protecting enterprise data at rest: vormetric encryption architecture overview whitepaper to protect...
DESCRIPTION
This is an excerpt of Vormetric’s Encryption Architecture Overview Whitepaper: Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing More on subject : www.vormetric.com/datasecurity82 This Vormetric whitepaper discusses data security threats and related incidents, such as security breaches, which can be harmful to any organization operating online. It then goes on to explain the real risks to the enterprise data and how to make encryption successful. The whitepaper also discusses Vormetric encryption, which is a comprehensive solution for key management and encryption of data at rest. The whitepaper on Vormetric Encryption Architecture consists of brief introduction to two most important components of Vormetric Encryption i.e., Data Security Manager and Encryption Expert Agents. According to whitepaper, some of the advantages of using Vormetric Encryption solution are: • Encryption and Access Controls • Transparent Implementation • High Performance • Centralized Key and Policy Management • Strong Separation of Duties • Role-Based Administration and Domains • Scalability • Distributed IT Environments • High Availability • Fine-Grained AuditingTRANSCRIPT
www.Vormetric.com
Vormetric Encryption Architecture Overview
Protecting Enterprise Data at Rest with Encryption, Access Controls, and Auditing
Data is Your Business
Slide No: 2
!Data security breaches are harmful to any organization of any size.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 3
2012 DATA BREACH INVESTIGATION REPORTA study conducted by the Verizon RISK Team with cooperation from global policing agencies.
34% 35%94%
People
Servers People
Devices Servers
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Protect private and confidential info.
Slide No: 4
Global Compliance
PCI DSS
HITECH Act
UK Data Protection Act
South Korea’s PIPA
And more …
Server Defense-in-Depth Controls
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Data is Everywhere
Slide No: 5
Unstructured dataFile SystemsOffice documents,PDF, Vision, Audio & otherFax/Print ServersFile Servers
Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.)Application Server
Remote locations & systems
Storage & Backup SystemsSAN/NASBackup Systems
Data CommunicationsVoIP SystemsFTP/Dropbox ServerEmail Servers
Structured dataDatabase Systems(SQL, Oracle, DB2, Informix, MySQL)Database Server
Security & Other Systems(Event logs, Error logsCache, Encryption keys, & other secrets)Security Systems
!Data exists in different formats, states, and locations.Traditional Controls are not designed to secure it.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Data Security Simplified
Slide No: 6
TransparentMust be transparent to business processes, end users, and applications
Data type neutral – any data, anywhere
StrongPrivileged users should not have access to sensitive data
Firewall your data – approved users and applications allowed, deny all others.
EfficientSLA, User, and Application performance must remain acceptable
Encryption overhead can approach zero
EasyEasy to Understand
Easy to Implement
Easy to Manage
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Data Security
Slide No: 7
Encryption Agent
Unstructured
Encryption Agent
DatabaseSQL Server
2008 / 2012 TDE
Key Agent
Oracle 11gR2 TDE
Key Agent
Data Security Manager
Vormetric Key Vault
Vormetric Encryption
Vormetric Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.
Vormetric Encryption Architecture
Slide No: 8
Users
Application
Database
OS
File System
SAN, NAS, DAS Storage
FS Agent
Policy is used to restrict access to sensitive data by user and process information provided by the OS.
SSL/TLS
Protect Server Data
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved. Slide No: 9
DAS SAN NAS VM CLOUD
Log FilesPassword filesConfig FilesArchive
File ShareArchiveContentMulti Needs
Data FilesTransaction LogsExportsBackup
IIS APACHE WebLogic
DB2 Oracle SQL Sybase MySQL
File Servers FTP Servers Email Servers Others
Log FilesPassword filesConfig filesArchive
ERP CRM Payment CMS Custom Apps
We Secure The Data That Runs Your Business
Download Whitepaper
www.Vormetric.com
Vormetric Encryption Architecture Overview
Protecting Enterprise Data at Rest with Encryption, Access Controls, and Auditing