thank you for joining. your webinar will begin shortly....2019/05/15 · hpe 3par storeserv (disk...

Utimaco HSM Business Unit · Aachen, Germany · ©2019 hsm.utimaco.com

Thank you for joining.

Your webinar will begin shortly.


Utimaco Enterprise Secure Key Manager (ESKM)Simplifying Enterprise-Level Key Management

Manish Upasani (Senior Information Security Architect)

and Eriberto Velazquez (Professional Services Engineer)


▪ Lose your Keys

▪ Expose your keys

▪ Store Keys with Data

▪ Don’t Control or Log Access to Keys

➢Erase your Data!

➢Expose your Data!

➢ Intruder says “Thanks!”

➢Fail next Audit!

What-ifs

What can go wrong?


Threats and Risks

Disrupting the adversary ecosystem

Research

Our Enterprise

0010110100110110

10011

UtimacoSecurity Portfolio

Secure encryption keys with

consistent policy and controls

– at rest, in use, and in motion

Root of Trust for your

Enterprise

Trusted Security Partner in

Financial Services and Retail

Infiltration

Exfiltration

Discovery

Capture

Educate users / use

counter intelligence

Stop Adversary

Access

Find and remove

adversary

Plan to mitigate

damage

Secure the important

asset


What am I?

Key Manager

Secure

Available

Interoperable

Scalable

Manageable

▪ Meets NIST standards, validated to FIPS 140-2 Level 2, Common Criteria, SNIA

▪ Encrypts keys in transit and at-rest

▪ Certificate-based authentication and built-in CA

▪ Active-Active cluster

▪ Automatic key replication, retry, and client failover

▪ Highly redundant hardware

▪ Geographically separated clusters across datacenters

▪ Supports thousands of clients, and millions of keys

▪ Supports OASIS KMIP (Key Management Interoperability Protocol)

▪ No vendor lock-in

▪ Custom integrations using SDK

▪ Configuration and keys replicated across cluster automatically

▪ Hands-off administration, automated backups and audit logging


Ecosystem

Utimaco Enterprise Secure Key Manager (ESKM)

Key Use Cases

Key Verticals: Financial Services, Government, Healthcare, Comms / Retail / Manufacturing

Protect Sensitive

Data-at-Rest

Lower Costs of Media

Disposal or Re-use

Enable Central Key

Management

CC EAL2+

Common Criteria certified

for Level 2 appliance

FIPS 140-2 LEVEL 2

FIPS certified for Level 2

appliance

SSIF KMIP

Conformance Test

SNIA Storage Security

Industry Forum validated

commercial server

RSA Conference 2019 –

OASIS Interoperability

Showcase

Leading KMIP-compliant

commercial server

Meet Regulatory

Compliance

Certs and Standards

Utimaco ESKM Portfolio


ESKM provides layers of protection and recovery for mission-critical keys

Reliability, availability and recovery

Field-Proven Reliable Hardware & Software

Mirrored Disks, Dual Power, Dual NICs

Replication with 2-8 Node Clusters

Client-Side Multi-Site Failover

DR Restore from Backup


Utimaco’s Enterprise Key Management Vision

Unifying Data Protection

▪ Generate and Manage Encryption Keys Securely

▪ Protect Sensitive Data Wherever It Lives

▪ Meet Standards and

▪ Audit/Compliance

Disk, Tape, SAN, Devices

Cloud, Service Providers

Database, Applications

Scaleable, Reliable,

High Availability

FIPS 140-2 Level 2

PCI-DSS, Data Privacy

HIPAA/HITECH


Ports and Services

Inside ESKM

FIPS

Status

Server

Syslog

Server

SNMP

Agent

Health

Check

Server

SOCHP SIEM

Monitoring

9001

9000

9443

9081514 161

22

389

636

9080/9082

123

20

21

22

n/a

cert

cert

ESKM localCA

ESKM

Ports and

Services

Key

DB

KMS

Server

ESKM Clients/Users

Keys, Metadata

cert

TLS

cert cert

Cluster

Sync

ESKM Cluster

Keys, Users, Policies

cert

cert

Security Administrators

HTTPS

Admin

GUIAdmin

CLISerial

Port SSH

LDAP

Client

LDAPServer

NTP

Client

NTPServer

BackupServer

SSH/SCP

IT Services

5696

certKMIP

Servercert cert cert

TLS


Data-at-rest key management

ESKM Integrations

Management

ConsoleAuthentication &

authorization

sources (Active

Directory)

Business applications, data stores and processes

SIEM

Big Data

(Vertica,

Zettaset)

HPE Nonstop

Applications &

Databases

Web/Cloud

(HPE Helion /

OpenStack)

Disk and Tape

(3PAR, X7,

StoreEver,

StoreOnce)

Servers

(ProLiant)

ESKM Key Manager

(FIPS 140-2 Appliance)

ESKM Clustering

(2-8 Nodes)

Management

Console

HPE Portfolio Partner Ecosystem & KMIP-Compliant

Production

databasesMainframe

applications &

databases

3rd party

applicationsEnterprise

applications

3rd party SaaS

gateways


ESKM leads all others in KMIP compliance and interoperability

ESKM: industry’s broadest Key Management portfolio

HPE Security and Storage Solutions

• StoreEver Tape Library

• StoreServe 3PAR

• XP

• StoreEver

• StoreOnce

• XP Storage

• NonStop

• Secure Encryption (Proliant/smart array

controller)

• Helion (OpenStack Barbican + HPSE)

• SimpliVity/Hyper Converged

• Nimble

• MF Autonomy (Connected MX

Backup/Recovery)

ESKM KMIP Integrations

• Cryptsoft

• ETI-Net

• Fornetix

• Hitachi Vantara

• NetApp

• OpenStack community

• Project 6 Research

• ZettaSet

• Vmware

• MongoDB

• IBM DB2

• Spectra Logic

• Quantum

• Bloombase

• BDT

• Suse

• Brocade


ESKM leads in interoperability

KMIP Interoperable Integrations

SDKs

StoreSafe virtual applianceStorage proxy-based solution BACKBOX for NonStop

Virtual Tape Controller

Atalla Enterprise Secure Key Manager x 8

VSP and HUSHigh-end storage

systems

Big Data / NoSQLEncryption

Key Orchestratormiddleware

OpenstackBarbican


Server Profiles by Encoding

KMIP Interop Test Results 2019


ESKM Integrations

Integration with HPE Storage Portfolio

HPE 3PAR StoreServ(Disk and All-Flash Array)

HPE ProLiant Servers with built in Secure Encryption

HPE StoreEver Tape Libraries

HPE StoreOnce Backup

Enterprise Secure Key Manager x 8

HPE XP7 High End Storage

NonStopServers

BackBoxVirtual tape

PartnerSDKs

OpenstackBarbican

Connected MX


Protect your Keys wherever they Live

Defense in Depth


Portfolio

Utimaco Solutions

Utimaco Cloud Encryption (UCE)Bring your own keys to the Cloud

Enterprise Secure Key Manager (ESKM) Creates, serves, and protects encryption keys for enterprise key management

Utimaco CryptoServerGeneral Purpose HSM – Provides Root of Trust

Utimaco Atalla Hardware Security Module (HSM)Also known as Atalla Payments HSM – leading product in payments security

$


Protect your business-critical application keys

Summary

Value Proposition

• Centrally manages encryption keys at a global enterprise scale

• Separates keys from data to improve reliability and availability

• Automates key operations – backup, rotation, logging

Industry’s Broadest Key Management Portfolio

• HPE storage portfolio

• KMIP-compliant partner applications & pre-qualified devices

Get Started with ESKM today

• Virtual appliance or HW demo: easy to evaluate ESKM

• Easy deployment: install and configure nodes quickly

• Simple licensing: appliances, client licenses, support & services

• Highest availability: market-leading up to 8-node clustering

• Scales as you grow: 25K+ clients, 2M+ keys, KMIP 1.0-2.0


How do we lead?

Utimaco

Innovation Rock-solid security Trusted name

since 1972

$ Trillions

Utimaco Atalla secures 1 in 3 card

transactions; also processes billions of card

transactions annually

46 Patents

Creative engineers delivering security

inventions and driving security thinking

FIPS 140-2 validated Level 2, 3, and 4

Our Key Management Solutions are built for the highest

standards

…and we invented security that you can take for granted!!!

Q&A – send to All Panelists

Presenters: Manish Upasani and Eriberto Velazquez

Email: [email protected]

thank you for joining. your webinar will begin shortly....2019/05/15 · hpe 3par storeserv (disk...

Documents