History, Heresy & The Future of Data...
Transcript of History, Heresy & The Future of Data...
History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford University Co-Inventor of Public Key Cryptography
Michael Callahan CMO and VP, CREDANT
Gretchen Hellman VP of Marketing and Product Management, Vormetric
Agenda
• The State of Encryption Today
• Historical Perspective: The Inside Story on Inventing Public Key Cryptography
• Psychology, Risk and Encryption
• What Works in Cryptography
• CREDANT and Vormetric: Changing Perceptions in Cryptography
Data Center
3
The Business Problem
Employee
Contractor Partner
Prospect List
Intellectual Property
Customer Credit Card Information Social Security Numbers
Classified Government Information
Airport
Internet Cafe
Home
Office
Site
Transit Patient Records
ALL Sensitive Corporate Data
Compliance Regulations Expanding
4
• Data Compliance Laws are Driving the Market Many National Laws/Initiatives/Acts/Programs
• HIPAA, PCI, GLBA, SOX, FISMA, BITS 44 states, DC, Puerto Rico and the Virgin Islands have laws* States with no law yet
• Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota
Why aren’t all Enterprises Encrypting?
Perception of encryption is behind advances in technology
Hard Expensive Unmanageable
Easy Economical Transparent
Perception - History Reality - State of the Art
Introducing Professor Martin Hellman
• Co-Inventor Public Key Cryptography
• Professor Emeritus, EE, Stanford University
• Selected Awards: IEEE Fellow, Marconi Fellow,
Electronic Frontier Foundation Pioneer Award, Member of National Academy of Engineering
Early 1970s: Looking Into the Future
Finding Other “Fools”
Merkle Diffie Hellman
Early Feedback About the Idea
Identifying the Issues
• Ad-hoc communication with unknown users over computer networks
• Symmetric key distribution could not work
Solving the Problem
• Identified the need to develop a 2 key system
• How could it be mathematically derived?
An important suggestion from Professor John Gill Stanford University
1976 – New Directions in Cryptography
“We stand today on the brink of a revolution in cryptography”
Building on the Foundation
• PKI
• Digital Signatures
• SSL
• Elliptic Curve
Risk, Psychology and Encryption
• Resistance to addressing risk
• Cassandra, teenage immortality, nuclear risk, soaring and cryptography
• What we can do?
Cryptography Today – What Works
• Integrated
• Transparent
• Automatic
Martin Hellman’s Work Today
• NuclearRisk.org
• Recent work: Soaring, Cryptography and Nuclear Weapons
CREDANT and Vormetric
Changing perceptions about Encryption
• Innovative approaches CREDANT – Endpoint Encryption Vormetric – Servers and Storage
• Focused on making encryption work Manageable, transparent, secure
“Vormetric made our key management and encryption as simple as it can be.”
— Troy Larson, VP of Information Systems, Metabank
“The CREDANT software is very transparent — most people don’t know it’s on the machine.” — David Fennel, IT Security Coordinator, Talisman Energy
18
CREDANT Overview
19
CREDANT Company Overview
2007 Data Security Leadership Quadrant
2007 & 2008: #1 Fastest Growing Private (Security) Company
Testergebnis: 8.6 Very Good
Founded - September 17, 2001 To enable customers to manage security of data on
any device Product Line - CREDANT Mobile Guardian (CMG)
Data-centric, policy based, centrally managed data protection solution that "Protects What Matters"- your critical information
Financial and Strategic Investors Leading Venture Capital Firms
Austin Ventures, Menlo Ventures, Crescendo Ventures
Cisco Systems & Intel Capital Accomplishments
More than 775 customers worldwide Protecting >5 Million endpoints globally Solution recognized by leading industry experts
CREDANT’s Diverse Customer Base Spans Major Industries and Geographies
Aerospace & Defense
State and Local Government
Universities
Consumer Industries Drugs & Healthcare
Energy
Financial Services
Telecommunications, IT & Media
Public Sector
Retail & Leisure
20
CREDANT’s Data-Centric Encryption More secure than other options
Disadvantage: • Encryption only on system
level - no awareness of user or type of data
• Only available for Desktops and Laptops
• System administration significantly impacted
• No separation of system and security administration
• No protection against copy onto external media
Full Disk Encryption
Complete encryption of hard disk, including boot
and system files
File & Folder Encryption
Files and Folders specifically selected by the user are
encrypted
Disadvantage:
• Security dependent on user behavior
• Temporary application files can leak information
• No central administration or key recovery
• Impossible to enforce or prove compliance
The CREDANT approach combines the best of “Full Disk Encryption“ and “File & Folder Encryption“ and overcomes their significant problems
CREDANT’S Data-Centric Encryption
• Data automatically encrypted based on policies
• Encryption awareness of users, groups, systems and data types
• System remains accessible for system administration
• Central Administration for all devices and storage media with automated key escrow for guaranteed recovery
• Automatic detection and enforced protection of external media
22
CREDANT Simplifies the Solution
Full Compliance Reporting
Transparent to End-users
No Operational Impact
All Solutions Managed within One Web-based
Console
Vormetric Overview
The Best in Enterprise Encryption
• Mature and Proven Founded in 2001, production deployments since 2003 Over 500 enterprises use Vormetric solutions
• Innovative Architecture Transparent to applications, databases, storage and users High performance, extendible, and rapidly deployable
• Strong and Growing Unparalleled partnerships Diverse expanding customer base standardizing on Vormetric
• THE solution for DB2 and Informix
• THE solution for NetBackup
Strong Validation
• THE solution for securing the execution environment for Oracle DataVault
• Secure, centralized policy and key management
• High performance
• Heterogeneous
• Rapidly deployable
• Extensible
Any File, Any Database, Any Application, Anywhere!
Vormetric Data Security
Vormetric Simplifies Data Security
Oracle DB2 Informix
Sybase SQL Server MySQL
ERP CRM CMS
Care Management
CAD POS VoIP Dev Apps
Homegrown Applications
File Shares Flat Files Point
Encryption
HR Apps
The Vormetric Approach
Users
Apps
File System
Databases
Volume Manager
• Encryption
• Access Control
• Audit
• Centralized management
DB2 Oracle
Vormetric’s Extensible Solution
DAS
ERP
SAN NAS
SQL Sybase
IIS Apache WebLogic
File Servers FTP Servers Email Servers
CRM Payments
Other
CMS Custom
• Log Files • Password files
• Configuration files • Archive
• Data files • Transaction logs
• Exports • Backup
• File shares • Archive
• Content repositories • Multi-media
MySQL
VM
“ ” Future scalability to apply this solution where additional needs may arise was a significant consideration
Thomas Doughty, CISO, Prudential
Summary
• Making encryption easy and effective from the endpoint to the core
• No impact to existing operations
• Keeping you compliant, out of the headlines and protected
Thank You!
CREDANT • [email protected] • www.credant.com • 866-CREDANT (273-3268)
Vormetric • [email protected] • www.vormetric.com • 888-267-3732
Q&A For More Information Contact: