History, Heresy & The Future of Data...

History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford University Co-Inventor of Public Key Cryptography

Michael Callahan CMO and VP, CREDANT

Gretchen Hellman VP of Marketing and Product Management, Vormetric

Agenda

•  The State of Encryption Today

•  Historical Perspective: The Inside Story on Inventing Public Key Cryptography

•  Psychology, Risk and Encryption

•  What Works in Cryptography

•  CREDANT and Vormetric: Changing Perceptions in Cryptography

Data Center

3

The Business Problem

Employee

Contractor Partner

Prospect List

Intellectual Property

Customer Credit Card Information Social Security Numbers

Classified Government Information

Airport

Internet Cafe

Home

Office

Site

Transit Patient Records

ALL Sensitive Corporate Data

Compliance Regulations Expanding

4

•  Data Compliance Laws are Driving the Market   Many National Laws/Initiatives/Acts/Programs

•  HIPAA, PCI, GLBA, SOX, FISMA, BITS   44 states, DC, Puerto Rico and the Virgin Islands have laws*   States with no law yet

•  Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota

Why aren’t all Enterprises Encrypting?

Perception of encryption is behind advances in technology

  Hard   Expensive   Unmanageable

  Easy   Economical   Transparent

Perception - History Reality - State of the Art

Introducing Professor Martin Hellman

•  Co-Inventor Public Key Cryptography

•  Professor Emeritus, EE, Stanford University

•  Selected Awards:   IEEE Fellow, Marconi Fellow,

Electronic Frontier Foundation Pioneer Award, Member of National Academy of Engineering

Early 1970s: Looking Into the Future

Finding Other “Fools”

Merkle Diffie Hellman

Early Feedback About the Idea

Identifying the Issues

•  Ad-hoc communication with unknown users over computer networks

•  Symmetric key distribution could not work

Solving the Problem

•  Identified the need to develop a 2 key system

•  How could it be mathematically derived?

An important suggestion from Professor John Gill Stanford University

1976 – New Directions in Cryptography

“We stand today on the brink of a revolution in cryptography”

Building on the Foundation

•  PKI

•  Digital Signatures

•  SSL

•  Elliptic Curve

Risk, Psychology and Encryption

•  Resistance to addressing risk

•  Cassandra, teenage immortality, nuclear risk, soaring and cryptography

•  What we can do?

Cryptography Today – What Works

•  Integrated

•  Transparent

•  Automatic

Martin Hellman’s Work Today

•  NuclearRisk.org

•  Recent work:   Soaring, Cryptography and Nuclear Weapons

CREDANT and Vormetric

Changing perceptions about Encryption

•  Innovative approaches   CREDANT – Endpoint Encryption   Vormetric – Servers and Storage

•  Focused on making encryption work   Manageable, transparent, secure

“Vormetric made our key management and encryption as simple as it can be.”

— Troy Larson, VP of Information Systems, Metabank

“The CREDANT software is very transparent — most people don’t know it’s on the machine.” — David Fennel, IT Security Coordinator, Talisman Energy

18

CREDANT Overview

19

CREDANT Company Overview

2007 Data Security Leadership Quadrant

2007 & 2008: #1 Fastest Growing Private (Security) Company

Testergebnis: 8.6 Very Good

Founded - September 17, 2001   To enable customers to manage security of data on

any device Product Line - CREDANT Mobile Guardian (CMG)

  Data-centric, policy based, centrally managed data protection solution that "Protects What Matters"- your critical information

Financial and Strategic Investors   Leading Venture Capital Firms

  Austin Ventures, Menlo Ventures, Crescendo Ventures

  Cisco Systems & Intel Capital Accomplishments

  More than 775 customers worldwide   Protecting >5 Million endpoints globally   Solution recognized by leading industry experts

CREDANT’s Diverse Customer Base Spans Major Industries and Geographies

Aerospace & Defense

State and Local Government

Universities

Consumer Industries Drugs & Healthcare

Energy

Financial Services

Telecommunications, IT & Media

Public Sector

Retail & Leisure

20

CREDANT’s Data-Centric Encryption More secure than other options

Disadvantage: •  Encryption only on system

level - no awareness of user or type of data

•  Only available for Desktops and Laptops

•  System administration significantly impacted

•  No separation of system and security administration

•  No protection against copy onto external media

Full Disk Encryption

Complete encryption of hard disk, including boot

and system files

File & Folder Encryption

Files and Folders specifically selected by the user are

encrypted

Disadvantage:

• Security dependent on user behavior

• Temporary application files can leak information

• No central administration or key recovery

• Impossible to enforce or prove compliance

The CREDANT approach combines the best of “Full Disk Encryption“ and “File & Folder Encryption“ and overcomes their significant problems

CREDANT’S Data-Centric Encryption

• Data automatically encrypted based on policies

• Encryption awareness of users, groups, systems and data types

• System remains accessible for system administration

• Central Administration for all devices and storage media with automated key escrow for guaranteed recovery

• Automatic detection and enforced protection of external media

22

CREDANT Simplifies the Solution

Full Compliance Reporting

Transparent to End-users

No Operational Impact

All Solutions Managed within One Web-based

Console

Vormetric Overview

The Best in Enterprise Encryption

•  Mature and Proven   Founded in 2001, production deployments since 2003   Over 500 enterprises use Vormetric solutions

•  Innovative Architecture   Transparent to applications, databases, storage and users   High performance, extendible, and rapidly deployable

•  Strong and Growing   Unparalleled partnerships   Diverse expanding customer base standardizing on Vormetric

•  THE solution for DB2 and Informix

•  THE solution for NetBackup

Strong Validation

•  THE solution for securing the execution environment for Oracle DataVault

•  Secure, centralized policy and key management

•  High performance

•  Heterogeneous

•  Rapidly deployable

•  Extensible

Any File, Any Database, Any Application, Anywhere!

Vormetric Data Security

Vormetric Simplifies Data Security

Oracle DB2 Informix

Sybase SQL Server MySQL

ERP CRM CMS

Care Management

CAD POS VoIP Dev Apps

Homegrown Applications

File Shares Flat Files Point

Encryption

HR Apps

The Vormetric Approach

Users

Apps

File System

Databases

Volume Manager

•  Encryption

•  Access Control

•  Audit

•  Centralized management

DB2 Oracle

Vormetric’s Extensible Solution

DAS

ERP

SAN NAS

SQL Sybase

IIS Apache WebLogic

File Servers FTP Servers Email Servers

CRM Payments

Other

CMS Custom

• Log Files • Password files

• Configuration files • Archive

• Data files • Transaction logs

• Exports • Backup

• File shares • Archive

• Content repositories • Multi-media

MySQL

VM

“ ” Future scalability to apply this solution where additional needs may arise was a significant consideration

Thomas Doughty, CISO, Prudential

Summary

•  Making encryption easy and effective from the endpoint to the core

•  No impact to existing operations

•  Keeping you compliant, out of the headlines and protected

Thank You!

  CREDANT •  info@credant.com •  www.credant.com •  866-CREDANT (273-3268)

  Vormetric •  info@vormetric.com •  www.vormetric.com •  888-267-3732

Q&A For More Information Contact: