thank you for joining. your webinar will begin shortly....2019/05/15 · hpe 3par storeserv (disk...
TRANSCRIPT
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 1
Thank you for joining.
Your webinar will begin shortly.
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 2
Utimaco Enterprise Secure Key Manager (ESKM)Simplifying Enterprise-Level Key Management
Manish Upasani (Senior Information Security Architect)
and Eriberto Velazquez (Professional Services Engineer)
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 3
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 4
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 5
▪ Lose your Keys
▪ Expose your keys
▪ Store Keys with Data
▪ Don’t Control or Log Access to Keys
➢Erase your Data!
➢Expose your Data!
➢ Intruder says “Thanks!”
➢Fail next Audit!
What-ifs
What can go wrong?
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 6
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 7
Threats and Risks
Disrupting the adversary ecosystem
Research
Our Enterprise
0010110100110110
10011
UtimacoSecurity Portfolio
Secure encryption keys with
consistent policy and controls
– at rest, in use, and in motion
Root of Trust for your
Enterprise
Trusted Security Partner in
Financial Services and Retail
Infiltration
Exfiltration
Discovery
Capture
Educate users / use
counter intelligence
Stop Adversary
Access
Find and remove
adversary
Plan to mitigate
damage
Secure the important
asset
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 8
What am I?
Key Manager
Secure
Available
Interoperable
Scalable
Manageable
▪ Meets NIST standards, validated to FIPS 140-2 Level 2, Common Criteria, SNIA
▪ Encrypts keys in transit and at-rest
▪ Certificate-based authentication and built-in CA
▪ Active-Active cluster
▪ Automatic key replication, retry, and client failover
▪ Highly redundant hardware
▪ Geographically separated clusters across datacenters
▪ Supports thousands of clients, and millions of keys
▪ Supports OASIS KMIP (Key Management Interoperability Protocol)
▪ No vendor lock-in
▪ Custom integrations using SDK
▪ Configuration and keys replicated across cluster automatically
▪ Hands-off administration, automated backups and audit logging
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 9
Ecosystem
Utimaco Enterprise Secure Key Manager (ESKM)
Key Use Cases
Key Verticals: Financial Services, Government, Healthcare, Comms / Retail / Manufacturing
Protect Sensitive
Data-at-Rest
Lower Costs of Media
Disposal or Re-use
Enable Central Key
Management
CC EAL2+
Common Criteria certified
for Level 2 appliance
FIPS 140-2 LEVEL 2
FIPS certified for Level 2
appliance
SSIF KMIP
Conformance Test
SNIA Storage Security
Industry Forum validated
commercial server
RSA Conference 2019 –
OASIS Interoperability
Showcase
Leading KMIP-compliant
commercial server
Meet Regulatory
Compliance
Certs and Standards
Utimaco ESKM Portfolio
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 10
ESKM provides layers of protection and recovery for mission-critical keys
Reliability, availability and recovery
Field-Proven Reliable Hardware & Software
Mirrored Disks, Dual Power, Dual NICs
Replication with 2-8 Node Clusters
Client-Side Multi-Site Failover
DR Restore from Backup
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 11
Utimaco’s Enterprise Key Management Vision
Unifying Data Protection
▪ Generate and Manage Encryption Keys Securely
▪ Protect Sensitive Data Wherever It Lives
▪ Meet Standards and
▪ Audit/Compliance
Disk, Tape, SAN, Devices
Cloud, Service Providers
Database, Applications
Scaleable, Reliable,
High Availability
FIPS 140-2 Level 2
PCI-DSS, Data Privacy
HIPAA/HITECH
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 12
Ports and Services
Inside ESKM
FIPS
Status
Server
Syslog
Server
SNMP
Agent
Health
Check
Server
SOCHP SIEM
Monitoring
9001
9000
9443
9081514 161
22
389
636
9080/9082
123
20
21
22
n/a
cert
cert
ESKM localCA
ESKM
Ports and
Services
Key
DB
KMS
Server
ESKM Clients/Users
Keys, Metadata
cert
TLS
cert cert
Cluster
Sync
ESKM Cluster
Keys, Users, Policies
cert
cert
Security Administrators
HTTPS
Admin
GUIAdmin
CLISerial
Port SSH
LDAP
Client
LDAPServer
NTP
Client
NTPServer
BackupServer
SSH/SCP
IT Services
5696
certKMIP
Servercert cert cert
TLS
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 13
Data-at-rest key management
ESKM Integrations
Management
ConsoleAuthentication &
authorization
sources (Active
Directory)
Business applications, data stores and processes
SIEM
Big Data
(Vertica,
Zettaset)
HPE Nonstop
Applications &
Databases
Web/Cloud
(HPE Helion /
OpenStack)
Disk and Tape
(3PAR, X7,
StoreEver,
StoreOnce)
Servers
(ProLiant)
ESKM Key Manager
(FIPS 140-2 Appliance)
ESKM Clustering
(2-8 Nodes)
Management
Console
HPE Portfolio Partner Ecosystem & KMIP-Compliant
Production
databasesMainframe
applications &
databases
3rd party
applicationsEnterprise
applications
3rd party SaaS
gateways
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 14
ESKM leads all others in KMIP compliance and interoperability
ESKM: industry’s broadest Key Management portfolio
HPE Security and Storage Solutions
• StoreEver Tape Library
• StoreServe 3PAR
• XP
• StoreEver
• StoreOnce
• XP Storage
• NonStop
• Secure Encryption (Proliant/smart array
controller)
• Helion (OpenStack Barbican + HPSE)
• SimpliVity/Hyper Converged
• Nimble
• MF Autonomy (Connected MX
Backup/Recovery)
ESKM KMIP Integrations
• Cryptsoft
• ETI-Net
• Fornetix
• Hitachi Vantara
• NetApp
• OpenStack community
• Project 6 Research
• ZettaSet
• Vmware
• MongoDB
• IBM DB2
• Spectra Logic
• Quantum
• Bloombase
• BDT
• Suse
• Brocade
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 15
ESKM leads in interoperability
KMIP Interoperable Integrations
SDKs
StoreSafe virtual applianceStorage proxy-based solution BACKBOX for NonStop
Virtual Tape Controller
Atalla Enterprise Secure Key Manager x 8
VSP and HUSHigh-end storage
systems
Big Data / NoSQLEncryption
Key Orchestratormiddleware
OpenstackBarbican
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 16
Server Profiles by Encoding
KMIP Interop Test Results 2019
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 17
ESKM Integrations
Integration with HPE Storage Portfolio
HPE 3PAR StoreServ(Disk and All-Flash Array)
HPE ProLiant Servers with built in Secure Encryption
HPE StoreEver Tape Libraries
HPE StoreOnce Backup
Enterprise Secure Key Manager x 8
HPE XP7 High End Storage
NonStopServers
BackBoxVirtual tape
PartnerSDKs
OpenstackBarbican
Connected MX
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 18
Protect your Keys wherever they Live
Defense in Depth
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 19
Portfolio
Utimaco Solutions
Utimaco Cloud Encryption (UCE)Bring your own keys to the Cloud
Enterprise Secure Key Manager (ESKM) Creates, serves, and protects encryption keys for enterprise key management
Utimaco CryptoServerGeneral Purpose HSM – Provides Root of Trust
Utimaco Atalla Hardware Security Module (HSM)Also known as Atalla Payments HSM – leading product in payments security
$
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 20
Protect your business-critical application keys
Summary
Value Proposition
• Centrally manages encryption keys at a global enterprise scale
• Separates keys from data to improve reliability and availability
• Automates key operations – backup, rotation, logging
Industry’s Broadest Key Management Portfolio
• HPE storage portfolio
• KMIP-compliant partner applications & pre-qualified devices
Get Started with ESKM today
• Virtual appliance or HW demo: easy to evaluate ESKM
• Easy deployment: install and configure nodes quickly
• Simple licensing: appliances, client licenses, support & services
• Highest availability: market-leading up to 8-node clustering
• Scales as you grow: 25K+ clients, 2M+ keys, KMIP 1.0-2.0
Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com Page 21
How do we lead?
Utimaco
Innovation Rock-solid security Trusted name
since 1972
$ Trillions
Utimaco Atalla secures 1 in 3 card
transactions; also processes billions of card
transactions annually
46 Patents
Creative engineers delivering security
inventions and driving security thinking
FIPS 140-2 validated Level 2, 3, and 4
Our Key Management Solutions are built for the highest
standards
…and we invented security that you can take for granted!!!
Q&A – send to All Panelists
Presenters: Manish Upasani and Eriberto Velazquez
Email: [email protected]