Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party...
Transcript of Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party...
![Page 1: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/1.jpg)
Gemalto solutions and guidance for GDPR
Predrag Aleksić, PreSales Engineer, Enterprise and Cybersecurity
February 2018
![Page 2: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/2.jpg)
Agenda
What’s driving data protection
GDPR, General Data Protection Regulation
Privacy by Design
Essential questions for your Compliance
Data Flow & The Big Question! – Where to encrypt
Why KeySecure is a key element in GDPR framework
eIDAS
![Page 3: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/3.jpg)
3
Translate GDPR for your specific situation
Go and read the legislation:
GDPR Legislation
![Page 4: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/4.jpg)
Privacy By Design – 7 principles
Proactive & Preventative
Default setting
Embedded in design
Positive-sum
End-to-end security
Visibility and transparency
User-centric
4
![Page 5: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/5.jpg)
So where to start?
GDPR – EXPLAINED
5
![Page 6: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/6.jpg)
Where to start? Start with Basics…
01.03.18 Gemalto DataProtection Framework 6
![Page 7: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/7.jpg)
6 steps
Understand the GDPR legal framework
Create a Data Register
Classify your data
Start with your top priority
Assess & document additional risks and processes
Revise and repeat
7
![Page 8: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/8.jpg)
So how to protect our data?
GDPR – EXPLAINED
8
![Page 9: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/9.jpg)
Produced, processed and
stored in more places Shared more
Distributed to more
locations outside of your
control
MORE DATA
Balancing Business Value and Security
The data protection dilemma
01/03/2018 Gemalto Enterprise & Cybersecurity - CONFIDENTIAL 9
![Page 10: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/10.jpg)
SECURE THE BREACH Control who and what can access information.
Apply data protection and controls that sit with
the data asset.
PROTECT WHAT MATTERS, WHERE IT
MATTERS Data is the new perimeter.
ACCEPT THE BREACH Perimeter security alone is no longer enough.
Do You Have a Plan B?
PLAN A Prevent the Breach
PLAN B Assume the breach
Minimize its impacts
Cybersecurity: have a plan
01/03/2018 Gemalto Enterprise & Cybersecurity - CONFIDENTIAL 10
![Page 11: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/11.jpg)
01/03/2018 Gemalto Enterprise & Cybersecurity - CONFIDENTIAL 11
![Page 12: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/12.jpg)
12
Prevent Attacks / Mitigate the impact
GDPR highlights the importance of techniques recommended to
prevent a breach attempt from succeeding:
• Encryption
• Anonymization and Pseudonymization
• User Access Control
• Data Minimization
![Page 13: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/13.jpg)
Secure the Breach: the method
13
At-rest in storage
In motion across the
network
On-premises or in the
cloud
Secure and own
encryption keys
Centrally manage
keys and policies
Protect identities
Ensure only
authorized users and
services have access
Secure the
KEYS
Control the
ACCESS
Encrypt the
DATA
1 2 3
What Data
What Applications
What Storage
What use case?
Analyse the
NEED
0
![Page 14: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/14.jpg)
14
Crypto
Management
Key
Manager
HSM
Crypto
Provisioning
System
SECURE &
MANAGE KEYS
3
Applications
SaaS
Apps
Internal Users +
Administrators
Cloud Providers
Admins/Superuse
rs
Internal Users +
Administrators
Cloud Providers
Admins/Superuse
rs
Strong Authentication
CONTROL
ACCESS
Internal Users +
Administrators
Cloud Providers
Admins/Superusers
Customers +
Partners
1
The 3 key elements
File Servers
Database
s
Virtual Machines
Storage Networks Physical Data Virtual Data Data in the Cloud
ENCRYPT THE DATA
Data at Rest Encryption Data in Motion Encryption 2
![Page 15: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/15.jpg)
15
Why two-factor authentication?
Audit trail for GDPR compliancy
who accessed
at what time
which information
Reduce risk for stolen credentials
Breach prevention
![Page 16: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/16.jpg)
16
Why encryption?
Lost or stolen data in terms of GDPR
Only breach notification No user information duty No secrets revealed No bad publicity
Less business impact Breach prevention
![Page 17: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/17.jpg)
17
Why Key Management?
No direct GDPR compliancy requirement
BUT when encrypting data:
Data is no longer important
But Key Management is!
![Page 18: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/18.jpg)
Application
s (.NET, JAVA,
KMIP, XML) Databases
3rd party solutions (e.g. Self-encrypting drives via KMIP)
File encryption
**##**
Tokenization
Ethernet
FiberChanel
Hardware Security Modules Appliance
File Shares
Tape
Backups
Network Share
Encryption Proxy
Virtual Instances
Virtual Storage
Protect V Manager Virtual Appliance
18
Cryptography as an IT Service
Authentication
Management (On-Premise or
Cloud)
Nat. IDs
AMI
Metering
E-Signatures
E-Passports
Certificate Infrastructures
Trust. Every day.
Protect Cloud &
Virtual Infrastructure
Protect
Identities
Protect
Infrastructure
Protect NAS
Storage
ProtectFile Server/Desktop Agent
Key Secure Appliance
Protect
Data Centers
L2 HighSpeed
Encryptors
Protect
Data Transfer
![Page 19: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/19.jpg)
Database
Application
File System Files | Folders | Shares
Storage
Local Storage
DAS Remote
Storage
NAS | SAN
Data Flow and The Big Question! Users | Apps (browser, mobile)
Da
ta
Flo
w
Key Mngt
Where To Encrypt? Who to Protect against?
01.03.18
![Page 20: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/20.jpg)
Database
Application
File System Files | Folders | Shares
Storage
Local Storage
DAS
Full Disk Encryption – blanket
• Block Level Encryption
• Typically simple deployment
• No Encryption/Decryption Access Control
• Protects BACKUP only
Remote
Storage
NAS | SAN
Storage Level Security Users | Apps
Da
ta
Flo
w
Key Mngt
01.03.18
![Page 21: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/21.jpg)
• Transparent File Encryption – files, folders, shares, databases,
ftp servers, application data, etc.
• Encryption Policies – Encryption policies determine which of the file
server’s paths and files will be encrypted, which keys will be used, and which users,
groups, or processes will be given access to the encrypted data
• Access Policies – Access policies define which users, groups, and
processes can access protected content
• Enforcing Backup & Restore Policies – enables
authorized admins perform backup-restore duties on encrypted files only
• Protection against Rogue “root” User – prevents
super user “root” from accessing sensitive data when impersonating and user.
• Separation of duties – security vs. data management
• Dual Control – MofN – sensitive operations require multiple admins.
File System–Level Transparent File Encryption
Database
Application
File System Files | Folders | Shares
Storage
Local Storage
DAS Remote
Storage
NAS | SAN
Users | Apps
Da
ta
Flo
w
Key Mngt
01.03.18
![Page 22: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/22.jpg)
• Transparent column-level – local & remote
• Standard Encryption
• Format-Preserving Encryption (FPE)
• Tokenization
• Access policies – Key Ownership-based partitioning – databases may have visibility and access to their keys only
• Protection against DBA – prevention of DBA from impersonating other
database users
• Separation of duties – security vs. data management
• Dual Control (MofN) – performing sensitive operation require multiple
admins.
Database-level protection
Database
Application
File System Files | Folders | Shares
Storage
Local Storage
DAS Remote
Storage
NAS | SAN
Users | Apps
Da
ta
Flo
w
Key Mngt
01.03.18
![Page 23: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/23.jpg)
Application-level protection
Database
Application
File System Files | Folders | Shares
Storage
Local Storage
DAS Remote
Storage
NAS | SAN
Users | Apps
Da
ta
Flo
w
Key Mgnt
• Cryptographic operations: Encrypt/decrypt, Sign/SignV, Mac/MacV
• Standard Encryption
• Format-Preserving Encryption (FPE)
• Tokenization
• Bulk Interfaces – Encryption, Tokenization, FPE. Token.
• Key & Certification management interfaces
• Access policies – • Key Ownership-based partitioning –
• Applications have visibility and access to their keys only
• Protection against all admins • Admins can only see encrypted data
• Separation of duties • security vs. data management
• Dual Control (MofN) • performing sensitive operation require multiple admins.
01.03.18
![Page 24: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/24.jpg)
24
Gemalto Encryption Ecosystem Offers the industry’s most expansive ecosystem of integrations for encrypting data
within third party environments
Indicates a SafeNet Product
SafeNet Protect App
SafeNet Protect DB SafeNet Tokenization
SafeNet ProtectFile
SafeNet ProtectV
SafeNet High Speed
Encryptors
Layer 2 Ethernet Encryption
SafeNet KeySecure Platform
Distributed Key Management
Virtual
Machines
File
Servers
& Shares
Application
Servers Database
s Web and
Application
Servers
Network Encryption
Data in
Motion
Data at Rest
![Page 25: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/25.jpg)
25
Gemalto Key Management Ecosystem The industry’s most expansive and diverse ecosystem of integrations including the
largest # of KMIP integration products
Cloud
Encryption
Gateways Backup &
Storage
Database
Encryption
Storage &
Archive
SIEM Tools
Cloud
Services File & Disk
Encryption
SafeNet
ProtectApp SafeNet
ProtectFile
SafeNet
ProtectDB
SafeNet
ProtectV™ SafeNet
Tokenization
SafeNet KeySecure Platform
Distributed Key Management
![Page 26: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/26.jpg)
+300 HSM
Integrations
400+ Authentication
Integrations
300+ HSM
Integrations
30+ KeySecure
Integrations
35+ Crypto
Integrations
01/03/2018 Gemalto Enterprise & Cybersecurity CONFIDENTIAL 26
![Page 27: Gemalto solutions and guidance for GDPR - capital.bg (.NET, JAVA, KMIP, XML) Databases 3rd party solutions (e.g. Self-encrypting drives via KMIP) File encryption **##** Tokenization](https://reader033.fdocuments.in/reader033/viewer/2022060207/5f03d1667e708231d40aeb6f/html5/thumbnails/27.jpg)
Thank You!
27 Complying with eIDASS