Encryption and Decryption using Password Based Encryption ...
SafeNet ProtectApp Deployment Options › ... › 2015 › 02 › Encryption-connectors.pdf ·...
Transcript of SafeNet ProtectApp Deployment Options › ... › 2015 › 02 › Encryption-connectors.pdf ·...
SafeNet ProtectAppAPPLICATION-LEVEL ENCRYPTION
Encrypt application data and keep it secure across its entire lifecycle – no matter where it is transferred, backed up, or copied
Rich application encryption and flexible key management interfaces
Broad standard and interface support, including web services
Easy deployment and management, including built-in key rotation and data re-keying
Built-in health checking and multi-tier load balancing
Secure authentication, granular authorization, and detailed logging and auditing
Large and growing ecosystem
Integrates with SafeNet KeySecure to provide:
Centralized administration of application encryption policy and keys
Ability to offload cryptographic processing to KeySecure for improved performance
Web Application Servers Apache Tomcat
IBM WebSphere
IBM AS/400
Jboss
Microsoft IIS
Oracle WebLogic
SAP NetWeaver
Sun ONE
And more…
Development Libraries/APIs Java, C/C++, .NET
XML open interface, KMIP standard
Web services, including SOAP
and REST
Cloud/Virtual Infrastructures All public cloud and virtual
environments, including Amazon
Web Services, Microsoft Azure, and
VMware
Certificates X509, PKCS1, PKCS8, PKCS12
Export, Import, Monitor
SUPPORTED PLATFORMS
Deployment Options
On-premises Cloud/Virtual
Application Level Encryption
Application Server Database Server
SafeNet
KeySecure
SafeNet
ProtectApp
SafeNet ProtectApp: Common Use Cases
Deploy a KMIP-enabled
key management solution
Protect data
in the cloud
Protect personally
identifiable information
Secure
intellectual property
Meet compliance
and regulatory mandates
SafeNet ProtectDBCOLUMN-LEVEL DATABASE ENCRYPTION
Encrypt column-level data in databases transparently in
multi-vendor database management systems
Define granular access controls by role, user, time of
day, and other variables
Prevent database administrators (DBAs) from
impersonating users with access to sensitive data
Increase security of sensitive data with seamless,
built-in key rotation and data re-keying
Secure communication, logging, and auditing
Multi-site support with built-in load balancer
Integrates with SafeNet KeySecure to provide:
Centralized key and policy management
Segregation of data and keys
Strong separation of duties
Ability to meet compliance mandates
Databases Oracle
Microsoft SQL Server
IBM DB2
Operating Systems Microsoft Windows
Linux
Solaris
HP-UX
AIX
IBM i/OS
SUPPORTED PLATFORMS
Cloud/Virtual Infrastructures All public cloud and virtual
environments, including Amazon
Web Services, Microsoft Azure, and
VMware
Deployment Options
On-premises Cloud/Virtual
Transparent Database Encryption
Application Server Database Server
SafeNet
KeySecure
SafeNet
ProtectDB
SafeNet ProtectDB: Common Use Cases
Protect data
in the cloud
Secure financial data
Protect personally
identifiable information
Meet compliance and regulatory
mandates, specifically PCI DSS
Transparent, comprehensive encryption for file
shares
and network drives (DAS, NAS and SAN)
Granular access controls to ensure only authorized
users or processes can view protected data
Prevent rogue administrators from impersonating
users with access to sensitive data
Easy and automated deployment in large
environments
Comprehensive logging and auditing capabilities
Deep and shallow key rotation
FIPS 140-2 strength AES algorithms
Integrates with SafeNet KeySecure to provide:
Centralized key and policy management
Segregation of data and keys
Strong separation of duties
Ability to meet compliance mandates
SafeNet ProtectFileFILE AND FOLDER ENCRYPTION
Operating Systems Microsoft Windows
Linux: Oracle, Red Hat Enterprise
Linux, SUSE, Ubuntu, AIX, Centos
Databases Oracle
mongoDB
Cassandra
IBM DB2
Microsoft: SQL Server, SharePoint
MySQL
PostgreSQL
Other Cloud Management: Chef
Containers: Docker
SUPPORTED PLATFORMS
Cloud/Virtual Infrastructures All public cloud and virtual
environments, including Amazon
Web Services, Microsoft Azure, and
VMware
Big Data Apache Hadoop
IBM InfoSphere BigInsights
Deployment Options
On-premises Cloud/Virtual
File System-level Encryption
ApplicationsFile Server
(On premises/Virtual/Cloud)
SafeNet
KeySecure
SafeNet
ProtectFile
ProtectFile Ecosystem Snippet
DATABASE ENCRYPTION
ACCESS CONTROL
• No access
• Encrypt
• Decrypt
• Backup
• Restore
• Superuser
impersonation
• Encryption
• Decryption
• Key Rotation
CRYPTOGRAPHIC OPERATIONS
BIG DATA ENCRYPTION
CLOUD MANAGEMENT TOOLS DOCKER CONTAINERS
CLOUD ENCRYPTION
Supports all public clouds
SafeNet ProtectFile: Common Use Cases
Protect data
in the cloud
Protect personally
identifiable information
Segregate departmental data
on servers
Enable separation of duties
Secure big data
implementations
Protection of data in
SQL/NoSQL databases,
mongoDB, and Cassandra
Protect high value information by replacing it with a
surrogate value, or “token”, that preserves the length
and format of the data
No changes necessary to applications, databases, or
legacy systems
Unlimited data type support
Broad token format support, including regular
expressions and customized formats
Granular access controls ensure only authenticated
users or systems can view protected tokens and data
Integrates with SafeNet KeySecure to provide:
Single, centralized interface for logging, auditing,
and reporting access to protected data, keys, and
tokens
SafeNet TokenizationAPPLICATION-LEVEL TOKENIZATION
Token Vault Databases Microsoft SQL Server
MySQL
Oracle
Cassandra
Application Servers IBM
SAP
Bea
Apache
Sun
Oracle
Java
JBoss
And more…
APIs Java
.NET
Web Services (SOAP, REST/JSON)
SUPPORTED PLATFORMS
Deployment Options
On-premises Cloud/Virtual
De-tokenization: Token is sent by application with request for plaintext value (Get Token)
Token is looked up
Corresponding ciphertext is decrypted and sent back to the application
Token Handling
Token generation: Plaintext (sensitive information) is sent by application with request for tokenization
Keyed hash is
generated using
hash key on KS
Lookup on hash
is performed
If hash exists:
Corresponding token is returned.
If no hash exists:
Token is generated
Value is encrypted
Token, cipher text, and hash
are written to the token vault
KeySecure
Protected Zone
Token Managers
Token Vault
AES 256
Versioned key
SafeNet Tokenization: Common Use Cases
Protect data
in the cloud
Secure financial data
Protect personally
identifiable informationMeet compliance and regulatory
mandates, specifically PCI DSS
Secure big data
implementations
Prevent exposure of
sensitive data in production
databases to non-
production environments
(testing, development,
staging, research, etc.)
Ensure secure virtualization and cloud migration by
encrypting the entire virtual machine, including
associated storage volumes (mapped drives), instances
(snapshots and backups), and partitions (system/OS,
data)
Maintain ownership and control of data and encryption
keys at all times
Authorize virtual machine instance launches with
ProtectV StartGuard
Track and report on key access to all copies of your data
Revoke key access in case of a breach
Integrates with SafeNet KeySecure to provide:
Single, centralized interface for logging, auditing,
and reporting access to protected data and keys
SafeNet ProtectVENCRYPTION OF ENTIRE VIRTUAL MACHINE
Public/Private Cloud
Amazon Web Services
Microsoft Azure
VMware
IBM Softlayer Cloud
SUPPORTED PLATFORMS
Deployment Options
Cloud/Virtual
SafeNet ProtectV Virtual Machine Encryption
SafeNet
ProtectV Manager
SafeNet
ProtectV Client
On-premises or Virtual
SafeNet
KeySecure
Crypto and
pre-boot services
Virtual Virtual
TLS* TLS
Secure
Channel
Protected
Volumes
Protected Volumes
Hypervisor
Centralized discovery
and management
Centralized key
management
*Transport Layer Security
ProtectV: Common Use Cases
Enable secure
cloud migration
Protect data against
lawful seizure
Meet compliance
and regulatory mandates
Enable separation of duties between
cloud service provider, storage,
security and other administrators
Support for hybrid
cloud environments
Native Database TDE – Transparent Database Encryption
04.01.2015
Oracle/SQL Server TDE
Transparent Tablespace / column encryption
SafeNet enhancements: Moves master keys into KeySecure, key
migration, audit trail
KeySecure
TDE
Application
Server
Database
Server
Insert Your Name
Insert Your Title
Insert Date
Thank you!