© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.
-
Upload
hannah-higgins -
Category
Documents
-
view
217 -
download
1
Transcript of © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.
© 2009 • PGP Corporation • Confidential
State of Key Management
Brian TokuyoshiSolution Manager
© 2009 • PGP Corporation • Confidential
Challenges
• Regulation and security concerns drive the need for encryption everywhere– Tight deadlines place emphasis on the goal, and not best practice
• Each new encryption technology introduces new key management challenges– Yet another system to manage
– Building consistent policy enforcement gets harder and harder
• eDiscovery is the opposite of regulation– Data is being encrypted without consideration of how fast it must be
recovered
• Each operations group handles key management differently
• Many different trust models, many different types of keys
2
© 2009 • PGP Corporation • Confidential
How key management problems affect businesses
Administrative costs
• Major online retailer takes 4 weeks to perform manual key audit for compliance. Audit required twice a year.
Accountability
• CIO/CSO held accountable for data protection but lacks visibility
• GAO report on federal deployment
Business Continuity
• Major bank – Retail branches could not open for 4 hours
• Numerous sites – Customers locked out from online services
3
© 2009 • PGP Corporation • Confidential
Different Trust Models for Different Uses
4
Company A Company B
User User
Company A Company B
User1 User2 User1 User2
Point to Point TrustSecure File TransferOne to One, One to Many
Cross CertificationS/MIME EmailMany to Many
Company A Company B
HierarchySSL CertificatesAnyone
3rd Party CA
© 2009 • PGP Corporation • Confidential
Reality Check
5
Company B Company CCompany A
Point to Point
Cross Certify
• Businesses use mixed trust models today
• No easy way to migrate from one model to another
• Can’t force an architecture onto another company
Internal Hierarchy
3rd Party CA
© 2009 • PGP Corporation • Confidential
The Growing Need
Compliance!
Data Breaches!
Security
EncryptionEncryption
EncryptionEncryption
EncryptionEncryption
Problem Solved?Problem Solved?
© 2009 • PGP Corporation • Confidential
The Growing Need
Compliance!
Data Breaches!
Security
EncryptionEncryption
EncryptionEncryption
EncryptionEncryption
Key Management
Key Management
© 2009 • PGP Corporation • Confidential 8
Common Problems with Keys
Networks
Backend Applications
Clients
Hardware
Banking and Retail Hardware
ATM PoS EMV
Databases Application Servers
Web Servers
Mail Servers
CRM
WiFiVPN
Wireless KeysSSL / TLS Keys
Disk Encryption KeysAuthentication Keys
TPM Keys
Encryption KeysAuthentication Keys
Data Encryption KeysApplication KeysSSL / TLS Keys
Transport KeysAuthentication Keys
Transaction Keys
Manual Management
Help Desk and Recovery
Policy Requirements
Key Rotation/Key Archiving
Validation and Rotation
© 2009 • PGP Corporation • Confidential 9
Networks
Backend Applications
Clients
Hardware
Banking and Retail Hardware
Addressing the Problem
ATM PoS EMV
Provisioning
Storage
Auditing and Reporting
Lifecycle Management
Policy Enforcement
Discovery
Key ManagementWiFiVPN
Wireless KeysSSL / TLS Keys
Disk Encryption KeysAuthentication Keys
TPM Keys
Encryption KeysAuthentication Keys
Data Encryption KeysApplication KeysSSL / TLS Keys
Transport KeysAuthentication Keys
Transaction Keys
Databases Application Servers
Web Servers
Mail Servers
CRM
© 2009 • PGP Corporation • Confidential
With PGP Key Management
User 1 Keys
User 2 Keys
User 3 Keys
User 4 Keys
Key Management Services
User 1 User 2 User 3 User 4
File Email Disk
Before and After
Without Key Management
User 1 User 2 User 3 User 4
File Email Disk
10
© 2009 • PGP Corporation • Confidential
What’s Needed in a Key Management System
What’s needed
• Open standards support
• Support for APIs, Protocols and Agents
• Support for multiple key types
• Support for multiple trust models
• Highly Scalable
• Highly Secure
• Proven
11
© 2009 • PGP Corporation • Confidential 12
Q&AThank You