© 2009 pgp corporation confidential state of key management brian tokuyoshi solution manager
TRANSCRIPT
![Page 1: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/1.jpg)
© 2009 • PGP Corporation • Confidential
State of Key Management
Brian TokuyoshiSolution Manager
![Page 2: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/2.jpg)
© 2009 • PGP Corporation • Confidential
Challenges
• Regulation and security concerns drive the need for encryption everywhere– Tight deadlines place emphasis on the goal, and not best practice
• Each new encryption technology introduces new key management challenges– Yet another system to manage
– Building consistent policy enforcement gets harder and harder
• eDiscovery is the opposite of regulation– Data is being encrypted without consideration of how fast it must be
recovered
• Each operations group handles key management differently
• Many different trust models, many different types of keys
2
![Page 3: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/3.jpg)
© 2009 • PGP Corporation • Confidential
How key management problems affect businesses
Administrative costs
• Major online retailer takes 4 weeks to perform manual key audit for compliance. Audit required twice a year.
Accountability
• CIO/CSO held accountable for data protection but lacks visibility
• GAO report on federal deployment
Business Continuity
• Major bank – Retail branches could not open for 4 hours
• Numerous sites – Customers locked out from online services
3
![Page 4: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/4.jpg)
© 2009 • PGP Corporation • Confidential
Different Trust Models for Different Uses
4
Company A Company B
User User
Company A Company B
User1 User2 User1 User2
Point to Point TrustSecure File TransferOne to One, One to Many
Cross CertificationS/MIME EmailMany to Many
Company A Company B
HierarchySSL CertificatesAnyone
3rd Party CA
![Page 5: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/5.jpg)
© 2009 • PGP Corporation • Confidential
Reality Check
5
Company B Company CCompany A
Point to Point
Cross Certify
• Businesses use mixed trust models today
• No easy way to migrate from one model to another
• Can’t force an architecture onto another company
Internal Hierarchy
3rd Party CA
![Page 6: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/6.jpg)
© 2009 • PGP Corporation • Confidential
The Growing Need
Compliance!
Data Breaches!
Security
EncryptionEncryption
EncryptionEncryption
EncryptionEncryption
Problem Solved?Problem Solved?
![Page 7: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/7.jpg)
© 2009 • PGP Corporation • Confidential
The Growing Need
Compliance!
Data Breaches!
Security
EncryptionEncryption
EncryptionEncryption
EncryptionEncryption
Key Management
Key Management
![Page 8: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/8.jpg)
© 2009 • PGP Corporation • Confidential 8
Common Problems with Keys
Networks
Backend Applications
Clients
Hardware
Banking and Retail Hardware
ATM PoS EMV
Databases Application Servers
Web Servers
Mail Servers
CRM
WiFiVPN
Wireless KeysSSL / TLS Keys
Disk Encryption KeysAuthentication Keys
TPM Keys
Encryption KeysAuthentication Keys
Data Encryption KeysApplication KeysSSL / TLS Keys
Transport KeysAuthentication Keys
Transaction Keys
Manual Management
Help Desk and Recovery
Policy Requirements
Key Rotation/Key Archiving
Validation and Rotation
![Page 9: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/9.jpg)
© 2009 • PGP Corporation • Confidential 9
Networks
Backend Applications
Clients
Hardware
Banking and Retail Hardware
Addressing the Problem
ATM PoS EMV
Provisioning
Storage
Auditing and Reporting
Lifecycle Management
Policy Enforcement
Discovery
Key ManagementWiFiVPN
Wireless KeysSSL / TLS Keys
Disk Encryption KeysAuthentication Keys
TPM Keys
Encryption KeysAuthentication Keys
Data Encryption KeysApplication KeysSSL / TLS Keys
Transport KeysAuthentication Keys
Transaction Keys
Databases Application Servers
Web Servers
Mail Servers
CRM
![Page 10: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/10.jpg)
© 2009 • PGP Corporation • Confidential
With PGP Key Management
User 1 Keys
User 2 Keys
User 3 Keys
User 4 Keys
Key Management Services
User 1 User 2 User 3 User 4
File Email Disk
Before and After
Without Key Management
User 1 User 2 User 3 User 4
File Email Disk
10
![Page 11: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/11.jpg)
© 2009 • PGP Corporation • Confidential
What’s Needed in a Key Management System
What’s needed
• Open standards support
• Support for APIs, Protocols and Agents
• Support for multiple key types
• Support for multiple trust models
• Highly Scalable
• Highly Secure
• Proven
11
![Page 12: © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager](https://reader036.vdocuments.net/reader036/viewer/2022081519/56649e9a5503460f94b9cf40/html5/thumbnails/12.jpg)
© 2009 • PGP Corporation • Confidential 12
Q&AThank You