Upload File

your cloud or mine? exploring data security in the cloud · 3 revenue ~$330m we control access to...

  • Home
  • Documents
  • Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected
32
1 © SafeNet Confidential and Proprietary Your Cloud or Mine? Exploring Data Security in the Cloud Marko Bobinac PreSales Engineer CEE, Russia and CIS CSA-CEE SUMMIT Ljublujana, 23.10.2013

Upload: others

Post on 08-Jul-2020

1 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

1 © SafeNet Confidential and Proprietary

Your Cloud or Mine?

Exploring Data Security in the Cloud

Marko Bobinac

PreSales Engineer CEE, Russia and CIS

CSA-CEE SUMMIT Ljublujana, 23.10.2013

Page 2: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

2

Agenda

Introduction

Context

Regaining Control

Kill the data – the right way

A Closing Thought

Page 3: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

3

REVENUE

~$330m

We control access to the most sensitive

corporate information– more than 35 million

identities protected via tokens, smartcards,

and mobile devices managed on-premise and in

the cloud.

We protect the most money that moves–over

80% of the world’s intra-bank fund

transfers and nearly $1 trillion per day.

We are the de facto root of trust–deploying

more than 86,000 key managers and

protecting up to 750,000,000 encryption

keys.

We monetize the most high-value software–

more than 100 million license keys protect and

manage on-premise, embedded, and cloud

applications globally.

GLOBAL FOOTPRINT

+25,000 customers in 100 countries

ACCREDITED

Products certified to the highest

security standard

130+ FIPS Certificates

EMPLOYEES

+1,400

550+ Crypto Engineers

FOUNDED

1983

Page 4: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Insert Your Name

Insert Your Title

Insert Date

Context

Page 5: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

5

A Modern Pantheon of Adversary Classes

Methods

“MetaSploit” DoS Phishing Rootkit SQLi Auth Exfiltration Malware Physical

Impacts

Reputational Personal Confidentiality Integrity Availability

Target Assets

Credit Card #s Web

Properties Intellectual

Property PII / Identity

Cyber Infrastructure

Core Business Processes

Motivations

Financial Industrial Military Ideological Political Prestige

Actor Classes

States Competitors Organized

Crime Script

Kiddies Terrorists “Hactivists” Insiders Auditors

http://www.slideshare.net/DavidEtue/adversary-roi-evaluating-security-from-the-threat-actors-perspective

Page 6: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

6

Optimizing Information Security

Is a Multi-Faceted Challenge

Technology

Threats

Customers Needs

Regulators (Compliance)

Business Needs

Page 7: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

7

Financial: 70% Reduction in IT

Infrastructure spend (VMware)

Quality: Automation reduces the

volume of incidents by 27%, and event

and incident handling time by 40% (VMware)

Agility: Provisioning in minutes (from

weeks!)

The Value of Cloud is Real

Page 8: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

8

The Control Continuum

Dictator Surrender

Page 9: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Challenges of Data Ownership

in the Cloud

9

Agile.

Now.

On demand.

Simple.

Secure?

Page 10: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

10

And Not Just The Traditional “Bad Guys"

Sensitive Data in

the Cloud

Adversaries

Government Discovery

Cloud Administrators

Auditors / Regulators

Page 11: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Insert Your Name

Insert Your Title

Insert Date

Regaining Control

Secure the Breach

11

Page 12: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

SafeNet ‘Secure Breach’ Survey…. February 2013

31% admitted that their

perimeter has been breached

20% were not sure if they’d been

breached.

38% believe unauthorized users

currently have access to their

networks.

65% think they will suffer a data

breach within 3 years

59% believe if their perimeter is

breached, their data would not be

safe.

20% wouldn’t trust their own

company with their personal data….

Most organizations

are trying to deploy

“traditional”

security controls in

cloud and virtual

environments… but

were the controls

even effective then?

Page 13: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Time to Secure the Breach

Breach Prevention Era

Secure Breach Era

Page 14: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

A new prescription for the

“Secure Breach” era

• Its time to try something new…

Introspection

• You can’t prevent a perimeter breach…

Acceptance

• Know your enemies and what they are after…

Understanding

• Protect What Matters…THE DATA!

Action

Page 15: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Key Enablers to the Secure Breach

Encryption (and Key Management)

Identity and Access Management with Strong Authentication

Segmentation

Privilege User Management

Detection and Response Capabilities

Asset, Configuration, and Change Management

Page 16: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Virtual Instances

Virtual Storage

Protect V Manager Virtual Appliance

Data Secure Appliance

Applications

Databases Mainframes

File Servers

**##**

Tokenization

Cryptography

as an IT Service

16

Storage Secure Appliance

File Shares

Network

Storage

Tape

Backups

Management

Center

L2 High Speed

Encryptors

Nat. IDs AMI

Metering E-Signatures

E-Passports

Certificate Infrastructures

Authentication

Manager (On-Premise or Cloud)

HSM Appliance

3rd Party

Technologies KMIP

Protect Cloud

&Virtual Infrastructure

Protect

Data Centers

Protect Storage

Protect

Data Transfer

Protect

Identities

Protect

Infrastructure

Page 17: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Insert Your Name

Insert Your Title

Insert Date

Simply kill the data – the right way

Use cases

Page 18: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Transparent “Bump in the Wire” Encryption

18

Executive

Storage

Partitioned Data

HR

Finance

Sales

\\storage\finance

\\storage\sales

Page 19: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Transparent “Bump in the Wire” Encryption

19

Executive

Storage

Isolated Data

HR

Finance

Sales

\\storage\finance

\\storage\sales Windows AD / LDAP

Page 20: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Use Case: Compliant Data Protection

(cluster/ failover)

SalesForce.com Intellectual

Property

Clients

CMS Off

Premise

On

Premise

HR

Page 21: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Use Case: Privileged User Risk Mitigation

Administrator

Isolated data Users

Storage

Page 22: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Use Case: Archival Protection

Storage Storage

Primary Secondary Networked

Applications

Mobile

Workers

Corporate

Offices

Military

Applications

web

App

DB

Page 23: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Customer Use Case: Encrypted Data to

Amazon S3

23

Sensitive or PII Data

StorageSecure &

AWS iSCSI Gateway

Page 24: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Customer Use Case:

Encrypted Objects as an Archive

24

Cloud Service Provider Sensitive or PII Data

Protect App &

DataSecure

Page 25: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

KeySecure /

DataSecure 3

ProtectV Manager 2

ProtectV Client 1

Virtual Machines

ProtectV Client is installed

on your VMs.

ProtectV Manager is a virtual

machine that runs as a VM in a

VMware environment.

KeySecure / DataSecure is a hardware-based high-assurance

enterprise key management solution. It is also available as the virtual

appliance.

Protected Disks

VMware ESX Server

Storage

Customer Use Case: Encrypting Cloud VM‘s

Page 26: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Insert Your Name

Insert Your Title

Insert Date

A Closing Thought

Page 27: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

27

A Parent’s Most Valuable Asset?

Page 28: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

28

Most Valuable Asset?

…Yet Most Parents Allow Their Kids to Leave

Their Control

Page 29: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

29

Choosing Child Care? Choosing Clouds?

Page 30: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

30

http://www.flickr.com/photos/markhillary/6342705495 http://www.flickr.com/photos/tallentshow/2399373550

More Than Just Technology…

Page 31: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

31

Clouds Love Crypto!!!*

*with good key management…

Page 32: Your Cloud or Mine? Exploring Data Security in the Cloud · 3 REVENUE ~$330m We control access to the most sensitive corporate information– more than 35 million identities protected

Insert Your Name

Insert Your Title

Insert Date

Thank You!

Marko Bobinac

PreSales Engineer CEE, Russia and CIS

[email protected]


The evolution of visual identities from static identities ... · The evolution of visual identities from static identities to dynamic identities David Delahunty A dissertation submitted

SCUGBE_Lowlands_Unite_2017_Protecting cloud identities

Protecting Machine Identities: Blueprint for the Cloud ...€¦ · Protecting Machine Identities: Blueprint for the Cloud Operating Model Accelerate DevOps Securely with ... CIOs

Secure Your Enterprise and Enable Your Users · of tools to manage your identities in the cloud: • REST APIs: Use the SCIM-based REST APIs for managing identities and configurations

5.1 Using Fundamental Identities. Fundamental Trigonometric Identities

visual identities

Regional Identities

Accelerating Drug Development Via Interoperable Digital Identities, Signatures and ... · 2017-01-06 · Interoperable Digital Identities, Signatures and Cloud Computing Dr. Peter

Scholars in the Open: Networked Identities vs. Institutional Identities

Green Identities

Trusted identities for the cloud using open source technologies · 2012-11-01 · Trusted identities for the cloud using open source technologies where Open eCard App meets SkIDentity

The Atlassian Guide to Cloud Identity and Access GovernanceWhat is cloud identity and access management? Cloud IAM encompasses the tools and processes for managing user identities

Quotient Identities Along with reciprocal identities ... · Quotient Identities Along with reciprocal identities, quotient identities are useful when solving right triangles. There

Brand identities

Ch5.1A – Using Fundamental Identities Reciprocal Identities Quotient Identities Pythagorean Identities sin 2 u + cos 2 u = 1 1 + tan 2 u = sec 2 u 1 +

Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business

Entrust Solutions Portfolio - kitedistribution.co.uk · Entrust Solutions Portfolio Securing Digital Identities, Transactions and Information Entrust IdentityGuard Cloud Services

SE-4110, Securing Identities in the Cloud, by Martin Ahlers

PLANNING CLOUD & HYBRID IDENTITY WITHnote.microsoft.com/rs/578-UYY-044/images/CONSALTA - AZURE SAL… · STEP 1.2: “Pure” Cloud/Hybrid Identity • Cloud identities: these are

Waterborne identities

Section 5.1 Simplifying More Trig Expressions Fundamental Trigonometric Identities: Reciprocal Identities: Quotient Identities: Pythagorean Identities:

Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World

Chapter 4 Identities 4.1 Fundamental Identities and Their Use 4.2 Verifying Trigonometric Identities 4.3 Sum, Difference, and Cofunction Identities 4.4

OAuth , OpenID, SAML Making Sense of the Alphabet Soup for Cloud Identities

Cloud Identity & Access Management - Covisint · Cloud Identity & Access Management SOLUTION BRIEF Digital business begins with identities

Understanding Cloud Identities - SMBNation 2015

NIC 2017 Azure AD Identity Protection and Conditional Access: Using the Microsoft cloud to protect your corporate identities and applications

330M M L i i i i i crystal A A J

CHAPTER 5 ANALYTIC TRIGONOMETRY. 5.1 Verifying Trigonometric Identities Objectives –Use the fundamental trigonometric identities to verify identities

Securing Digital Identities in the Cloud by Selecting an ...€¦ · Securing Digital Identities in the Cloud by Selecting an Apposite Federated Identity Management from SAML, OAuth

Web Identities

Identities powerpoint

st.biglion.ruKOKa Kona KOKa Kona 3epo OaHTa CnpaüT COM Swell Pea 6ynn AapeHam.1H 150p 330M" 150p 330M" 150p 330M" 150p 330M" 150p 330M" 150p 150p 330MJ1 200p 250p 250MJ1 150p 180MJ1

Gosselain Identities

Trig Identities. Reciprocal Identities OR Pythagorean Identities OR Quotient Identities