Presentation is loading. Please wait.

Presentation is loading. Please wait.

DECRU Data At Rest Security Opportunity Chris Gale

Published by Modified over 10 years ago

Similar presentations

Presentation on theme: "DECRU Data At Rest Security Opportunity Chris Gale"— Presentation transcript:

1 DECRU Data At Rest Security Opportunity Chris Gale Chris.gale@decru.com

2 Storage Insecurity Feb 2003 – Visa, Amex, MasterCard –Hacker breaches 8 million credit card accounts through a third-party processor Feb, May 2004 – Microsoft and Cisco Source Code Stolen Sept 2004 – Guilty plea in $50 million identity theft case –Helpdesk employee stole tens of thousands of identities from credit databases Feb 2005 – Bank of America –1.2 million user accounts, including U.S. Senators and Defense Department employees, are exposed when cleartext backup tape is lost June, 2004 AOL software engineer arrested after stealing 92 million names, selling to spammers for $100,000

3 Compliance Drivers: Visa CISP Cardholder Information Security Program CISP information security program applies to vendors, merchants, and service providers who handle confidential cardholder data Compliance is verified by third party auditors; fines and other sanctions for non-compliance or for data breaches caused by poor security Sec. 3 of 12: Protect Stored Data Requirement to protect confidential cardholder data at rest Encryption highly recommended Need-to-know access controls Strong algorithms, strong key management

4 Perimeter Security is Insufficient Insider Threat 50-80% of electronic attacks originate inside the firewall 67% of companies reported internal breaches Average loss from breach of proprietary data was $2.7 million Source: FBI/Computer Security Institute

5 Storage Trends Storage protocols have never evolved from cleartext… Consolidation Replication Outsourcing = Risk Multipliers

6 Customer data Customer data Who has access to sensitive data? Earnings releases Earnings releases Salaries and reviews Salaries and reviews Litigation docs Litigation docs CEO General Counsel CFO Network Administrators System Administrators Backup Administrators Storage Administrators Outsourcing Vendors DR Storage Administrators Tape Courier Storage Repair/ Service Staff Storage

7 Traditional Encryption Compromises Performance degradation Key management complexity & security High availability issues Application changes and downtime Database changes required Changes to desktops, servers, workflow The Decru solution addresses all of these concerns.

8 About Decru Founded 2001 to solve emerging storage security problems –Regulatory compliance –Privacy –Insider threat Well funded by top tier investors over $45m –NEA, Benchmark, Greylock, In-Q-Tel (CIA-funded) –Seasoned, proven management team DataFort platform is shipping and deployed, with customers on three continents “Top 10.” “12 Hot Startups” Nominated: “Best Enterprise Security Product 2003” “Top 10 Products of 2004”

9 Partner Ecosystem

10 Rating: Deploy Top 10 lab score: 8.4/10 Security: 10/10 Decru DataFort™ Storage Security Appliances DataFort provides the first unified platform for securing data at rest across the entire enterprise. DataFort integrates transparently into NAS, DAS, SAN, iSCSI & tape environments, and protects stored data with wire-speed encryption, access controls, authentication, and tamper- proof auditing. NAS/DAS: DataFort E-Series (1Gbit) SAN/Tape: DataFort FC-Series (2Gbit) Tape: DataFort S-Series (2Gbit) Lifetime Key Management™ for automated, secure enterprise-wide key management Top 10 Products of 2004

11 Decru: End-to-end storage security Network Authentication/Storage VPNAES-256 Encrypted Storage Authentication Granular ACLs Secure logging Clients/ Hosts DataFort DataFort protect the data path for applications and users, eliminating “back doors” and simplifying security Storage Encryption Cryptainer3 Cryptainer2 Cryptainer1

12 Decru: Tape Encryption Secured Tape Backup FC SWITCH Unsecured Tape Backup Encrypted CUSTOMER SSN AMT John Magnus 544-89-3021 $304.31 Susan Wong 522-35-1105 $91.05 Ken Hernandez 670-32-1145 $21.88 Alicia Sparr 435-98-0498 $209.95 M.J. Satyr 594-22-9038 $76.55 Dan Spencer 543-09-3451 $413.03 Mary Jones 495-38-8971 $90.74 Jerome White 613-98-8932 $247.11 Martin Ng 339-77-9201 $20.89 Fay Dunlap 784-29-6290 $401.92 Takeshi Doi 544-09-3193 $29.01 Sarah Fisher 432-92-7105 $142.28 Ingrid Parker 595-29-7406 $102.48 CUSTOMER SSN AMT John Magnus 544-89-3021 $304.31 Susan Wong 522-35-1105 $91.05 Ken Hernandez 670-32-1145 $21.88 Alicia Sparr 435-98-0498 $209.95 M.J. Satyr 594-22-9038 $76.55 Dan Spencer 543-09-3451 $413.03 Mary Jones 495-38-8971 $90.74 Jerome White 613-98-8932 $247.11 Martin Ng 339-77-9201 $20.89 Fay Dunlap 784-29-6290 $401.92 Takeshi Doi 544-09-3193 $29.01 Sarah Fisher 432-92-7105 $142.28 Ingrid Parker 595-29-7406 $102.48 DYHY^C^@^@^@~] ^? z 0 ^N q xl ^A^@^@^@ ^\ 1 ^Cq 1# B A.\ - ^C^L _^W 2 ` E^Tl ^ / s, "= :P; ^Q o u"6,Q^D ol \8 k )9^^A^Q) - ^LI a W q + ^B^\L O^O T7<9 DYHY^C^@^@^@~] ^? z 0 ^N q xl ^A^@^@^@ ^\ 1 ^Cq 1# B A.\ - ^C^L _^W 2 ` E^Tl ^ / s, "= :P; ^Q o u"6,Q^D ol \8 k )9^^A^Q) - ^LI a W q + ^B^\L O^O T7<9 FC SWITCH Cleartext Decru DataFort

13 Hardware-based security Hardware-based encryption provides crucial advantages over software-based solutions: –Wire-speed performance All encryption and key management are processed by specialized encryption hardware: Decru Storage Encryption Processor (SEP) Multi-gigabit throughput, sub-100 microsecond latency –Encryption and key management are maintained in secure hardware Software encryption stores keys in…. Windows. DataFort provides military-grade hardened architecture (FIPS 140-2 Level 3 certified) with storage optimized AES-256 Encryption keys never exposed in an open operating system (e.g. Windows, Linux…)

14 High Availability for Encrypted Data 1.DataFort cluster failover 2.DataFort cloning 3.Software recovery

15 1. Each DataFort appliance provides automated, self- contained key management. 1 2. Keys are automatically and securely replicated to additional cluster nodes. 2 3. All DataFort appliances across the enterprise replicate keys to Decru Lifetime Key Management™ (LKM) system, providing automated, secure enterprise-wide key management. Recovery smart cards enforce quorum approval for sensitive operations. LKM 3 Secure Key DB Decru Lifetime Key Management™ Automated, Secure, Enterprise-Wide Key Management

16 Global Investment Bank Secure Consolidation DataFort E-Series UNIX Development Environment Shared storage Access Controls Authentication AES-256 Encryption Cryptainer™ Vaults Cryptainer A Cryptainer B Cryptainer C Developer A Developer B Developer C

17 Fortune 5 Company GLBA Compliance, Secure Offshoring DataFort FC-Series Transaction Processing Servers Port Locking SAN Host Authentication AES-256 Encryption Cryptainer™ Vaults FC switches SAN Storage Secure Replication to DR

18 UK National Health Service Tape Encryption for Patient Privacy DataFort FC-Series Backup Servers Port Locking SAN Host Authentication Data Compression AES-256 Encryption Cryptainer™ Vaults FC switches Backup Tape Libraries Fibre Channel Encrypted

19 FC switch Server Storage HeadquartersDR Site/Outsource Clear text Clear text Secure DR: Multiple Copies of Data Tape System Data Exposed Data Exposed Data Exposed Data Exposed Clear Data Secured Cipher Text Cipher Text Cipher Text Data Secured Data Secured DataFort Data Secured WAN

20 Questions ????

Download ppt "DECRU Data At Rest Security Opportunity Chris Gale"

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
BalaBit Shell Control Box

BalaBit Shell Control Box
RETHINK BACKUP & ARCHIVE. 2 Backup and Archive are Top IT Priorities Which of the following would you consider to be your org’s most important IT priorities.

RETHINK BACKUP & ARCHIVE. 2 Backup and Archive are Top IT Priorities Which of the following would you consider to be your org’s most important IT priorities.
PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.

PCI-DSS Erin Benedictson Information Security Analyst AAA Oregon/Idaho.
Privileged Identity Management Enterprise Password Vault

Privileged Identity Management Enterprise Password Vault
The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant

The twenty-four/seven database Oracle Database Security David Yahalom Senior database consultant
Random Password Manager Centralized scalable password management security and recovery Joe Vachon Sales Engineer.

Random Password Manager Centralized scalable password management security and recovery Joe Vachon Sales Engineer.
Dell Compellent and SafeNet KeySecure

Dell Compellent and SafeNet KeySecure
E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.

E-Commerce Security Issues. General E-Business Security Issues Any E-Business needs to be concerned about network security. The Internet is a “ public.
Benefits of CA Technology & HVB Bank Romania Study Case Bucharest, May 31, 2005.

Benefits of CA Technology & HVB Bank Romania Study Case Bucharest, May 31, 2005.
Iron Mountain’s Email Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.

Iron Mountain’s Continuity Service ©2006 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered.
Smart Grid Cyber Security Framework

Smart Grid Cyber Security Framework
VMware Update 2009 Daniel Griggs Solutions Architect, Virtualization Servers & Storage Solutions Practice Dayton OH.

VMware Update 2009 Daniel Griggs Solutions Architect, Virtualization Servers & Storage Solutions Practice Dayton OH.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
1 Pertemuan 10 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >

1 Pertemuan 10 Network Security and E-Commerce Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi: >
© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP StorageWorks LeftHand update Marcus.

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice HP StorageWorks LeftHand update Marcus.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.
Company Overview DATASTOR in Education By: Mike Ehring.

Company Overview DATASTOR in Education By: Mike Ehring.

Similar presentations

Ads by Google