Vormetric Data Security
17
Vormetric Data Security Cloud Computing
description
Vormetric Data Security. Cloud Computing. Who is Vormetric?. Founded in 2001 Purpose: To Simplify Data Security Customers: 1100+ Customers Worldwide OEM Partners: IBM Guardium Data Encryption Symantec NetBackup MSEO. Data Security Simplified. Transparent - PowerPoint PPT Presentation
Transcript of Vormetric Data Security
Vormetric Data Security
Cloud Computing
Who is Vormetric?Founded in 2001Purpose:
To Simplify Data Security
Customers:1100+ Customers Worldwide
OEM Partners:IBM
Guardium Data Encryption
Symantec NetBackup MSEO
Data Security Simplified
TransparentMust be transparent to business processes, end users, and applications Data type neutral – any data, anywhere
EfficientSLA, User, and Application performance must remain acceptableEncryption overhead can approach zero
StrongControl Privileged Users access to sensitive dataFirewall your data – approved users and applications allowed, deny all others.Integrated Key Management
EasyEasy to UnderstandEasy to ImplementEasy to Manage
Business Application Systems (SAP, PeopleSoft, Oracle Financials, In-house, CRM, eComm/eBiz, etc.)Application Server
Remote Locations& Systems
Storage & Backup SystemsSAN/NAS Backup Systems Data
CommunicationsVoIP SystemsFTP/Dropbox ServerEmail Servers
Structured Database Systems(SQL, Oracle, DB2, Informix, MySQL)Database Server
Security & Other Systems(Event logs, Error logsCache, Encryption keys, & other secrets)Security Systems
Unstructured DataFile SystemsOffice documents, SharePoint, PDF, Images, Audio……etc…
Public Cloud(AWS, Rackspace, Smart Cloud, Savvis, Terremark)
Virtual & Private Cloud (VMware, Citrix, Hyper-V)
Data is Everywhere
Advanced Persistent Threat
A Defense in Depth Strategy is essential to combating APT
Controls and Safeguards are intended to combat the APT at different points in its life cycle
The goal is the APT is to gain access to you most valued possession, you data
APT’s are already at work on your network. The Data must be protected locally, at the point of access
Protect what Matters
Image from Secureworks.com
Reducing the Threat Landscape
Control and Defend
Audit
Security Management Domains
Privileged User Access Control
Separation of Roles & Need to Know
Key Management
Encryption
Data Asset
s
Database Encryption
Unstructured Data Encryption
Cloud Encryption
Usage: Encrypt Tablespace, Log, and other DB files
Common Databases: Oracle, MSSQL, DB2, Sybase, Informix, MySQL…
Usage: Encrypt and Control access to any type of data used by LUW serverCommon Data Types: Logs, Reports, Images, ETL, Audio/Video Recordings, Documents, Big Data…Examples: FileNet, Documentum, Nice, Hadoop, Home Grown, etc…
Usage: Encrypt and Control Access to data used by Cloud Instances
Common Cloud Providers: Amazon EC2, Rackspace, MS Azure, Savvis, Terremark AT&T, SoftLayer +++
Transitioning to the Cloud
Vormetric Data Security
What is it?Integrated solution that controls access to data…
What does it do?Controls what users and processes can access dataEnforces access controls with encryption of any type of data transparently Provide security intelligence around your data
Data
Integrated Key
Management
Transparent Encryption
Data Firewall
Security Intelligence
Data Encryption Data Firewall Security Intelligence
Encrypts file system and volume data transparently to:
ApplicationsDatabasesStorage Infrastructure
Integrated Key Management
High Efficiency Encryption
Need to know access to data, based on approved behavior.
Separate data access from data management for system privileged users
Rich event driven audit logs for approved and denied attempts to sensitive data
Multiple reporting options to enable actionable security intelligence
More than just audit reports – prove data is protected
Transitioning to the Cloud
Locking down the CSP AdminPolicy ≈ Firewall RulesRules have Criteria and EffectsCriteria
User/Group, Process, Data Location, Type of I/O, TimeEffects
Permission: Permit or DenyEncryption Key: Yes or NoAudit: Yes or No
The Rules of a policy work like a firewall rule engine
1. Receive criteria from request.2. Try to match Criteria to Rules. Start at the top.3. On first match apply the associated Effect.4. If no match, then deny
Locking Down the CSP Admin
Vormetric Data Security : Single Pane of Glass
Data Security Manager
Database
Unstructured
Database
Unstructured
Traditional Infrastructure
Vormetric Vault
Cloud ComputingAWS, RacSpace,
Saavis…
Vormetric Data Security : Single Pane of Glass
Data Security Manager
Database
Unstructured
Database
Unstructured
Traditional Infrastructure
Vormetric Vault
Cloud ComputingAWS, RacSpace,
Saavis…
Vormetric Data Security Product Suite
Vormetric EncryptionPurpose: Transparent Data Encryption and Access Control of structured and unstructured dataUse Cases: Database Encryption, File Encryption, Privileged User Data Management
Vormetric Key Management
Purpose: Key Management for other Encryption platformsUse Cases: Application Encryption, TDE Key Management
Vormetric VaultPurpose: Securely store and report on Security MaterialsUse Cases: Key Vaulting, Certificate Vaulting, Vaulting of other Security materials.
Vormetric ToolkitPurpose: Automate and accelerate deploymentUse Cases: Cloud Providers, Enterprise Deployments
Technical Benefits
TransparentNo changes required to Database, Application or StorageData type neutral – any data type
EfficientSLA, User, and Application performance are maintainedEncryption overhead is minimalRapid Deployment
StrongSystem privileged users can be restricted from accessing sensitive dataFirewall your data – approved users and applications allowed, deny all others.Integrated Key Management
EasyEasy to UnderstandEasy to ImplementEasy to Manage
Vormetric Data Security
Protect what matters
Jeff ShermanRegional Sales Manager
Bill GoodmanSales Engineer
