Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Encryption for Data at Rest

Published byΠοδαργη Θεοτόκης Modified over 5 years ago

Similar presentations

Presentation on theme: "Enabling Encryption for Data at Rest"— Presentation transcript:

1 Enabling Encryption for Data at Rest
11/11/2018 Enabling Encryption for Data at Rest IBM Security Key Lifecycle manager

2 11/11/2018 What does KMIP do? Key Material & Metadata Transport Security Applications or Appliances KMIP Key Management Server Create, Register, Locate and Retrieve Encryption Keys & Security Objects Supports Symmetric Keys, Asymmetric Keys, Certificates, etc. Much more than just add, modify & delete Many extended services: Encrypt, Decrypt, Signing, Split-Keys etc. Rich metadata for essential cryptographic management s

3 KMIP 2018 RSA Interop Demonstration
11/11/2018 KMIP 2018 RSA Interop Demonstration

4 KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations
11/11/2018 KMIP RSA 2018 Test Results 9 KMIP TC members 17 implementations 8 Client Implementations 9 Server Implementations Over 33,000 successful test runs 72 Test combinations 4 encodings

5 KMIP Deployed in Solutions
11/11/2018 KMIP Deployed in Solutions

6 KMIP Deployed by Organizations
11/11/2018 KMIP Deployed by Organizations

7 KMIP Specification Development
11/11/2018 KMIP Specification Development Enterprise Requirements Specification Development Product Deployment Specification Testing

8 Security Key Lifecycle Manager
11/11/2018 Security Key Lifecycle Manager IBM’s centralized key management solution for all encryption solutions SKLM Manage Encryption Keys Align with PCI & NIST Guidance Manage IBM and non-IBM products via KMIP Automatic Key Rotation Transparent Encryption and Key Management Storage Devices Non-Storage Tape: IBM LTO/ TSxxxx, TS77xx Virtualization Engine, Quantum, Spectra Logic IBM Disk: DS8xxx family, DS5xxx family Cloud Storage, Elastic Storage, Big Data, Data Warehouse (Spectrum family, Netezza) Network Storage (NetApp) Servers (Lenovo System x) Flash Storage 3rd Parties: EMC, Bloombase, Hitachi, Fujitsu Sensus Smart Meters Multi-Cloud Data Encryp- tion (MDE) VMware vSAN & VM DB2 Broadening Footprint

9 Self-Encrypting Devices
IBM Security Key Lifecycle Manager (SKLM) Self-Encrypting Devices SKLM is a Key Distribution and Management software solution Uses standard protocols (i.e. KMIP: Key Management Interoperability Protocol) Provides centralized key mgmt for self-encrypting drives (tape, disk) Light-weight and highly-scalable SKLM helps customers keep data private, compliant, and encryption keys well-managed Expanding support for flash storage, cloud storage, network devices, etc. KMIP / IPP Disk Storage Arrays e.g. DS8000, DS5xxx, IBM Spectrum Accelerate (XIV), … SKLM Enterprise Tape Libraries e.g. TS11xx, TS2xxx, TS3xxx, Databases (e.g. DB2) Network storage servers (NetApp) SKLM Background Smart Meter Infrastructures Cloud file systems, Elastic Storage, Big Data / Data Warehouse (IBM Spectrum Scale Netezza, etc.) IBM Flash Storage Software: VMware vSphere Multi-Cloud Data Encryption

10 SKLM Multi-Master Deployment Architecture
SKLM VMs Primary Data Center Apps and DBs Master Disk Storage Master Cloud Storage LAN/WAN Synchronized Servers Self-Encrypting Clients SKLM Encryption Key Management MDE KMIP/IPP SKLM VMs Elastic Storage Additional Data Centers Master Tape Libraries VMware vSAN & VM Encryption Master

11 Security Key Lifecycle Manager (SKLM) with HSM Integration
Self-Encrypting Storage Self-Encrypting Storage SKLM without an external HSM SKLM external HSM SKLM SKLM KMIP / IPP KMIP / IPP HSM Wrapped Data Storage Keys Wrapped Data Storage Keys PKCS11 Master Key Obfuscated Master Key Unique Master Key per SKLM Master Key stored in SKLM Application Obfuscation hides Master Key All other keys encrypted (wrapped) under Master Key SKLM communicates with storage via KMIP or IPP Unique Master Key per SKLM Master Key stored in HSM All other keys encrypted (wrapped) under Master Key SKLM communicates with HSM via PKCS11 SKLM communicates with storage via KMIP or IPP

12 Support for new operating systems
Operating System Name Windows 2012 Standard Edition x86-64 Windows 2012 R2 Standard Edition x86-64 Windows 2016 Server Edition x86-64 Red Hat Enterprise Linux (RHEL) Server 6 on x86-64 Red Hat Enterprise Linux (RHEL) Server 7 on x86-64 Red Hat Enterprise Linux (RHEL) Server 7 on z-systems Red Hat Enterprise Linux (RHEL) Server 7 on Power Little Endian SUSE Linux Enterprise Server (SLES) 12 on x86-64 SUSE Linux Enterprise Server (SLES) 12 on z-systems AIX 7.1 POWER System - Big Endian AIX 7.2 POWER System - Big Endian

13 11/11/2018 Mandatory closing slide with copyright and legal disclaimers.

Download ppt "Enabling Encryption for Data at Rest"

Similar presentations

System Center 2012 R2 Overview

System Center 2012 R2 Overview
AGILE DATA ARCHITECTURE. Agile Data Architecture 2 Fit-for-purpose solution Enables self-service data management.

AGILE DATA ARCHITECTURE. Agile Data Architecture 2 Fit-for-purpose solution Enables self-service data management.
“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.

“It’s going to take a month to get a proof of concept going.” “I know VMM, but don’t know how it works with SPF and the Portal” “I know Azure, but.
Bologna Aprile 2009. 2 Atempo Product Suite Atempo Time Navigator™ Secure, highly scalable protection of heterogeneous data in complex, mission-critical.

Bologna Aprile Atempo Product Suite Atempo Time Navigator™ Secure, highly scalable protection of heterogeneous data in complex, mission-critical.
Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.

Cloud Computing. What is Cloud Computing? Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem www.oasis-open.org Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,

1 The OASIS KMIP Standard: Interoperability for the Cryptographic Ecosystem Jon Geater OASIS KMIP TC With thanks to Bob Griffin, co-chair,
Digital Cities 2013 Survey. MAJOR PROJECTS Replaced UPS & PDU’s in City’s Primary Data Center SAN Selection and Replacement VMware 5.0 Up 1 Upgrade Improved.

Digital Cities 2013 Survey. MAJOR PROJECTS Replaced UPS & PDU’s in City’s Primary Data Center SAN Selection and Replacement VMware 5.0 Up 1 Upgrade Improved.
Arcserve ® Backup Enterprise-class protection for small & mid-size+ businesses  File-based backup to disk, tape & cloud (Amazon, Azure, Cloudian, Eucalyptus,

Arcserve ® Backup Enterprise-class protection for small & mid-size+ businesses  File-based backup to disk, tape & cloud (Amazon, Azure, Cloudian, Eucalyptus,
Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.

Security and Privacy for the Smart Grid James Bryce Clark, OASIS Robert Griffin, RSA Hal Lockhart, Oracle.
KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.

KMIP - Hardware Security Modules Meta-Data-Only (MDO) Keys Saikat Saha & Denis Pochuev Feb 2012.
© 2014 VMware Inc. All rights reserved. Cloud Archive for vCloud ® Air™ High-level Overview August, 2015 Date.

© 2014 VMware Inc. All rights reserved. Cloud Archive for vCloud ® Air™ High-level Overview August, 2015 Date.
© 2012 IBM Corporation IBM Linear Tape File System (LTFS) Overview and Demo.

© 2012 IBM Corporation IBM Linear Tape File System (LTFS) Overview and Demo.
Red Hat Enterprise Linux Presenter name Title, Red Hat Date.

Red Hat Enterprise Linux Presenter name Title, Red Hat Date.
Www.Vormetric.com Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.

Security Policy and Key Management Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric. Tina Stewart, Vice President.
1© Copyright 2016 EMC Corporation. All rights reserved.1 SCALEIO WITH CLOUDLINK.

1© Copyright 2016 EMC Corporation. All rights reserved.1 SCALEIO WITH CLOUDLINK.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.
PHD Virtual Technologies “Reader’s Choice” Preferred product.

PHD Virtual Technologies “Reader’s Choice” Preferred product.
Clouding with Microsoft Azure

Clouding with Microsoft Azure
Power Systems with POWER8 Technical Sales Skills V1

Power Systems with POWER8 Technical Sales Skills V1

Similar presentations

Ads by Google