Security for What Matters

Most: Data & Identities

The digital world is transforming the way your

enterprise works

2

90%AMOUNT OF THE

WORLD’S DATA

CREATED IN

LAST TWO

YEARS1

23.6bnNUMBER OF

CONNECTED

DEVICES

BY 20203

35%AMOUNT OF ALL

CORPORATE

DATA STORED

IN THE

CLOUD2

1 IBM2 Ponemon Institute3 Cisco Visual Networking Index

Security solutions must align with current and

future business needs

More data

produced,

stored, &

shared

More networks, clouds, & devices

More advanced

threats

More risk of human error

More compliance &

regulatory mandates

The

Reality

The

Perception

94%

of enterprises say their perimeter security

technology is quite effective at keeping

unauthorized users out of their networks.

of enterprises aren’t confident their

data would be secure after a breach.

Source: 2017 Gemalto Data Security Confidence Index report

65%94%

Would your data be secure after a breach?

Attacks are overcoming traditional security

methods every minute

1,378,509,261Records exposed in 2016

As a result of

1,792data breaches globally

More than 95% of all data breaches involved data that was NOT ENCRYPTED

Number of records

compromised

3,776,738

EVERY DAY

2,623

EVERY MINUTE

157,364

EVERY HOUR

Source: 2016 Breach Level Index

44

EVERY SECOND

6

With no defined perimeter in the digital world, it’s time for a

fundamental shift in the security paradigm…

…by moving security closer to what

matters most – Data and Identities

7

SECUREACCESS AND

DEVICES

PROTECTDATA ACROSS

NETWORKS AND

THE CLOUD

What if you could centralize security across your

enterprise – at the edge and the core?

Move security beyond the perimeter to defend what’s

really under attack

ENCRYPT SENSITIVE DATA

• Secure data at rest and data in motion

• Secure data across cloud, virtual, and

on-premises environments

OWN & SECURE ENCRYPTION KEYS

• Manage key lifecycle

• Store keys securely

• Manage cryptographic resources

CONTROL ACCESS

• Manage and ensure appropriate access to

resources across enterprise environments

• Provide strong multi-factor authentication to

corporate resources

Secure your digital transformation with Gemalto

• Large enterprises

• Financial services

• Governments

• Healthcare organizations

• Retailers

• Cloud service providers

• Internet of Things

Digital Payments & Transactions

ComplianceThe Enterprise

Internet of Things Big Data

Cloud

Cloud Access

Management & SSO

Multi-factor Authentication

Encryption & Enterprise

Key Management

High Assurance Key

Protection

SE

CU

RIT

Y F

OR

: S

OLU

TIO

NS

:

OUR CUSTOMERS:

We provide trusted security for today’s industry leaders

10

8 of the

world’s

largest

retailers

14 of

the world’s

largest

banks

5 of the

world’s

largest

healthcare

providers

5 of the

world’s largest

cloud service

providers

10 of the

world’s largest

software

companies

12 of the

world’s largest

manufacturing

companies

Security delivered the way you want it

ENCRYPTIONKEY MANAGEMENT

AND PROTECTION

IDENTITY AND ACCESS

MANAGEMENT

• Data-at-rest encryption

• Data-in-motion encryption

• Enterprise key lifecycle management

• High assurance key protection

• HSM orchestration and crypto operations

• Access management

• Multi-factor authentication

• PKI credential management

Hybrid

On-PremisesHardware or Software

On DemandCloud-based | as-a-Service

CO

NS

UM

PT

ION

MO

DE

LS

UN

IFIE

D D

ATA

SE

CU

RIT

Y S

OL

UT

ION

S

Digital Payments &Transactions

Compliance EnterpriseSecurity

Internet ofThings

Big Data CloudPR

OT

EC

T

AN

YT

HIN

G

Integrated with the technologies you use everyday

CLOUD & SAAS APPS IAAS & PAAS

STORAGE

INTERNET OF THINGS

BIG DATA

BLOCKCHAIN

VPN ACCESS END POINT PROTECTION

DIGITAL SIGNING

VDI ACCESS

*Not a complete list of available integrations. Please contact us for more information.

Overcome your complex data security challenges

Centrally

manage

access and

secure data &

identities

Eliminate islands of security

Reduce costs

Define unified security policies

Ease compliance

Gain

portability

and control

ON

DE

MA

ND

Clo

ud-b

ase

d

SafeNet Data Protection Solutions

SafeNet KeySecureCentralized key lifecycle management

SafeNet Virtual KeySecureCentralized key lifecycle management available as a hardened

virtual appliance

SafeNet Luna HSMHigh assurance key protection

SafeNet Payment HSMHardware security module for financial transactions

SafeNet ProtectServerHardware security module for server & web apps

SafeNet CryptoCommand CenterHardware security module orchestration

SafeNet ProtectVFull disk encryption for VMs/cloud instances/bare metal servers

SafeNet ProtectFileFile system-level encryption

SafeNet ProtectAppApplication-level encryption

SafeNet ProtectDBColumn-level encryption

SafeNet TokenizationApplication-level tokenization

SafeNet High Speed EncryptorsHigh-assurance certified Layer 2 encryption

SafeNet HSM On DemandCryptographic key generation, storage, and management

SafeNet Key Management On Demand (Coming soon)KMIP and key brokering services

EncryptionKey Management & Crypto Operations

SafeNet Data Protection On Demand

ON

-PR

EM

ISE

SH

ard

wa

re &

So

ftw

are

SafeNet Identity and Access Management SolutionsC

RE

DE

NT

IAL

MA

NA

GE

ME

NT

• High Assurance Authentication

• Converged Badge

• Digital Signing

• Email Encryption

• Pre-boot Authentication

SafeNet Authentication Manager

SafeNet Authentication Client

SafeNet Authentication Service

SafeNet Trusted Access

• Identity As A Service

• Single Sign On

• Access Management• Authentication as a Service

• Context-based Authentication

Multi-factor

Authentication

AC

CE

SS

MA

NA

GE

ME

NT

What is GDPR?

• Updates 1995 EU Data Protection Directive• Adopted April 2016• Takes effect May 2018

The protection of natural persons in relation to the processing of personal data is a

fundamental right.

Expands Scope

Affects all companies doing business with individuals located in EU member nations

They need neither reside nor process data within the EU

GDPR applies wherever that is sent, processed or stored

12.10.17

Broadens Definitions

GDPR Defines Personal Data as:

Any information that can be used to identify directly or indirectlyan individual

Includes such identifiers as:• Name• Identification numbers• Location data• Online identifiers • Factors specific to the physical, physiological, genetic, mental,

economic, cultural or social identity of a person

12.10.17

The Challenge

GDPR will apply to

organizations that didn’t worry

about EU data before

Data that previously didn’t need

to be protected, will now need

to be protected

12.10.17

Your GDPR Data Security Obligations

12.10.17Title20

Data Control

12.10.17Title21

To preserve subjects’ privacy,

organizations must control their data.

Per GDPR, they must:

• Only process data for authorized use

• Ensure data accuracy and integrity

• Minimize subject identities’ exposure

• Implement data security measures

• Only process data for authorized

purposes

Data Security

12.10.17Title22

GDPR puts security at the service of

privacy. To preserve subjects’ privacy,

organizations must implement:

• Safeguards in order to keep data

for additional processing

• Data protection by design as a

default

• Security as a contractual

requirement

• Encryption or pseudonymization

• Security in response to risk their

assessment

Right to Erasure

12.10.17Title23

Subject data cannot be kept

indefinitely. GDPR requires

organizations to completely erase

data from all repositories when:

• A data subject revokes their

consent (‘Right to be forgotten’)

• A partner organization requests

data deletion

• A service or agreement comes to

an end

Risk Mitigation and Due Diligence

12.10.17Title24

Organizations must assess risks to

privacy/security and demonstrate they’re

mitigating their risks.

They must:

• Conduct a full risk assessment

• Implement measures to ensure and

demonstrate compliance

• Proactively help third-party

partners/customers comply

• Demonstrate full data control

Breach Notification

12.10.17Title25

When a security breach threatens the

rights and privacy of a data subject,

organizations need to notify customers

and/or supervisory authorities.

They must:

• Notify supervisory authority within 72

hours

• Describe the data breach’s

consequences

• Communicate breach directly to data

subjects

12.10.17Title26

Depending on the violation, fines may

range from €10 million to 4 % of the total

global profit - whichever is higher.

Supervisory authorities will base

penalty on:

• Level of negligence involved

• Steps taken to mitigate damage and

risk

Fines and Penalties

Where to Begin?

12.10.17Title27

A 6 Step Approach to Complying

Understand GDPR /

Legal Framework

Create road map /

Data registerData classification

Start with top priorities

• Procedures &

Policies

• Data protection

Assess & document

other risksRevise & repeat

Gemalto’s Solution to the GDPR

Challenge

12.10.17Title29

The SafeNet Portfolio’s Three Pillar

Approach

Encryption restricts access and processing to authorized

users. It maintains the data’s integrity

Encryption and key management satisfy…

12.10.17Title31

Data

Control

Data

Security

Right to

Erasure

Breach

Notification

Due

Diligence

Key management records encryption usage to produce the

logs that demonstrate GDPR compliance.

Encryption and key management satisfy…

12.10.17Title32

Data

Control

Data

Security

Right to

Erasure

Breach

Notification

Due

Diligence

Encryption attaches security directly to the data itself to

keep it safe in the event of a security breach

Encryption and key management satisfy…

12.10.17Title33

Data

Control

Data

Security

Right to

Erasure

Breach

Notification

Due

Diligence

Encrypted data is not subject to breach notification

requirements

Encryption and key management satisfy…

12.10.17Title34

Data

Control

Data

Security

Right to

Erasure

Breach

Notification

Due

Diligence

Encrypting data and deleting the key completely deletes

data to honor the Right to be Forgotten

Encryption and key management satisfy…

12.10.17Title35

Data

Control

Data

Security

Right to

Erasure

Breach

Notification

Due

Diligence

Strong authentication restricts access to networks

containing subject data to authorized users only

Multi-factor Authentication satisfies…

Title36

Data

Control

Due

Diligence

Authentication management tools record data access

usage to produce the logs that demonstrate compliance.

Multi-factor Authentication satisfies…

Title37

Data

Control

Due

Diligence

The SafeNet Portfolio

12.10.17Title38

Multi-factor Authentication Placeholder

12.10.17Title39

Encryption and Key Management

12.10.17Title40

Taking Customers to a Unified Approach

41

File Servers

Applications

& Web Servers

SQL & NoSQL

Databases

Mainframes

Storage

Backup Media

• Costly & Complex Administration

• Inconsistent Security Policy

Enforcement

• No Repeatable Process

• Inhibited Data & Business

Workflow

• Audit Challenges

Today – Silos

UNIFIED DATA

PROTECTION

PLATFORM

COMPLIANCE

CRYPTO

FOUNDATION

SECURITY

KEY

MANAGEMENTPOLICY

MANAGEMENT

CLOUDON-PREMISES

VIRTUAL

• Single Vendor

• Centrally Defined & Managed

Security

• Strong Compliance & Low Audit

Cost

• Increased Security, Business

Agility, & Lower IT Costs

Tomorrow - Unified

Data Security: Best Practices

Confidential and Proprietary | For Internal Gemalto Use

Only42

Separate key management

from encryption/tokenization

• Encrypt or Tokenize

• Apply Access Controls

Secure Data

• Manage Key Lifecycle

• Apply Access Controls

Protect Keys

Data Protection: A Three Step Approach

Confidential and Proprietary | For Internal Gemalto Use Only43

(DAS, SAN, NAS,

HDFS)(SQL & NoSQL) (Application servers) (Cloud Servers

and Virtual Machines)

File Servers Databases Applications Public Cloud

• Centralized Key Management (Generation, Rotation, Expiration, etc.)

• Audit reporting and compliance management

• Separation of duties – Encryption keys decoupled from data

• File/Folder/Share-level encryption

• Database level encryption

• Application level encryption

• Virtual machine encryption

• Tokenization

+ Access Control

Customer-Controlled Key Management

KeySecureOn-premises

Virtual KeySecureCloud/Virtual environments

ProtectDBTransparent column level encryption

ProtectFileTransparent database file encryption

ProtectAppApplication level encryption

TokenizationApplication level tokenization

TDETransparent data encryption

SQL Database Encryption NoSQL Database

ProtectFileTransparent database file encryption

TokenizationApplication level tokenization

ProtectAppApplication level encryption

ProtectFileTransparent file encryption at the

file-system level

ProtectAppAPIs perform data encryption at

the application level

File/Folder/Share Encryption

(DAS/NAS/SAN)

44

Transform UtilityBulk encryption of structured file

Cloud Storage

Encryption Gateway (CSEG)File & Object encryption gateway

ProtectVTransparent database file

ProtectVTransparent FDE

ProtectVTransparent FDE

Identify the Architecture: The Right Tool for the Right Job

Works in Physical, Virtual, and Cloud Environments

ProtectApp

• IBM

• BEA Systems

• Sun Microsystems

• The Apache

Software

Foundation

• Oracle

• Java

• Jboss

ProtectDBTokenization

ProtectFileProtectV

Ecosystem

• IBM DB2

• Oracle Database

• Microsoft

SQL Server

• IBM

• SAP Software

Solutions

• BEA Systems

• The Apache

Software

Foundation

• Sun Microsystems

• Oracle

• Java

• Jboss

• IBM DB2

• Oracle Database

• Microsoft SQL Server

• Linux

• Samba

• Windows Server

• Novell

• Apache Hadoop

• Cassandra

• mongoDB

• Microsoft SharePoint

• Amazon EC2 & S3

• Chef

• Docker

• Amazon Web

Services

• VMware

• IBM SoftLayer

• Microsoft Azure

• Multiple programming languages

• SOAP and REST interfaces

• OPEN XML interface

• KMIP interface

• Tape Libraries

• Storage

• Cloud gateways

• Databases

• Applications

KeySecure Platform

Distributed Key Management

Apps | GW | Tape

Disk | KMIP | TDE

Virtual

MachinesFile Servers

& Shares

Application

ServersDatabases

Web and

Application

Servers

• Key and crypto engine

• Authentication and authorization

• Key lifecycle management

• SNMP, NTP, SYSLOG

Gemalto SafeNet Data Protection Solutions

Confidential and Proprietary | For Internal Gemalto Use Only45

PARTNERSHIPS

Holistic Enterprise Data Protection Framework

ECOSYSTEM

• Amazon Web Services

• Microsoft Azure HP

Dell

NetApp Storage

Chef

Docker

Oracle

Microsoft SQL

IBM DB2

MySQL

MongoDB

Cassandra

Apache Hadoop

IBM BigInsights

IBMz – mainframes

IBMi – AS400

NoSQL

Databases

SQL

Databases

Storage

Archive Tapes

Files, Folders & Shares -

DAS/NAS/SAN

Big Data P-to-NonP

Tokenization

Application

EncryptionCloud Public

& Private

Application Key

Management

ERP & CRMPOINTS OF

PROTECTION

ENCRYPTION &

TOKENIZATION

SafeNet

ProtectApp

SafeNet

ProtectDB

SafeNet

ProtectFile

SafeNet

Tokenization

Database Native TDE

Transform

Utility

Bulk

Tokenization

Web Services

SafeNet KeySecure

ENTERPRISE

KEY MANAGEMENT

Hardware Security Modules (HSM)

12.10.17Title47

Render Data Useless in

Case of Attack

Strong encryption key protection and ownership are

critical

Secure your data and ensure it

useless in case of a

cyber attack

Strong Key Storage in Hardware -

Not Software

Hardware Root of Trust

for your master

cryptography keys

High assurance,

tamper-resistant hardware

appliances

FIPS-140-2 Level 3-

validation protection

Flexible, Secure

Deployment Options

Deployed in more public

cloud environments than any other

HSM

On-premises, private, public,

hybrid and multi-cloud

environments

Help Achieve Compliance

Simplify auditing

process and reduce costs

Preserve the integrity of your data

Delete encryption keys and

render data useless

Reduce Legal and

Reputation liabilities

Trust HSMs to…

Securely generate and

store cryptographic

keys

Centrally control and

manage keys

Enforce security policies

Perform crypto operations securely

Render critical keys and data inaccessible

Strongest

Protection

Against a

Cyberattack

Enhance

Compliance

& Simplify

Audits

Secure Cloud,

Hybrid &

On-premises

Environments

Always

Store Your

Keys in

Hardware

FIPS-140

Level 3

Protect

Against Data

Breaches

SafeNet Luna HSMs benefits

12.10.17Title48

Crypto Keys Remain in Hardware

High assurance,

FIPS-validated key

vault

Keys never leave the hardware appliance

Keep key safe from

breach, unlike alternative

keys in software solutions

High Performance

Three performance models to suit

your needs

Up to 20,000 ECC

transactions per second

Route to Cloud

De facto HSM for the cloud

Centrally manage

HSMs in the cloud, hybrid cloud, and

on-premises

Broad Ecosystem of Partners

Over 400 partners and

solutions

Plug-and-play documented integrations for leading use cases

Extend HSM TCO

Develop applications

on a common SDK that integrates

with all form factors

Improve compliance & audit process

with centralized

management & reporting

Delegated administration

model enables HSMaaS

Emerging Technologies

Capitalize on emerging

technologies:

Internet of Things (IoT)

Blockchain

Bitcoin

More…

Ease of Use with SafeNet

Crypto Command

Center

Centrally manage crypto

resources

Provide on-demand

provisioning in minutes

vs.days

Enforce security &

consistency with custom, repeatable

policy templates

12.10.17Title49

A full portfolio to address even complex GDPR

challenges according to your needs

Stay in control. You choose what happens to you data

and your customers’ privacy

Side step breach notification obligations

Avoid heavy penalties in the case of a security breach

GDPR Compliance with Gemalto

Thank you!

12.10.17Title50