SafeNet ProtectAppAPPLICATION-LEVEL ENCRYPTION

Encrypt application data and keep it secure across its entire lifecycle – no matter where it is transferred, backed up, or copied

Rich application encryption and flexible key management interfaces

Broad standard and interface support, including web services

Easy deployment and management, including built-in key rotation and data re-keying

Built-in health checking and multi-tier load balancing

Secure authentication, granular authorization, and detailed logging and auditing

Large and growing ecosystem

Integrates with SafeNet KeySecure to provide:

Centralized administration of application encryption policy and keys

Ability to offload cryptographic processing to KeySecure for improved performance

Web Application Servers Apache Tomcat

IBM WebSphere

IBM AS/400

Jboss

Microsoft IIS

Oracle WebLogic

SAP NetWeaver

Sun ONE

And more…

Development Libraries/APIs Java, C/C++, .NET

XML open interface, KMIP standard

Web services, including SOAP

and REST

Cloud/Virtual Infrastructures All public cloud and virtual

environments, including Amazon

Web Services, Microsoft Azure, and

VMware

Certificates X509, PKCS1, PKCS8, PKCS12

Export, Import, Monitor

SUPPORTED PLATFORMS

Deployment Options

On-premises Cloud/Virtual

Application Level Encryption

Application Server Database Server

SafeNet

KeySecure

SafeNet

ProtectApp

SafeNet ProtectApp: Common Use Cases

Deploy a KMIP-enabled

key management solution

Protect data

in the cloud

Protect personally

identifiable information

Secure

intellectual property

Meet compliance

and regulatory mandates

SafeNet ProtectDBCOLUMN-LEVEL DATABASE ENCRYPTION

Encrypt column-level data in databases transparently in

multi-vendor database management systems

Define granular access controls by role, user, time of

day, and other variables

Prevent database administrators (DBAs) from

impersonating users with access to sensitive data

Increase security of sensitive data with seamless,

built-in key rotation and data re-keying

Secure communication, logging, and auditing

Multi-site support with built-in load balancer

Integrates with SafeNet KeySecure to provide:

Centralized key and policy management

Segregation of data and keys

Strong separation of duties

Ability to meet compliance mandates

Databases Oracle

Microsoft SQL Server

IBM DB2

Operating Systems Microsoft Windows

Linux

Solaris

HP-UX

AIX

IBM i/OS

SUPPORTED PLATFORMS

Cloud/Virtual Infrastructures All public cloud and virtual

environments, including Amazon

Web Services, Microsoft Azure, and

VMware

Deployment Options

On-premises Cloud/Virtual

Transparent Database Encryption

Application Server Database Server

SafeNet

KeySecure

SafeNet

ProtectDB

SafeNet ProtectDB: Common Use Cases

Protect data

in the cloud

Secure financial data

Protect personally

identifiable information

Meet compliance and regulatory

mandates, specifically PCI DSS

Transparent, comprehensive encryption for file

shares

and network drives (DAS, NAS and SAN)

Granular access controls to ensure only authorized

users or processes can view protected data

Prevent rogue administrators from impersonating

users with access to sensitive data

Easy and automated deployment in large

environments

Comprehensive logging and auditing capabilities

Deep and shallow key rotation

FIPS 140-2 strength AES algorithms

Integrates with SafeNet KeySecure to provide:

Centralized key and policy management

Segregation of data and keys

Strong separation of duties

Ability to meet compliance mandates

SafeNet ProtectFileFILE AND FOLDER ENCRYPTION

Operating Systems Microsoft Windows

Linux: Oracle, Red Hat Enterprise

Linux, SUSE, Ubuntu, AIX, Centos

Databases Oracle

mongoDB

Cassandra

IBM DB2

Microsoft: SQL Server, SharePoint

MySQL

PostgreSQL

Other Cloud Management: Chef

Containers: Docker

SUPPORTED PLATFORMS

Cloud/Virtual Infrastructures All public cloud and virtual

environments, including Amazon

Web Services, Microsoft Azure, and

VMware

Big Data Apache Hadoop

IBM InfoSphere BigInsights

Deployment Options

On-premises Cloud/Virtual

File System-level Encryption

ApplicationsFile Server

(On premises/Virtual/Cloud)

SafeNet

KeySecure

SafeNet

ProtectFile

ProtectFile Ecosystem Snippet

DATABASE ENCRYPTION

ACCESS CONTROL

• No access

• Encrypt

• Decrypt

• Backup

• Restore

• Superuser

impersonation

• Encryption

• Decryption

• Key Rotation

CRYPTOGRAPHIC OPERATIONS

BIG DATA ENCRYPTION

CLOUD MANAGEMENT TOOLS DOCKER CONTAINERS

CLOUD ENCRYPTION

Supports all public clouds

SafeNet ProtectFile: Common Use Cases

Protect data

in the cloud

Protect personally

identifiable information

Segregate departmental data

on servers

Enable separation of duties

Secure big data

implementations

Protection of data in

SQL/NoSQL databases,

mongoDB, and Cassandra

Protect high value information by replacing it with a

surrogate value, or “token”, that preserves the length

and format of the data

No changes necessary to applications, databases, or

legacy systems

Unlimited data type support

Broad token format support, including regular

expressions and customized formats

Granular access controls ensure only authenticated

users or systems can view protected tokens and data

Integrates with SafeNet KeySecure to provide:

Single, centralized interface for logging, auditing,

and reporting access to protected data, keys, and

tokens

SafeNet TokenizationAPPLICATION-LEVEL TOKENIZATION

Token Vault Databases Microsoft SQL Server

MySQL

Oracle

Cassandra

Application Servers IBM

SAP

Bea

Apache

Sun

Oracle

Java

JBoss

And more…

APIs Java

.NET

Web Services (SOAP, REST/JSON)

SUPPORTED PLATFORMS

Deployment Options

On-premises Cloud/Virtual

De-tokenization: Token is sent by application with request for plaintext value (Get Token)

Token is looked up

Corresponding ciphertext is decrypted and sent back to the application

Token Handling

Token generation: Plaintext (sensitive information) is sent by application with request for tokenization

Keyed hash is

generated using

hash key on KS

Lookup on hash

is performed

If hash exists:

Corresponding token is returned.

If no hash exists:

Token is generated

Value is encrypted

Token, cipher text, and hash

are written to the token vault

KeySecure

Protected Zone

Token Managers

Token Vault

AES 256

Versioned key

SafeNet Tokenization: Common Use Cases

Protect data

in the cloud

Secure financial data

Protect personally

identifiable informationMeet compliance and regulatory

mandates, specifically PCI DSS

Secure big data

implementations

Prevent exposure of

sensitive data in production

databases to non-

production environments

(testing, development,

staging, research, etc.)

Ensure secure virtualization and cloud migration by

encrypting the entire virtual machine, including

associated storage volumes (mapped drives), instances

(snapshots and backups), and partitions (system/OS,

data)

Maintain ownership and control of data and encryption

keys at all times

Authorize virtual machine instance launches with

ProtectV StartGuard

Track and report on key access to all copies of your data

Revoke key access in case of a breach

Integrates with SafeNet KeySecure to provide:

Single, centralized interface for logging, auditing,

and reporting access to protected data and keys

SafeNet ProtectVENCRYPTION OF ENTIRE VIRTUAL MACHINE

Public/Private Cloud

Amazon Web Services

Microsoft Azure

VMware

IBM Softlayer Cloud

SUPPORTED PLATFORMS

Deployment Options

Cloud/Virtual

SafeNet ProtectV Virtual Machine Encryption

SafeNet

ProtectV Manager

SafeNet

ProtectV Client

On-premises or Virtual

SafeNet

KeySecure

Crypto and

pre-boot services

Virtual Virtual

TLS* TLS

Secure

Channel

Protected

Volumes

Protected Volumes

Hypervisor

Centralized discovery

and management

Centralized key

management

*Transport Layer Security

ProtectV: Common Use Cases

Enable secure

cloud migration

Protect data against

lawful seizure

Meet compliance

and regulatory mandates

Enable separation of duties between

cloud service provider, storage,

security and other administrators

Support for hybrid

cloud environments

Native Database TDE – Transparent Database Encryption

04.01.2015

Oracle/SQL Server TDE

Transparent Tablespace / column encryption

SafeNet enhancements: Moves master keys into KeySecure, key

migration, audit trail

KeySecure

TDE

Application

Server

Database

Server

Insert Your Name

Insert Your Title

Insert Date

Thank you!