Product Information Using Secure, Scalable Ease of Microsoft Azure MICROSOFT AZURE ISV PROFILE:

Actualog Social PIM Helps Companies to Manage and Share Product Information Using Secure, Scalable Ease of Microsoft Azure MICROSOFT AZURE ISV PROFILE:
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.

KMIP Compliance Redefining Server and Client requirements to claim compliance Presented by: Bob Lockhart.

Similar presentations

Ads by Google