your cloud or mine? exploring data security in the cloud · 3 revenue ~$330m we control access to...
TRANSCRIPT
1 © SafeNet Confidential and Proprietary
Your Cloud or Mine?
Exploring Data Security in the Cloud
Marko Bobinac
PreSales Engineer CEE, Russia and CIS
CSA-CEE SUMMIT Ljublujana, 23.10.2013
2
Agenda
Introduction
Context
Regaining Control
Kill the data – the right way
A Closing Thought
3
REVENUE
~$330m
We control access to the most sensitive
corporate information– more than 35 million
identities protected via tokens, smartcards,
and mobile devices managed on-premise and in
the cloud.
We protect the most money that moves–over
80% of the world’s intra-bank fund
transfers and nearly $1 trillion per day.
We are the de facto root of trust–deploying
more than 86,000 key managers and
protecting up to 750,000,000 encryption
keys.
We monetize the most high-value software–
more than 100 million license keys protect and
manage on-premise, embedded, and cloud
applications globally.
GLOBAL FOOTPRINT
+25,000 customers in 100 countries
ACCREDITED
Products certified to the highest
security standard
130+ FIPS Certificates
EMPLOYEES
+1,400
550+ Crypto Engineers
FOUNDED
1983
Insert Your Name
Insert Your Title
Insert Date
Context
5
A Modern Pantheon of Adversary Classes
Methods
“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical
Impacts
Reputational Personal Confidentiality Integrity Availability
Target Assets
Credit Card #s Web
Properties Intellectual
Property PII / Identity
Cyber Infrastructure
Core Business Processes
Motivations
Financial Industrial Military Ideological Political Prestige
Actor Classes
States Competitors Organized
Crime Script
Kiddies Terrorists “Hactivists” Insiders Auditors
http://www.slideshare.net/DavidEtue/adversary-roi-evaluating-security-from-the-threat-actors-perspective
6
Optimizing Information Security
Is a Multi-Faceted Challenge
Technology
Threats
Customers Needs
Regulators (Compliance)
Business Needs
7
Financial: 70% Reduction in IT
Infrastructure spend (VMware)
Quality: Automation reduces the
volume of incidents by 27%, and event
and incident handling time by 40% (VMware)
Agility: Provisioning in minutes (from
weeks!)
The Value of Cloud is Real
8
The Control Continuum
Dictator Surrender
Challenges of Data Ownership
in the Cloud
9
Agile.
Now.
On demand.
Simple.
Secure?
10
And Not Just The Traditional “Bad Guys"
Sensitive Data in
the Cloud
Adversaries
Government Discovery
Cloud Administrators
Auditors / Regulators
Insert Your Name
Insert Your Title
Insert Date
Regaining Control
Secure the Breach
11
SafeNet ‘Secure Breach’ Survey…. February 2013
31% admitted that their
perimeter has been breached
20% were not sure if they’d been
breached.
38% believe unauthorized users
currently have access to their
networks.
65% think they will suffer a data
breach within 3 years
59% believe if their perimeter is
breached, their data would not be
safe.
20% wouldn’t trust their own
company with their personal data….
Most organizations
are trying to deploy
“traditional”
security controls in
cloud and virtual
environments… but
were the controls
even effective then?
Time to Secure the Breach
Breach Prevention Era
Secure Breach Era
A new prescription for the
“Secure Breach” era
• Its time to try something new…
Introspection
• You can’t prevent a perimeter breach…
Acceptance
• Know your enemies and what they are after…
Understanding
• Protect What Matters…THE DATA!
Action
Key Enablers to the Secure Breach
Encryption (and Key Management)
Identity and Access Management with Strong Authentication
Segmentation
Privilege User Management
Detection and Response Capabilities
Asset, Configuration, and Change Management
Virtual Instances
Virtual Storage
Protect V Manager Virtual Appliance
Data Secure Appliance
Applications
Databases Mainframes
File Servers
**##**
Tokenization
Cryptography
as an IT Service
16
Storage Secure Appliance
File Shares
Network
Storage
Tape
Backups
Management
Center
L2 High Speed
Encryptors
Nat. IDs AMI
Metering E-Signatures
E-Passports
Certificate Infrastructures
Authentication
Manager (On-Premise or Cloud)
HSM Appliance
3rd Party
Technologies KMIP
Protect Cloud
&Virtual Infrastructure
Protect
Data Centers
Protect Storage
Protect
Data Transfer
Protect
Identities
Protect
Infrastructure
Insert Your Name
Insert Your Title
Insert Date
Simply kill the data – the right way
Use cases
Transparent “Bump in the Wire” Encryption
18
Executive
Storage
Partitioned Data
HR
Finance
Sales
\\storage\finance
\\storage\sales
Transparent “Bump in the Wire” Encryption
19
Executive
Storage
Isolated Data
HR
Finance
Sales
\\storage\finance
\\storage\sales Windows AD / LDAP
Use Case: Compliant Data Protection
(cluster/ failover)
SalesForce.com Intellectual
Property
Clients
CMS Off
Premise
On
Premise
HR
Use Case: Privileged User Risk Mitigation
Administrator
Isolated data Users
Storage
Use Case: Archival Protection
Storage Storage
Primary Secondary Networked
Applications
Mobile
Workers
Corporate
Offices
Military
Applications
web
App
DB
Customer Use Case: Encrypted Data to
Amazon S3
23
Sensitive or PII Data
StorageSecure &
AWS iSCSI Gateway
Customer Use Case:
Encrypted Objects as an Archive
24
Cloud Service Provider Sensitive or PII Data
Protect App &
DataSecure
KeySecure /
DataSecure 3
ProtectV Manager 2
ProtectV Client 1
Virtual Machines
ProtectV Client is installed
on your VMs.
ProtectV Manager is a virtual
machine that runs as a VM in a
VMware environment.
KeySecure / DataSecure is a hardware-based high-assurance
enterprise key management solution. It is also available as the virtual
appliance.
Protected Disks
VMware ESX Server
Storage
Customer Use Case: Encrypting Cloud VM‘s
Insert Your Name
Insert Your Title
Insert Date
A Closing Thought
27
A Parent’s Most Valuable Asset?
28
Most Valuable Asset?
…Yet Most Parents Allow Their Kids to Leave
Their Control
29
Choosing Child Care? Choosing Clouds?
30
http://www.flickr.com/photos/markhillary/6342705495 http://www.flickr.com/photos/tallentshow/2399373550
More Than Just Technology…
31
Clouds Love Crypto!!!*
*with good key management…
Insert Your Name
Insert Your Title
Insert Date
Thank You!
Marko Bobinac
PreSales Engineer CEE, Russia and CIS