Data Protection in 2016 - Top 5 Use Cases

www.thales-esecurity.com

Data Protection in 2016: Top 5 Use Cases

KRISTINA CAIRNS, SENIOR PRODUCT MARKETING MGRSANDER TEMME, SENIOR PRODUCT MANAGER

FEBRUARY 17, 2016

2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.

Welcome

▌Today’s outlook

▌How Hardware Security Modules will help secure the future

▌Top 5 Use Cases for Hardware Security Modules

▌Further resources


Today’s reality: targeted and successful data breaches

www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/


Many Connected “Things”

▌6.4B Connected "Things" will be in use in 2016 Up 30% from 2015

▌Manufacturers must secure the data that connected devices are sharing

Robust device authentication & data protection will be crucialPublic Key Infrastructures will play strong role

Source: Gartner, http://www.gartner.com/newsroom/id/3165317

Thales Blog post: “How to safeguard

your data in the age of the Vulnerability of

Things”

http://www.gartner.com/newsroom/id/3165317




Security Trends

Toda

y’s e

nviro

nmen

t Continual cyber attacks

New data privacy regulations

Connected everything

Mobile payments on the rise


Securing the future

Click icon to add picture


Hardware Security Modules provide utmost security

▌What’s the best way to protect your organization’s sensitive data in today’s highly connected world?

More companies than ever are turning to Hardware Security Modules (HSMs)Un-paralleled protection of cryptographic operations Manage encryption keys, digital signatures, and more, within tamper-resistant hardware devices.


HSMs: certified platform for trust management

▌What are HSMs?Hardened, tamper-resistant devices isolated from host environmentAlternative to software crypto libraries

▌What do HSMs do?Secure cryptographic operationsProtect cryptographic keysEnforce policy over use of keys

Business Application

Application Data

Encrypted/decrypted or signed data

Data to be signed, encrypted/decryptedHSM security

boundary

HSMApplication Keys inside security boundary

Secure crypto processing

engine


The nShield HSM family

nShield Connect

Network attached applianceShared crypto resourceHigh-volume transactionsHigh availability

nShield Solo

Server-embedded cardDedicated processingCompact PCIe design

Certified implementations of all leading algorithms

nShield HSMs are FIPS 140-2 Level 3 certified

Market leading platform for trusted applications

nShield Edge

Portable HSMSmall footprintUSB interface


How are organizations using HSMs today?

PKIs Custom applications

Digital signing SSL

Code signing


#1 Use case: PKIs

▌Public Key Infrastructures (PKIs)61% of customers surveyed said PKI was their main HSM applicationAverage PKI supports seven enterprise applications

▌PKI use growingRise of cloud and mobileDevices, applications, and “things” require credentialing and a secure way to communicate


PKI use cases

Digital CinemaAuthentication

between playback devices and

servers, content encryption,

watermarking

ManufacturingUnique identities & device authenticity

to prevent counterfeiting, IoT

PolycomCase Study

PRIMA CINEMA Case Study


#2: Custom Applications

▌It’s not just data… Applications need to be protected tooProtecting sensitive applications is critical for safeguarding IP Running applications within a protected environment is increasingly popular as more mission-critical apps handle sensitive data In 2016, we expect to see more organizations moving sensitive algorithms off their application servers and executing them inside the FIPS boundary of an HSM.

Thales’s CodeSafe runs apps inside HSMs


bitcoin

▌Critical trust challengeKeys must be protected and stored in a secure location. Because transactions are anonymous and non-reversible, they are vulnerable to theft. If stolen, they are pretty much untraceable.

▌HSMs offerPrivate key protectionKey derivationMulti-signature capability for dual control

bitcoin basics Users record transactions in an open “ledger” Ledger consists of a “blockchain” of transaction data To send a bitcoin, you need• A private key from which a public key is derived• A bitcoin address• A wallet for your private key

Blockchain expertsThales partner


#3 Digital Signing

▌26% of customers cite digital signing as the primary HSM use case

▌Popular application is signing barcodes used in electronic transactions

Examples include e-tickets for sporting events or airlines▌In 2016, we expect to see digital signing to rise

New regulationsIncreasing adoption of cloud-based signing models, where signing keys are protected, stored and managed on behalf of the signer by a cloud provider

e-Ticketing

Securing e-Tickets Data such as loyalty numbers can be extracted from

barcodes Signing barcodes with cryptographic keys helps

ensure integrity Digital signature keys managed in HSMs


#4 SSL

▌26% of our customers use HSMs for SSL ▌Poised to grow in 2016 ▌Rising use of application delivery controllers (ADCs) driving HSM adoption

Security of keysPerformance demands of networking environment in today’s world of web applications and cloud-based services


SSL Use Case

DNS

InternetInternetSSL

SSL

SSL

SSL

SSL

SSL

SSL

Web

Add

ress

IP A

ddre

ss

Application Delivery Controllers (ADCs) balance traffic while HSMs protect keys.

ADCs

ServersHosting applications

HSMs


#5 Code Signing

▌Lessons from attacks like Stuxnet and DuquAttackers who steal an organization’s private signing keys can replace legit code with malware both malware installation plus identity fraud

▌Not just a problem for companies producing softwareBanks who develop mobile appsManufacturers who produce control systems for cars Media providers that need to control access to content

With such a variety of organizations now at risk, more will look toward HSMs to help authenticate code.


New nShield XC Series

Click icon to add picture


Faster! Bigger!

▌Thales introduces nShield XC Solo & Connect HSMs

Accelerated transactionsBest in class Elliptic Curve Cryptography (ECC)More room for customer apps run in HSM boundaries using CodeSafe, unique Thales feature


XC Benefits

More Powerful AppsnShield XC expands memory, letting our customers run larger and more powerful apps in CodeSafe.

Fastest ECC = VersatilitynShield supports the fastest ECC transactions of any HSM on the market. Ideal for helping secure variety of apps including emerging IoT.

Speed + VolumenShield XC helps our customers manage crypto keys and sign apps at higher rates.

ECC, one of today’s most efficient security algorithms, is favored where low power consumption is crucial.


Why THALES e-Security?

Summary

▌Solutions for 2016 and beyondSecure increasingly important PKIs partnering with Thales expertsProtect custom applications in unique run-time environment within secure HSM boundary (CodeSafe)Benefit from experience from hundreds of use cases across traditional, virtualized, and cloud-based environments

▌Outstanding global support and services to help you succeed


Resources and questions

▌Resources referenced in this webcast

www.thales-esecurity.comBlog post: How to safeguard your data in the age of the Vulnerability of Thingswww.thales-esecurity.com/blogs/2016/february/safeguarding-your-dataPRIMA CINEMA case study: www.thales-esecurity.com/knowledge-base/case-studies/prima-cinemaPolycom case study:www.thales-esecurity.com/knowledge-base/case-studies/polycom

▌Next Thales e-Security webcast Global Encryption Trends10 A.M. ET on March 23, 2016

Thank you!

http://www.thales-esecurity.com/

http://www.thales-esecurity.com/blogs/2016/february/safeguarding-your-data

http://www.thales-esecurity.com/knowledge-base/case-studies/prima-cinema

http://www.thales-esecurity.com/knowledge-base/case-studies/polycom

Technology

Data Protection in 2016 - Top 5 Use Cases