Download presentation
Presentation is loading. Please wait.
1
DECRU Data At Rest Security Opportunity Chris Gale Chris.gale@decru.com
2
Storage Insecurity Feb 2003 – Visa, Amex, MasterCard –Hacker breaches 8 million credit card accounts through a third-party processor Feb, May 2004 – Microsoft and Cisco Source Code Stolen Sept 2004 – Guilty plea in $50 million identity theft case –Helpdesk employee stole tens of thousands of identities from credit databases Feb 2005 – Bank of America –1.2 million user accounts, including U.S. Senators and Defense Department employees, are exposed when cleartext backup tape is lost June, 2004 AOL software engineer arrested after stealing 92 million names, selling to spammers for $100,000
3
Compliance Drivers: Visa CISP Cardholder Information Security Program CISP information security program applies to vendors, merchants, and service providers who handle confidential cardholder data Compliance is verified by third party auditors; fines and other sanctions for non-compliance or for data breaches caused by poor security Sec. 3 of 12: Protect Stored Data Requirement to protect confidential cardholder data at rest Encryption highly recommended Need-to-know access controls Strong algorithms, strong key management
4
Perimeter Security is Insufficient Insider Threat 50-80% of electronic attacks originate inside the firewall 67% of companies reported internal breaches Average loss from breach of proprietary data was $2.7 million Source: FBI/Computer Security Institute
5
Storage Trends Storage protocols have never evolved from cleartext… Consolidation Replication Outsourcing = Risk Multipliers
6
Customer data Customer data Who has access to sensitive data? Earnings releases Earnings releases Salaries and reviews Salaries and reviews Litigation docs Litigation docs CEO General Counsel CFO Network Administrators System Administrators Backup Administrators Storage Administrators Outsourcing Vendors DR Storage Administrators Tape Courier Storage Repair/ Service Staff Storage
7
Traditional Encryption Compromises Performance degradation Key management complexity & security High availability issues Application changes and downtime Database changes required Changes to desktops, servers, workflow The Decru solution addresses all of these concerns.
8
About Decru Founded 2001 to solve emerging storage security problems –Regulatory compliance –Privacy –Insider threat Well funded by top tier investors over $45m –NEA, Benchmark, Greylock, In-Q-Tel (CIA-funded) –Seasoned, proven management team DataFort platform is shipping and deployed, with customers on three continents “Top 10.” “12 Hot Startups” Nominated: “Best Enterprise Security Product 2003” “Top 10 Products of 2004”
9
Partner Ecosystem
10
Rating: Deploy Top 10 lab score: 8.4/10 Security: 10/10 Decru DataFort™ Storage Security Appliances DataFort provides the first unified platform for securing data at rest across the entire enterprise. DataFort integrates transparently into NAS, DAS, SAN, iSCSI & tape environments, and protects stored data with wire-speed encryption, access controls, authentication, and tamper- proof auditing. NAS/DAS: DataFort E-Series (1Gbit) SAN/Tape: DataFort FC-Series (2Gbit) Tape: DataFort S-Series (2Gbit) Lifetime Key Management™ for automated, secure enterprise-wide key management Top 10 Products of 2004
11
Decru: End-to-end storage security Network Authentication/Storage VPNAES-256 Encrypted Storage Authentication Granular ACLs Secure logging Clients/ Hosts DataFort DataFort protect the data path for applications and users, eliminating “back doors” and simplifying security Storage Encryption Cryptainer3 Cryptainer2 Cryptainer1
12
Decru: Tape Encryption Secured Tape Backup FC SWITCH Unsecured Tape Backup Encrypted CUSTOMER SSN AMT John Magnus 544-89-3021 $304.31 Susan Wong 522-35-1105 $91.05 Ken Hernandez 670-32-1145 $21.88 Alicia Sparr 435-98-0498 $209.95 M.J. Satyr 594-22-9038 $76.55 Dan Spencer 543-09-3451 $413.03 Mary Jones 495-38-8971 $90.74 Jerome White 613-98-8932 $247.11 Martin Ng 339-77-9201 $20.89 Fay Dunlap 784-29-6290 $401.92 Takeshi Doi 544-09-3193 $29.01 Sarah Fisher 432-92-7105 $142.28 Ingrid Parker 595-29-7406 $102.48 CUSTOMER SSN AMT John Magnus 544-89-3021 $304.31 Susan Wong 522-35-1105 $91.05 Ken Hernandez 670-32-1145 $21.88 Alicia Sparr 435-98-0498 $209.95 M.J. Satyr 594-22-9038 $76.55 Dan Spencer 543-09-3451 $413.03 Mary Jones 495-38-8971 $90.74 Jerome White 613-98-8932 $247.11 Martin Ng 339-77-9201 $20.89 Fay Dunlap 784-29-6290 $401.92 Takeshi Doi 544-09-3193 $29.01 Sarah Fisher 432-92-7105 $142.28 Ingrid Parker 595-29-7406 $102.48 DYHY^C^@^@^@~] ^? z 0 ^N q xl ^A^@^@^@ ^\ 1 ^Cq 1# B A.\ - ^C^L _^W 2 ` E^Tl ^ / s, "= :P; ^Q o u"6,Q^D ol \8 k )9^^A^Q) - ^LI a W q + ^B^\L O^O T7<9 DYHY^C^@^@^@~] ^? z 0 ^N q xl ^A^@^@^@ ^\ 1 ^Cq 1# B A.\ - ^C^L _^W 2 ` E^Tl ^ / s, "= :P; ^Q o u"6,Q^D ol \8 k )9^^A^Q) - ^LI a W q + ^B^\L O^O T7<9 FC SWITCH Cleartext Decru DataFort
13
Hardware-based security Hardware-based encryption provides crucial advantages over software-based solutions: –Wire-speed performance All encryption and key management are processed by specialized encryption hardware: Decru Storage Encryption Processor (SEP) Multi-gigabit throughput, sub-100 microsecond latency –Encryption and key management are maintained in secure hardware Software encryption stores keys in…. Windows. DataFort provides military-grade hardened architecture (FIPS 140-2 Level 3 certified) with storage optimized AES-256 Encryption keys never exposed in an open operating system (e.g. Windows, Linux…)
14
High Availability for Encrypted Data 1.DataFort cluster failover 2.DataFort cloning 3.Software recovery
15
1. Each DataFort appliance provides automated, self- contained key management. 1 2. Keys are automatically and securely replicated to additional cluster nodes. 2 3. All DataFort appliances across the enterprise replicate keys to Decru Lifetime Key Management™ (LKM) system, providing automated, secure enterprise-wide key management. Recovery smart cards enforce quorum approval for sensitive operations. LKM 3 Secure Key DB Decru Lifetime Key Management™ Automated, Secure, Enterprise-Wide Key Management
16
Global Investment Bank Secure Consolidation DataFort E-Series UNIX Development Environment Shared storage Access Controls Authentication AES-256 Encryption Cryptainer™ Vaults Cryptainer A Cryptainer B Cryptainer C Developer A Developer B Developer C
17
Fortune 5 Company GLBA Compliance, Secure Offshoring DataFort FC-Series Transaction Processing Servers Port Locking SAN Host Authentication AES-256 Encryption Cryptainer™ Vaults FC switches SAN Storage Secure Replication to DR
18
UK National Health Service Tape Encryption for Patient Privacy DataFort FC-Series Backup Servers Port Locking SAN Host Authentication Data Compression AES-256 Encryption Cryptainer™ Vaults FC switches Backup Tape Libraries Fibre Channel Encrypted
19
FC switch Server Storage HeadquartersDR Site/Outsource Clear text Clear text Secure DR: Multiple Copies of Data Tape System Data Exposed Data Exposed Data Exposed Data Exposed Clear Data Secured Cipher Text Cipher Text Cipher Text Data Secured Data Secured DataFort Data Secured WAN
20
Questions ????
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.