SafeNet Authentication Service - аутентификация следующего поколения
SafeNet KeySecure Platform - אינפוגארד · Authentication & Authorization Multi-factor...
Transcript of SafeNet KeySecure Platform - אינפוגארד · Authentication & Authorization Multi-factor...
SafeNet KeySecure PlatformEnterprise Key Management, Encryption and Tokenization
ApplicationConnector
Tokenization Service
Database Connector File & Directory
Connector
Virtual Image & Volume(AWS / VMware)
3rd Party Key Management(Tape / Disk / KMIP)
SafeNet KeySecureManagement and
Encryption Platform
ProtectToken
ProtectV
ProtectAPPProtectDB ProtectFile
Storage(NAS & SAN)
ProtectBatch
Batch File(Positional / Delimited)
The world’s most comprehensive portfolio of solutions for encrypting data at rest and key management in physical, cloud, or virtual datacenters.
SafeNet
ProtectDB
SafeNet
Tokenization
SafeNet
ProtectFile Storage
Partners SafeNet
ProtectVEcosystems
•IBM DB2
•Oracle
•Microsoft
SQL Server
•IBM
•SAP
•BEA
•Apache
•Sun
•Oracle
•Java
•Jboss
•Cassandra
•IBM DB2
•Oracle
•Microsoft SQL Server
•Linux
•Samba
•Windows Server
•Novell
•Apache Hadoop
•Cassandra
•mongoDB
•Microsoft SharePoint
•Amazon EC2 & S3
•Chef
•Docker
•Hitachi
•NetApp
•HP
•IBM
•Quantum
•Nutanix
•Dell
•Others…
•Amazon Web
Services
•Microsoft Azure
•VMware
•IBM SoftLayer
•Multiple programming
languages
•SOAP and REST interfaces
•OPEN XML interface
•KMIP interface
•Tape Libraries
•Storage
•Cloud gateways
•Databases
•Applications
SafeNet KeySecure Platform
Distributed Key Management
Apps | GW | Tape
Disk | KMIP | TDE
Virtual
Machines
Network Attached
StorageFile Servers
& SharesApplication
ServersDatabasesWeb &
Application Servers
•Key and crypto engine
•Authentication and authorization
•Key lifecycle management
•SNMP, NTP, SYSLOG
SafeNet
ProtectApp
•IBM
•BEA
•Sun
•Apache
•Oracle
•Java
•Jboss
SafeNet KeySecure & Encryption ConnectorIntegration Portfolio Support Detail
Gemalto offers the world’s most certified and widely deployed portfolio of crypto
management solutions for securing and managing encryption keys and also executing cryptographic functions.
KMIP Enabled
How Information flows ...
Deployment Effort
Security Application/Web+ Bespoke
+ 3rd Party
Databases+ OLTP
+ DW + reporting+ Batch processing
+ XML
Storage+ Full Disk encryption (FDE)
+ backup encryption
File/Directories+ File Servers (shared storage)
+ Client machines (laptop)+ prop/log file , App/DB files, xml,
word, excel, pdf…
Destination
Source (Inception)
Structured Data
Unstructured Data
4
SafeNet KeySecure Platform Components
Key Management Appliance
Secure operating system – hardened CentOS
Scalable / Built-in clustering / hardware redundancy
Selection of models – Physical and Virtual (FIPS Level 3)
Administration and key policy / access through GUI
Centralized key management
Centralized Auditing and Logging
Connectors
Software component that communicate with the KeySecure Appliance
Provides a point of integration into an end point via ProtectAPP, ProtectDB, ProtectFile, ProtectToken, ProtectV and StorageSecure & 3rd
party key management - KMIP
Provides load balancing, health checking, connection pooling
Secure SSL connection to SafeNet Appliance
SafeNet KeySecure Provides Centralized Key Management & Crypto Engine Appliance
Centralized Key ManagementCentrally manages symmetric, asymmetric keys and certificates
Generate, Export, Import, Destroy, Backup/Restore etc.
Support KMIP Standard
Built-in key rotation – versioned keys - Automation
Crypto Offload Engine Encryption & Decryption Services
Configurable for offload or local cryptoAuthentication & Authorization
Multi-factor system-to-system authentication and access controlCertificate based mutual authentication
Embedded username or IP within client certificate
Support for LDAP/AD user authentication
Granular, key-based cryptographic policyTime limit policies
Rate limit policies
Dual Administrative ControlMultiple credentials for sensitive operation
Security
Performance
Manageability
Availability
Flexibility
•Hardware-based, centralized key and policy management
•FIPS/CC certified solution
•Authentication and authorization
•High performance encryption offload, over 100K TPS
•Batch processing for massive amounts of data
•Efficient backup/restore capabilities, local encryption option
•Support for heterogeneous environments (app, db, file)
•Support for open standards and APIs
•Range of enterprise deployment models
•Intuitive, easy-to-use administration
•Separation of duties
•Centralized policy management
•Enterprise clustering and replication
•Load balancing, health checking, and failover
•Geographically distributed redundancy
SafeNet Platform Benefits
Centralized key and policy EnforcementSecurity administrators control data protection policy
Keys created and stored in a single location
Dual Administrative Control (M of N approvals)
Separation of Duties
Logging, Auditing and Alerts
FIPS & Common Criteria Certified SolutionFIPS 140-2 Level 2 & CC EAL2 Certified Hardware and Software
Keys stored separately from sensitive data
AES, 3DES, RSA and others – Standard Algorithms and Modes!!
Built-in Certificate Authority
Authentication & Authorization Multi-factor system-to-system authentication and access control
Granular, key-based, cryptographic policy
Support for LDAP
SecurityBuilt-in Granular Key Control
Encryption Offload Optimized, high-performance hardware
Frees up database and application servers
Latency less than 200 microseconds per request
More than 100K TPS per appliance
Local Encryption Option (works when key manager is on or off)Configurable for hardware offload or local encryption on client servers
Batch ProcessingPerform batch encrypts/decrypts for high performance
10K of thousands of operations a second
Batch tools include:
Transform Utility
ICAPI
Easy integration into existing applications
PerformanceBuilt-in High Performance
Heterogeneous Integration EnvironmentsWeb, Application, Database, Mainframe or File Server and disks
Encryption and Format Preserving Tokenization (FPT)
Data Center or Distributed Environments
Open Standards-based APIs, cryptographic protocols
Key Management for 3rd party applications
Scalability You can start small and roll across as you grow. Become key management standard,
rollout across the enterprise.
Models with capacity from 2,500 TPS to 100,000 TPS
Clustering further increases capacity and redundancy
Licensing structure enables cost-effective build-out
Flexibility Built-in to be a Service
Intuitive Administration and AutomationGraphical and command line interfacesPoint-and-click policy management
Encryption rights management
Key management
Network and system management
Simple configuration, analogous to a switch or router
Separation of DutiesSecurity administrators administrate securityMaximize productivity, minimize liabilityKeys, policies separate from data
Extensible Management PlatformCohesive, consistent elements across the enterpriseCommon management protocols, processesStandard implementation, integration methodology
ManageabilityBuilt-in GUI for Administration
DataCenter A
DataCenter B
KeySecure Cluster
ClusteringActive-Active clustering deployment
Keys and policies are shared and automatically replicated among KeySecures in
a global cluster
Load Balancing
Connectors can load balance across a group of appliances
Multi-tier load balancing enables transparent fail over to alternate
datacenters
Built-in Availability & RedundancyAvailability
KeySecure: Enterprise Key Management Centrally Manage Keys for partner solutions