© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.

© 2009 • PGP Corporation • Confidential

State of Key Management

Brian TokuyoshiSolution Manager


Challenges

• Regulation and security concerns drive the need for encryption everywhere– Tight deadlines place emphasis on the goal, and not best practice

• Each new encryption technology introduces new key management challenges– Yet another system to manage

– Building consistent policy enforcement gets harder and harder

• eDiscovery is the opposite of regulation– Data is being encrypted without consideration of how fast it must be

recovered

• Each operations group handles key management differently

• Many different trust models, many different types of keys

2


How key management problems affect businesses

Administrative costs

• Major online retailer takes 4 weeks to perform manual key audit for compliance. Audit required twice a year.

Accountability

• CIO/CSO held accountable for data protection but lacks visibility

• GAO report on federal deployment

Business Continuity

• Major bank – Retail branches could not open for 4 hours

• Numerous sites – Customers locked out from online services

3


Different Trust Models for Different Uses

4

Company A Company B

User User

Company A Company B

User1 User2 User1 User2

Point to Point TrustSecure File TransferOne to One, One to Many

Cross CertificationS/MIME EmailMany to Many

Company A Company B

HierarchySSL CertificatesAnyone

3rd Party CA


Reality Check

5

Company B Company CCompany A

Point to Point

Cross Certify

• Businesses use mixed trust models today

• No easy way to migrate from one model to another

• Can’t force an architecture onto another company

Internal Hierarchy

3rd Party CA


The Growing Need

Compliance!

Data Breaches!

Security

EncryptionEncryption



Problem Solved?Problem Solved?


The Growing Need

Compliance!

Data Breaches!

Security




Key Management

Key Management

© 2009 • PGP Corporation • Confidential 8

Common Problems with Keys

Networks

Backend Applications

Clients

Hardware

Banking and Retail Hardware

ATM PoS EMV

Databases Application Servers

Web Servers

Mail Servers

CRM

WiFiVPN

Wireless KeysSSL / TLS Keys

Disk Encryption KeysAuthentication Keys

TPM Keys

Encryption KeysAuthentication Keys

Data Encryption KeysApplication KeysSSL / TLS Keys

Transport KeysAuthentication Keys

Transaction Keys

Manual Management

Help Desk and Recovery

Policy Requirements

Key Rotation/Key Archiving

Validation and Rotation


Networks

Backend Applications

Clients

Hardware

Banking and Retail Hardware

Addressing the Problem

ATM PoS EMV

Provisioning

Storage

Auditing and Reporting

Lifecycle Management

Policy Enforcement

Discovery

Key ManagementWiFiVPN

Wireless KeysSSL / TLS Keys

Disk Encryption KeysAuthentication Keys

TPM Keys

Encryption KeysAuthentication Keys

Data Encryption KeysApplication KeysSSL / TLS Keys

Transport KeysAuthentication Keys

Transaction Keys

Databases Application Servers

Web Servers

Mail Servers

CRM


With PGP Key Management

User 1 Keys

User 2 Keys

User 3 Keys

User 4 Keys

Key Management Services

User 1 User 2 User 3 User 4

File Email Disk

Before and After

Without Key Management

User 1 User 2 User 3 User 4

File Email Disk

10


What’s Needed in a Key Management System

What’s needed

• Open standards support

• Support for APIs, Protocols and Agents

• Support for multiple key types

• Support for multiple trust models

• Highly Scalable

• Highly Secure

• Proven

11


Q&AThank You

© 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.

Documents

Transcript of © 2009 PGP Corporation Confidential State of Key Management Brian Tokuyoshi Solution Manager.