Upload
thales-e-security
View
461
Download
0
Embed Size (px)
Citation preview
www.thales-esecurity.com
Data Protection in 2016: Top 5 Use Cases
KRISTINA CAIRNS, SENIOR PRODUCT MARKETING MGRSANDER TEMME, SENIOR PRODUCT MANAGER
FEBRUARY 17, 2016
2This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Welcome
▌Today’s outlook
▌How Hardware Security Modules will help secure the future
▌Top 5 Use Cases for Hardware Security Modules
▌Further resources
3This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Today’s reality: targeted and successful data breaches
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
4This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Many Connected “Things”
▌6.4B Connected "Things" will be in use in 2016 Up 30% from 2015
▌Manufacturers must secure the data that connected devices are sharing
Robust device authentication & data protection will be crucialPublic Key Infrastructures will play strong role
Source: Gartner, http://www.gartner.com/newsroom/id/3165317
Thales Blog post: “How to safeguard
your data in the age of the Vulnerability of
Things”
5This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Security Trends
Toda
y’s e
nviro
nmen
t Continual cyber attacks
New data privacy regulations
Connected everything
Mobile payments on the rise
www.thales-esecurity.com
Securing the future
Click icon to add picture
7This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Hardware Security Modules provide utmost security
▌What’s the best way to protect your organization’s sensitive data in today’s highly connected world?
More companies than ever are turning to Hardware Security Modules (HSMs)Un-paralleled protection of cryptographic operations Manage encryption keys, digital signatures, and more, within tamper-resistant hardware devices.
8This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
HSMs: certified platform for trust management
▌What are HSMs?Hardened, tamper-resistant devices isolated from host environmentAlternative to software crypto libraries
▌What do HSMs do?Secure cryptographic operationsProtect cryptographic keysEnforce policy over use of keys
Business Application
Application Data
Encrypted/decrypted or signed data
Data to be signed, encrypted/decryptedHSM security
boundary
HSMApplication Keys inside security boundary
Secure crypto processing
engine
9This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
The nShield HSM family
nShield Connect
Network attached applianceShared crypto resourceHigh-volume transactionsHigh availability
nShield Solo
Server-embedded cardDedicated processingCompact PCIe design
Certified implementations of all leading algorithms
nShield HSMs are FIPS 140-2 Level 3 certified
Market leading platform for trusted applications
nShield Edge
Portable HSMSmall footprintUSB interface
10This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
How are organizations using HSMs today?
PKIs Custom applications
Digital signing SSL
Code signing
11This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
#1 Use case: PKIs
▌Public Key Infrastructures (PKIs)61% of customers surveyed said PKI was their main HSM applicationAverage PKI supports seven enterprise applications
▌PKI use growingRise of cloud and mobileDevices, applications, and “things” require credentialing and a secure way to communicate
12This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
PKI use cases
Digital CinemaAuthentication
between playback devices and
servers, content encryption,
watermarking
ManufacturingUnique identities & device authenticity
to prevent counterfeiting, IoT
PolycomCase Study
PRIMA CINEMA Case Study
13This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
#2: Custom Applications
▌It’s not just data… Applications need to be protected tooProtecting sensitive applications is critical for safeguarding IP Running applications within a protected environment is increasingly popular as more mission-critical apps handle sensitive data In 2016, we expect to see more organizations moving sensitive algorithms off their application servers and executing them inside the FIPS boundary of an HSM.
Thales’s CodeSafe runs apps inside HSMs
14This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
bitcoin
▌Critical trust challengeKeys must be protected and stored in a secure location. Because transactions are anonymous and non-reversible, they are vulnerable to theft. If stolen, they are pretty much untraceable.
▌HSMs offerPrivate key protectionKey derivationMulti-signature capability for dual control
bitcoin basics Users record transactions in an open “ledger” Ledger consists of a “blockchain” of transaction data To send a bitcoin, you need• A private key from which a public key is derived• A bitcoin address• A wallet for your private key
Blockchain expertsThales partner
15This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
#3 Digital Signing
▌26% of customers cite digital signing as the primary HSM use case
▌Popular application is signing barcodes used in electronic transactions
Examples include e-tickets for sporting events or airlines▌In 2016, we expect to see digital signing to rise
New regulationsIncreasing adoption of cloud-based signing models, where signing keys are protected, stored and managed on behalf of the signer by a cloud provider
e-Ticketing
Securing e-Tickets Data such as loyalty numbers can be extracted from
barcodes Signing barcodes with cryptographic keys helps
ensure integrity Digital signature keys managed in HSMs
16This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
#4 SSL
▌26% of our customers use HSMs for SSL ▌Poised to grow in 2016 ▌Rising use of application delivery controllers (ADCs) driving HSM adoption
Security of keysPerformance demands of networking environment in today’s world of web applications and cloud-based services
17This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
SSL Use Case
DNS
InternetInternetSSL
SSL
SSL
SSL
SSL
SSL
SSL
Web
Add
ress
IP A
ddre
ss
Application Delivery Controllers (ADCs) balance traffic while HSMs protect keys.
ADCs
ServersHosting applications
HSMs
18This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
#5 Code Signing
▌Lessons from attacks like Stuxnet and DuquAttackers who steal an organization’s private signing keys can replace legit code with malware both malware installation plus identity fraud
▌Not just a problem for companies producing softwareBanks who develop mobile appsManufacturers who produce control systems for cars Media providers that need to control access to content
With such a variety of organizations now at risk, more will look toward HSMs to help authenticate code.
www.thales-esecurity.com
New nShield XC Series
Click icon to add picture
20This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Faster! Bigger!
▌Thales introduces nShield XC Solo & Connect HSMs
Accelerated transactionsBest in class Elliptic Curve Cryptography (ECC)More room for customer apps run in HSM boundaries using CodeSafe, unique Thales feature
21This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
XC Benefits
More Powerful AppsnShield XC expands memory, letting our customers run larger and more powerful apps in CodeSafe.
Fastest ECC = VersatilitynShield supports the fastest ECC transactions of any HSM on the market. Ideal for helping secure variety of apps including emerging IoT.
Speed + VolumenShield XC helps our customers manage crypto keys and sign apps at higher rates.
ECC, one of today’s most efficient security algorithms, is favored where low power consumption is crucial.
22This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Why THALES e-Security?
Summary
▌Solutions for 2016 and beyondSecure increasingly important PKIs partnering with Thales expertsProtect custom applications in unique run-time environment within secure HSM boundary (CodeSafe)Benefit from experience from hundreds of use cases across traditional, virtualized, and cloud-based environments
▌Outstanding global support and services to help you succeed
23This document may not be reproduced, modified, adapted, published, translated, in any way, in whole or in part or disclosed to a third partywithout the prior written consent of Thales - © Thales 2016 All rights reserved.
Resources and questions
▌Resources referenced in this webcast
www.thales-esecurity.comBlog post: How to safeguard your data in the age of the Vulnerability of Thingswww.thales-esecurity.com/blogs/2016/february/safeguarding-your-dataPRIMA CINEMA case study: www.thales-esecurity.com/knowledge-base/case-studies/prima-cinemaPolycom case study:www.thales-esecurity.com/knowledge-base/case-studies/polycom
▌Next Thales e-Security webcast Global Encryption Trends10 A.M. ET on March 23, 2016
Thank you!