Upload
safenet
View
461
Download
0
Embed Size (px)
Citation preview
© SafeNet Confidential and Proprietary
Perpetual Information SecurityDriving Data Protection in an Evolving Compliance
Landscape
Trisha Paine
2
© SafeNet Confidential and Proprietary
Market Trends, Threat DriversT
HR
EA
T D
RIV
ER
S
MARKET FORCES
Compliance and regulations
Breach Notification Laws
Loss of critical IP
Mobile workforce
removable media
Virtualization
Cloud
Computing
Outside Breaches
Penalties and Fines
Compliance
The Outsider becomes The Insider
Data Loss, Theft
Identity Theft
Cyber Crime
3
© SafeNet Confidential and Proprietary
Lesson #1: Develop an Overreaching
Security Business Model
Source: Information Systems Audit and Control Association (ISACA)
4
© SafeNet Confidential and Proprietary
Lesson #2: Know Where Sensitive Data is Located
5
© SafeNet Confidential and Proprietary
Lesson #3: Map Regulations and Find
Overlaps
6
© SafeNet Confidential and Proprietary
Lesson #3: Map Regulations and Find Overlaps
7
© SafeNet Confidential and Proprietary
Lesson #4: Look Forward to How Security
Needs are Evolving
Data Protection Now
• Perimeter focused security
• All-or-nothing encryption
• Keep bad guys out, authorized users get full access
• Multiple products to meet business and security needs
• High level or very specific policy only, •No proper central policy management
• Data-centric protection—intelligence to protect the data itself throughout its lifecycle
• Granular, selective protection over subset of unstructured or structured data (files, fields, and columns)
• Granular data protection for authorized users, assure compartmentalization
• Centrally managed solution that addresses business, compliance, data governance & security
• Centralized policy and key management providing data use tracking and control
Data Protection Then
8
© SafeNet Confidential and Proprietary
MediaFlash-
drive
Laptop
Mobile
Branch Office
Lesson #4: Look Forward to How Security
Needs are Evolving
Web 2.0 Application
Remote Replication
Data Center
• Cryptographic Perimeter
• Application & DB Data
• File-based Endpoints
• Removable Media
contained
• Each Data-use is Tracked
• Granular Access Controls
• Assured User Authentication
• Mobile Data LOCKED!
Forever Protection Ubiquitous Controls
Internet
SaaS Cloud
Extranet
WAN
9
© SafeNet Confidential and Proprietary
Lesson #4: Look Forward to How Security
Needs are Evolving
The approaches
• Web/Application Encryption
• Database Encryption
• File Encryption
• Storage Encryption
• Tokenisation
The considerations
• Know your threat models
• Application transparency
• Performance
• Business logic embedded within database environments
• Batch processing & bulk import/export operations
• Indexing and primary/foreign key pairs
• Searching on encrypted data
10
© SafeNet Confidential and Proprietary
Lesson #5: Tackle Requirement 3 and
Reduce the Key Management Scope
Source: Oasis
11
© SafeNet Confidential and Proprietary
Lesson #5: Tackle Requirement 3 and Reduce the
Key Management Scope
What’s the cost of unmanageable key management?
Planning time:
Some organizations spent up to a year planning for key management issues
including breaches and notifications*
Audit prep time
Demonstrate which apps and networks are using the keys and where in the
world they are
Data Loss:
Up to 39 percent of organizations who have experienced key loss also lose
data permanently or disrupt business operations.
Maintenance costs:
Disparate systems means no economy of scale for maintenance costs. Each
encryption system and key management solution could have 15-20% annual
maintenance fees.* Source: TrustCatalyst
12
© SafeNet Confidential and Proprietary
Lesson #5: Tackle Requirement 3 and Reduce the
Key Management Scope
13
© SafeNet Confidential and Proprietary
Lesson #5: Tackle Requirement 3 and Reduce the Key
Management Scope
Benefits of Lifecycle Key Management
Reduce Administration
Costs
Centralized management for
lifecycle key management
Standards based with key
versioning
Ease Proof of Compliance
Common logs and audits for multiple data types eases
reporting
Separation of duties between security officers
and data stewards
Protect More Data Types
Funnel both symmetric and asymmetric key
materials into one appliance
HSM options for key vaults, FIPS
140 Level 3 *(upon NIST Approval)
14
© SafeNet Confidential and Proprietary
Summary: Evaluate Every OptionAdaptable, Flexible, Manageable…
SCALABLE FOR
GROWTH
Hardened Appliance
ApplicationProtection
Application and
Web Servers
IntellectualProperty
ProtectionFile Servers Databases
Database Security
Endpoints
Laptop
Tokenization
0000
000 00
LegacyProtection
Mainframes
Benefits:
• Flexibility to evolve
• Ease proof of compliance
• Streamline administration
and enforcement of
protection policies
• Strong lifecycle key
management
Consider an unified platform with the choices to adopt the
method that’s right for you to achieve compliance.