security policy and key management: centrally manage encryption keys - oracle tde, sql server tde...
TRANSCRIPT
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 1/17
www.Vormetric.com
Security Policyand Key Management
Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 2/17
Presentation Overview
Evolution of encryption
management systems
and integrated key
IT operations and
will then be examined
support challenges
Review of the future
compliance regulations
industry initiatives and
Conclude with brief
Vormetric Key Management
introduction to
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 2
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 3/17
Importance of Enterprise Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 3
Two Types of Key Management Systems
Third PartyIntegrated
“ i The final encrypted solution has two parts:the encrypted data itself and the keys thatcontrol the encryption and decryptionprocesses. Controlling and maintaining the keys,therefore, is the most important part of
an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 4/17
IT Imperative: Secure Enterprise Data
Direct access to enterprisedata has increased the risk of misuse.
Attacks on mission criticaldata are getting moresophisticated.
Security breach results insubstantial loss of revenueand customer trust.
Compliance regulations(HIPAA, PCI DSS) mandatesimproved controls.
1 2
3 4
What is needed is a powerful, integrated solution
that can enable IT to Ensure the availability,
security, and manageability of encryption keys
Across the enterprise.
“
! A Data Breach Costs > $7.2M Per Episode
i
2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 4
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 5/17
Enterprise Key Management 8 Requirements
Enterprise KeyManagement
Generation
Storage
Backup
Key StateManagement
Security
Auditing
Authentication
Restoration
Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 6/17
Interoperability Standards
PKCS#11 EKM OASIS KMIP
Public Key CryptographicStandard used byOracle Transparent
Data Encryption (TDE)
Cryptographic APIs usedby Microsoft SQL server
to provide databaseencryption and secure
key management
Single comprehensiveprotocol defined by
consumers of enterprisekey management systems
!Even though vendors may agree on basic cryptographictechniques and standards, compatibility between keymanagement implementation is not guaranteed.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 6
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 7/17
Complex management: Managing a
plethora of encryption keys in millions
Security Issues: Vulnerability of keys
from outside hackers /malicious insiders
Data Availability: Ensuring data
accessibility for authorized users
Scalability: Supporting multiple
databases, applications and standards
Governance: Defining policy-driven,
access, control and protection for data
Encryption Key Management Challenges
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 7
Disparate Systems
Different Waysof Managing
Encryption Keys
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 8/17
Industry Regulatory Standards
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 8
Gramm LeachBliley Act (GLBA)
U.S. Health I.T. forEconomic
and Clinical Health(HITECH) Act
Payment CardIndustry Data
Security Standard(PCI DSS)
Requires encryption keymanagement systems withcontrols and procedures formanaging key use andperforming decryptionfunctions.
Requires firms inUSA to publiclyacknowledge a databreech although itcan damage theirreputation.
Includes a breachnotification clausefor which encryptionprovides safe harborin the event of adata breach.
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 9/17
Vormetric Key Management Benefits
Minimize Solution Costs
Stores Keys Securely Provides Audit and Reporting
Manages Heterogeneous Keys / FIPS 140-2 Compliant
i VKM provides a robust, standards-based platform for
managing encryption keys. It simplifies management and
administrative challenges around key management to
ensure keys are secure.
“ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 9
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 10/17
Vormetric Key Management Capabilities
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 10
Manage Vormetric
Encryption
Agents
Manage3rd Party Keys
VaultOther Keys
Create/Manage/Revoke
keys of 3rd party
encryption solutions
Provide Network HSM to
encryption solutions via PKCS#11 (Oracle 11gR2)
EKM (MSSQL 2008 R 2)
Provide Secure storage of
security material
Key Types:
Symmetric: AES, 3DES, ARIA
Asymmetric: RSA 1024, RSA
2048, RSA 4096
Other: Unvalidated security
materials (passwords, etc.).
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 11/17
Vormetric Key Management Components
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 11
Data SecurityManager (DSM)
Report onvaulted keys
Key Vault
Provides key management
services for:
Oracle 11g R2 TDE
(Tablespace Encryption)
MSSQL 2008 R2 Enterprise
TDE (Tablespace Encryption)
Licensable Option on DSM
Web based or API level
interface for import and
export of keys
Same DSM as used with all
VDS products
FIPS 140-2 Key Manager
with Separation of Duties
Supports Symmetric, Asymmetric, and Other
Key materials
Reporting on key types
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 12/17
TDE Key Architecture before Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 12
Master Encryption keysare stored on the localsystem in a file with thedata by default.
TDE MasterEncryption Key
Local
Wallet or Table
Oracle / Microsoft TDE!
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 13/17
TDE Key Architecture after Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 13
TDE MasterEncryption Key
Vormetric DSM acts as Network HSM for
securing keys for Oracle and Microsoft TDE
Vormetric Key Agent is installed on the
database server
S S L
C o n n e c t i o n
Key Agent
Oracle / Microsoft TDE
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 14/17
VKM Architecture-Key Vault
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 14
Asymmetric
Web GUI
Command Line / API
Supported Key Types:
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 15/17
Security Policy and Key Management
Protecting the enterprise’s valuabledigital assets from accidental orintentional misuse are key goals forevery IT team today
A centralized enterprise keymanagement solution is critical to
ensuring all sensitive enterprise data issecure and available.
Vormetric Key Management is the onlysolution today that can:
Minimize IT operational and support burdens forencryption key management,
Protect data without disrupting you business
Secure and control access to data across the
enterprise and into the cloud, and
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 15
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 16/17
Vormetric Key Management is the onlysolution today that can:
A centralized enterprise key managementsolution is critical to ensuring all sensitiveenterprise data is secure and available.
Protecting the enterprise’s valuable digitalassets from accidental or intentionalmisuse are key goals for every IT teamtoday
Security Policy and Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 16
“ i The final encrypted solution has two parts:the encrypted data itself and the keys thatcontrol the encryption and decryptionprocesses. Controlling and maintaining the keys,therefore, is the most important part of an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
Minimize IT operational and support burdens forencryption key management,
Secure and control access to data across theenterprise and into the cloud, and
Protect data without disrupting you business
7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric
http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 17/17
www.Vormetric.com
Security Policyand Key Management
Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
Download Whitepaper
Click - to - tweet