IBM Cloud Data Encryption Services

© IBM Corporation 1

Presented by:

IBM CloudData Encryption ServicesSoftware-defined data protection with built-infault tolerance Isabel Sanz

[email protected]


text

The number of hacks and data breaches are growing every year.

Over 2 millionthe number of records compromised in cyber attacks daily1

205the number of days before a breach is detected4

49the percentage of data breaches that occur due to criminal attacks3

429the number of cyber breaches that happen every week5

12014 Data Breach Trends, Risk Based Security Open Security Foundation, February 20152,32015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 20154 M-Trends 2015: A View from the Front Lines, Mandiant 20155 2014 Global Report on the Cost of Cyber Crime, Ponemon Institute, October 2014

More than 3.8 million USDthe cost to recover from a cyber breach2

© IBM Corporation 3© IBM Corporation 3

Security remains the primary barrier to cloud adoption.1

Nearly 50% think security is a barrier

to cloud adoption, while 41% feel the

related issues of data loss and leakage risks are impediments.2

1, 3Cloud Adoption Practices & Priorities Survey Report, Cloud Security Alliance, January 20152 The LinkedIn Cloud Security Spotlight report, 2015

61% of companies think that security

of data in the cloud is an executive or board-level concern.3


text

How do we prepare ourselves: Key questions…

– Are you worried about failing to meet Compliance requirement for data

security?

– Are you struggling to keep up with scaling your IT infrastructure in

house?

– Are you worried about the wrong people gaining access to your data?

– Do you think any of your data has even been stolen/hacked?

– Have you ever lost access to your data?


text

How do we prepare ourselves…

IBM Cloud Data Encryption Services (ICDES) is data protection that goes well beyond traditional security products to safeguard your data even when your network protection fails

IBM Cloud Data Encryption ServicesSoftware defined data protection


text

Addressing main pillars of the data protection with ICDES

ICDES

PRIVACY AND INTEGRITY


text

What’s Inside ICDES – SPx™ Cryptographic Splitting

“M of N” Resiliencyfor Fault Tolerance

10010101110

01000011010

01010100001

101011

000110

101000

AES-256-GCM Encryption& Integrity Checks

f8^w#DATA IN

IDA RandomCryptographic Splitting

(f8^w#) is

100010100101101010

101011

000110

101000

Share 1 Share 2 Share 3

Server

Key

Write Cryptographically Split Dataand Keys to Shares

Workgroup Key

Encryption & Integrity Checks

Cryptographic Splitting


text

Server Key – Created at initial configuration of ICDES on server

• Stored on separate server or in external keystore with config file

• Must be present at time of boot (key location in config) and is stored in RAM

• Server Key used to encrypt / decrypt / split Workgroup Key

Workgroup Key – Each top level directory is protected by the software automatically, and gets its own key

• Workgroup Key is stored in the internal ICDES File System Keystore.

• Workgroup Key is used to encrypt internally generated file keys every time a file is written.

File Keys – A File Key is created when the data is encrypted (AES-256-GCM) and another for IDA Randomization

IDAAES

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

Encrypted AES File Key Encrypted IDA File Key Encrypted File Keys are split and wrapped with data by Workgroup Key

DATA # # # # # # # # # ## # # # # ## # # # # ## # # # # #

# @ # # # ! # # & ## # $ # # ##! # # @ ## # # ? # #

# # # # # # # # # ## # # # # ## # # # # ## # # # # #

Workgroup Key is encrypted and split using Perfect Secret Sharing

Cryptographically split data shares and keys sent to Storage

Simplified Key Manager


text

IBM Cloud Data Encryption Services: 3 different models


text


– Secure provides you with:• Encryption and cryptographic splitting

Management Console covering ICDES usage at:

SoftLayer®

IBM OpenStack

Customerdata center

Competitorclouds


text


– Advanced secure provides you with:• Encryption and cryptographic splitting

• Resiliency for fault tolerance

• High availability – “always on”


SoftLayer®

IBM OpenStack

Customerdata center

Competitorclouds

M<N


text


– Advanced multisite provides you with:• Encryption and cryptographic splitting

• Resiliency for fault tolerance

• High availability – “always on”

• Multisite resiliency (disaster recovery)


SoftLayer®

IBM OpenStack

Customerdata center

Competitorclouds


text

ICDES Pricing

$20 / month

per core (based in

usage)

$50 / month

per core (based in

usage)

$35 / month

per core (based in

usage)

Try for 30 Days Try for 30 Days Try for 30 Days

Install it everywhere:


text

IBM Cloud Data Encryption Services is designed to beeasy to install and use.

PURCHASE

ICDES Advanced Secure

DOWNLOAD

IBMCLOUD Marketplace 2 of 4

/share1

/share2

/share3

/share4

CONFIGURE

START PROTECTING DATA

DATAPROTECTEDDIRECTORY

Share 1 Share 2 Share 3 Share 4

Step 1

Step 2

Step 3Install and begin protecting your data in three simple steps.


text

Why IBM Cloud Data Encryption Services delivers robust data protection

– Ground-breaking data security technology

• Designed to provide data-centric, file-level protection

• Helps safeguard data even when network protection fails

• Combines security-rich data encryption and cryptographic splitting

– Easier management of regulatory requirements

• Helps manage compliance for HIPAA, HITECH, FISMA, Sarbanes-Oxley and PCI DSS more effectively1

• FIPS 140-2 certified2

– Data resiliency added at server edge

• Allows for simplified architecture

• Supports a reduced-cost high availability and disaster recovery (HA and DR) architecture

– Helps reduce overall storage costs

• Helps reduce copies of data needed for HA and DR

• Helps eliminate need for expensive bulk key storage

1Health Insurance Portability and Accountability Act of 1996 (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Federal Information Security Management Act of 2002 (FISMA); Payment Card Industry Data Security Standard (PCI DSS)2Federal Information Processing Standard (FIPS)


text

ICDES Support

– ICDES Support details:

• If additional information is needed, please contact:

Isabel Sanz

[email protected]

Skype: Isabel_sanz_garces

IBM Cloud Data Encryption Services

Technology

Transcript of IBM Cloud Data Encryption Services