Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE...

7/31/2019 Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

http://slidepdf.com/reader/full/security-policy-and-key-management-centrally-manage-encryption-keys-oracle 1/17

www.Vormetric.com

Security Policyand Key Management

Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.

Tina Stewart, Vice President of Marketing



Presentation Overview

Evolution of encryption

management systems

and integrated key

IT operations and

will then be examined

support challenges

Review of the future

compliance regulations

industry initiatives and

Conclude with brief

Vormetric Key Management

introduction to

Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 2



Importance of Enterprise Key Management


Two Types of Key Management Systems

Third PartyIntegrated

“ i The final encrypted solution has two parts:the encrypted data itself and the keys thatcontrol the encryption and decryptionprocesses. Controlling and maintaining the keys,therefore, is the most important part of

an enterprise encryption strategy.

Forrester Research, Inc., “Killing Data”, January 2012



IT Imperative: Secure Enterprise Data

Direct access to enterprisedata has increased the risk of misuse.

Attacks on mission criticaldata are getting moresophisticated.

Security breach results insubstantial loss of revenueand customer trust.

Compliance regulations(HIPAA, PCI DSS) mandatesimproved controls.

1 2

3 4

What is needed is a powerful, integrated solution

that can enable IT to Ensure the availability,

security, and manageability of encryption keys

Across the enterprise.

“

! A Data Breach Costs > $7.2M Per Episode

i

2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute




Enterprise Key Management 8 Requirements

Enterprise KeyManagement

Generation

Storage

Backup

Key StateManagement

Security

Auditing

Authentication

Restoration

Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.



Interoperability Standards

PKCS#11 EKM OASIS KMIP

Public Key CryptographicStandard used byOracle Transparent

Data Encryption (TDE)

Cryptographic APIs usedby Microsoft SQL server

to provide databaseencryption and secure

key management

Single comprehensiveprotocol defined by

consumers of enterprisekey management systems

!Even though vendors may agree on basic cryptographictechniques and standards, compatibility between keymanagement implementation is not guaranteed.




Complex management: Managing a

plethora of encryption keys in millions

Security Issues: Vulnerability of keys

from outside hackers /malicious insiders

Data Availability: Ensuring data

accessibility for authorized users

Scalability: Supporting multiple

databases, applications and standards

Governance: Defining policy-driven,

access, control and protection for data

Encryption Key Management Challenges


Disparate Systems

Different Waysof Managing

Encryption Keys



Industry Regulatory Standards


Gramm LeachBliley Act (GLBA)

U.S. Health I.T. forEconomic

and Clinical Health(HITECH) Act

Payment CardIndustry Data

Security Standard(PCI DSS)

Requires encryption keymanagement systems withcontrols and procedures formanaging key use andperforming decryptionfunctions.

Requires firms inUSA to publiclyacknowledge a databreech although itcan damage theirreputation.

Includes a breachnotification clausefor which encryptionprovides safe harborin the event of adata breach.



Vormetric Key Management Benefits

Minimize Solution Costs

Stores Keys Securely Provides Audit and Reporting

Manages Heterogeneous Keys / FIPS 140-2 Compliant

i VKM provides a robust, standards-based platform for

managing encryption keys. It simplifies management and

administrative challenges around key management to

ensure keys are secure.

“ Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 9



Vormetric Key Management Capabilities


Manage Vormetric

Encryption

Agents

Manage3rd Party Keys

VaultOther Keys

Create/Manage/Revoke

keys of 3rd party

encryption solutions

Provide Network HSM to

encryption solutions via PKCS#11 (Oracle 11gR2)

EKM (MSSQL 2008 R 2)

Provide Secure storage of

security material

Key Types:

Symmetric: AES, 3DES, ARIA

Asymmetric: RSA 1024, RSA

2048, RSA 4096

Other: Unvalidated security

materials (passwords, etc.).



Vormetric Key Management Components


Data SecurityManager (DSM)

Report onvaulted keys

Key Vault

Provides key management

services for:

Oracle 11g R2 TDE

(Tablespace Encryption)

MSSQL 2008 R2 Enterprise

TDE (Tablespace Encryption)

Licensable Option on DSM

Web based or API level

interface for import and

export of keys

Same DSM as used with all

VDS products

FIPS 140-2 Key Manager

with Separation of Duties

Supports Symmetric, Asymmetric, and Other

Key materials

Reporting on key types



TDE Key Architecture before Vormetric


Master Encryption keysare stored on the localsystem in a file with thedata by default.

TDE MasterEncryption Key

Local

Wallet or Table

Oracle / Microsoft TDE!



TDE Key Architecture after Vormetric


TDE MasterEncryption Key

Vormetric DSM acts as Network HSM for

securing keys for Oracle and Microsoft TDE

Vormetric Key Agent is installed on the

database server

S S L

C o n n e c t i o n

Key Agent

Oracle / Microsoft TDE



VKM Architecture-Key Vault


Asymmetric

Web GUI

Command Line / API

Supported Key Types:



Security Policy and Key Management

Protecting the enterprise’s valuabledigital assets from accidental orintentional misuse are key goals forevery IT team today

A centralized enterprise keymanagement solution is critical to

ensuring all sensitive enterprise data issecure and available.

Vormetric Key Management is the onlysolution today that can:

Minimize IT operational and support burdens forencryption key management,

Protect data without disrupting you business

Secure and control access to data across the

enterprise and into the cloud, and




Vormetric Key Management is the onlysolution today that can:

A centralized enterprise key managementsolution is critical to ensuring all sensitiveenterprise data is secure and available.

Protecting the enterprise’s valuable digitalassets from accidental or intentionalmisuse are key goals for every IT teamtoday

Security Policy and Key Management


“ i The final encrypted solution has two parts:the encrypted data itself and the keys thatcontrol the encryption and decryptionprocesses. Controlling and maintaining the keys,therefore, is the most important part of an enterprise encryption strategy.

Forrester Research, Inc., “Killing Data”, January 2012

Minimize IT operational and support burdens forencryption key management,

Secure and control access to data across theenterprise and into the cloud, and

Protect data without disrupting you business



www.Vormetric.com

Security Policyand Key Management

Centrally Manage Encryption Keys -Oracle TDE, SQL Server TDE and Vormetric.

Tina Stewart, Vice President of Marketing

Download Whitepaper

Click - to - tweet

http://www.vormetric.com/key82

http://clicktotweet.com/ja04O





Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE...

Documents

Transcript of Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE...