protecting your critical data - gemalto › events › 2013 › safenetexecday... · 2013-06-07 ·...
TRANSCRIPT
Protecting
Your Critical data
ProtectV
Rami Shalom
VP of Product Management
Data Encryption
SafeNet
WHERE IS YOUR DATA? WHERE ARE YOUR KEYS?
Virtual Machines
File
Server
s
Databases
Site-to-site
Data in Motion
Applications
SaaS Apps
Live Data
1
Virtualized Data
3
Key Management
and Root of Trust
4
Access
5
Stored Data
2
Warning
• Pockets of Encryption
• Operational Inefficiencies
• Audit Deficiencies & Failures
• Sensitive Data Exposure
Protecting What Matters, Where it Matters
SafeNet Virtualization & Cloud data protection - ProtectV
What is ProtectV?
ProtectV is the industry's first comprehensive solution for protecting
your data across physical, virtual, and cloud environments.
With ProtectV you can:
• Isolate Virtual Machines and storage
• Authorize VM launches with SafeNet StartGuard
• Track access to all copies of your data
• Revoke key access after a breach
ProtectV enables you to migrate your sensitive data to untrusted or
shared environments securely.
Storage
Hypervisor
Hardware Layer
Backup Snapshots
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Data copied into OS
partition’s RAM
Data copied into
storage
Data Protection Challenges for Cloud
& Virtualization Before
Data used by
financial app
Data copied in
hourly snapshot
App
OS
Choose Data Security OR Virtualization/Cloud
Storage
Hypervisor
Hardware Layer
Backup Snapshots
App
OS
App
OS
App
OS
App
OS
App
OS
App
OS
Data copied into OS
partition’s RAM
Data copied into
storage
Introducing ProtectV
Data Protection for the Cloud.
Data used by
financial app
Data copied in
hourly snapshot
App
OS
After
Enjoy Data Security AND Virtualization/Cloud
What is ProtectV?
It is not an appliance/virtual appliance or proxy service
App
OS
ProtectV
Hypervisor
Volume
ProtectV is a virtual server solution
Anatomy of Securing the Cloud
KeySecure 3
ProtectV Manager 2
ProtectV Client 1
Virtual Machines
ProtectV Client is installed
on your VMs.
ProtectV Manager is a virtual
machine that runs as a VM in
a VMware environment.
KeySecure is a hardware-based
high-assurance enterprise key
management solution.
Protected Volumes
Hypervisor
Storage
Separation of Duties with ProtectV
KeySecure (HA)
ProtectV Manager (HA)
ProtectV Clients
Secure
Channel
HTTPS
SSL
EKM
Admin
ProtectV
Admin
VM
Admin
VM
User
Deployment Scenario: Public Cloud
Example of an AWS EC2 deployment
Public Cloud
ProtectV Manager (HA)
Trusted on-premise location
ProtectV Client
KeySecure (HA)
ProtectV: Environment
ProtectV currently supports the following environments:
• VMware vCenter
• Amazon Web Services EC2
• Amazon Web Services VPC
Complementary products to ProtectV:
• KeySecure (k150 and k460) – physical or virtual
• DataSecure (i150 and i450) – physical or virtual
11 © SafeNet Confidential and Proprietary
ProtectV Delivers
Unified management - at-a-glance dashboard view
and central audit point
On-premise key management audit for encryption key
usage
Visibility and proof of data governance
Pre-launch user authorization to access a VM
Encryption based separation of duties across virtual
and physical environments
Unified HW based FIPS 140-2 level 3 certified key
management to ensure VM ownership
Ownership and control of your
data
Encryption of entire VM
Encryption of associated storage volumes (mapped
drives), VM instances (snapshots, backups) and
locations (DR sites etc.)
Even the entire OS partition is protected
Complete VM encryption
ProtectV Demo time…
Спасибо