Scribd
Upload
290 views17 pages

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Uploaded by

Tina-Stewart
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
290 views17 pages

Security Policy and Key Management: Centrally Manage Encryption Keys - Oracle TDE, SQL Server TDE and Vormetric

This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

Uploaded by

Tina-Stewart
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 17

Centrally Manage Encryption Keys Oracle TDE, SQL Server TDE and Vormetric.

Tina Stewart, Vice President of Marketing

Security Policy and Key Management

www.Vormetric.com

Presentation Overview

Evolution of encryption and integrated key management systems

IT operations and support challenges will then be examined

Review of the future industry initiatives and compliance regulations

Conclude with brief introduction to Vormetric Key Management

Slide No: 2

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Importance of Enterprise Key Management


The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
Forrester Research, Inc., Killing Data, January 2012

Two Types of Key Management Systems

Integrated
Slide No: 3

Third Party
Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

IT Imperative: Secure Enterprise Data


1
Direct access to enterprise data has increased the risk of misuse.

Attacks on mission critical data are getting more sophisticated.

!
3

A Data Breach Costs > $7.2M Per Episode


2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute

Security breach results in substantial loss of revenue and customer trust.

Compliance regulations (HIPAA, PCI DSS) mandates improved controls.

Slide No: 4

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

What is needed is a powerful, integrated solution that can enable IT to Ensure the availability, security, and manageability of encryption keys Across the enterprise.

Enterprise Key Management 8 Requirements

Backup
Storage Key State Management

Generation

Enterprise Key Management

Authentication

Restoration

Auditing Security

Slide No: 5

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Interoperability Standards

PKCS#11
Public Key Cryptographic Standard used by Oracle Transparent Data Encryption (TDE)

EKM
Cryptographic APIs used by Microsoft SQL server to provide database encryption and secure key management

OASIS KMIP
Single comprehensive protocol defined by consumers of enterprise key management systems

!
Slide No: 6

Even though vendors may agree on basic cryptographic techniques and standards, compatibility between key management implementation is not guaranteed.
Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Encryption Key Management Challenges


Complex management: Managing a plethora of encryption keys in millions

Disparate Systems

Security Issues: Vulnerability of keys from outside hackers /malicious insiders

Data Availability: Ensuring data accessibility for authorized users

Scalability: Supporting multiple databases, applications and standards

Governance: Defining policy-driven, access, control and protection for data


Slide No: 7

Different Ways of Managing Encryption Keys

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Industry Regulatory Standards


Requires encryption key management systems with controls and procedures for managing key use and performing decryption functions.

Payment Card Industry Data Security Standard (PCI DSS)

Requires firms in USA to publicly acknowledge a data breech although it can damage their reputation.
Gramm Leach Bliley Act (GLBA)

U.S. Health I.T. for Economic and Clinical Health (HITECH) Act

Includes a breach notification clause for which encryption provides safe harbor in the event of a data breach.

Slide No: 8

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Vormetric Key Management Benefits

Stores Keys Securely

Provides Audit and Reporting

Minimize Solution Costs

Manages Heterogeneous Keys / FIPS 140-2 Compliant


VKM provides a robust, standards-based platform for managing encryption keys. It simplifies management and administrative challenges around key management to ensure keys are secure.
Slide No: 9

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Vormetric Key Management Capabilities

Manage Vormetric

Manage 3rd Party Keys


Create/Manage/Revoke keys of 3rd party encryption solutions Provide Network HSM to encryption solutions via

Vault Other Keys


Provide Secure storage of security material Key Types:

Encryption
Agents

Symmetric: AES, 3DES, ARIA Asymmetric: RSA 1024, RSA 2048, RSA 4096 Other: Unvalidated security materials (passwords, etc.).

PKCS#11 (Oracle 11gR2) EKM (MSSQL 2008 R2)

Slide No: 10

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Vormetric Key Management Components

Data Security Manager (DSM)


Same DSM as used with all VDS products FIPS 140-2 Key Manager with Separation of Duties

Report on vaulted keys


Provides key management services for:

Key Vault
Licensable Option on DSM Web based or API level interface for import and export of keys Supports Symmetric, Asymmetric, and Other Key materials Reporting on key types

Oracle 11g R2 TDE (Tablespace Encryption) MSSQL 2008 R2 Enterprise TDE (Tablespace Encryption)

Slide No: 11

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

TDE Key Architecture before Vormetric

Master Encryption keys are stored on the local system in a file with the data by default.

Oracle / Microsoft TDE

TDE Master Encryption Key

Local Wallet or Table

Slide No: 12

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

TDE Key Architecture after Vormetric


Oracle / Microsoft TDE
SSL Connection

TDE Master Encryption Key

Key Agent

Vormetric DSM acts as Network HSM for securing keys for Oracle and Microsoft TDE Vormetric Key Agent is installed on the database server

Slide No: 13

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

VKM Architecture-Key Vault


Web GUI

Supported Key Types:

Asymmetric Command Line / API

Slide No: 14

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Security Policy and Key Management


Protecting the enterprises valuable digital assets from accidental or intentional misuse are key goals for every IT team today A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.

Vormetric Key Management is the only solution today that can:


Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and

Protect data without disrupting you business

Slide No: 15

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Security Policy and Key Management


The final encrypted solution has two parts: the encrypted data itself and the keys that control the encryption and decryption processes. Controlling and maintaining the keys, therefore, is the most important part of an enterprise encryption strategy.
Forrester Research, Inc., Killing Data, January 2012

Protecting the enterprises valuable digital assets from accidental or intentional misuse are key goals for every IT team today

A centralized enterprise key management solution is critical to ensuring all sensitive enterprise data is secure and available.

Vormetric Key Management is the only solution today that can:


Minimize IT operational and support burdens for encryption key management, Secure and control access to data across the enterprise and into the cloud, and Protect data without disrupting you business

Slide No: 16

Copyright 2012 Vormetric, Inc. Proprietary and Confidential. All rights reserved.

Centrally Manage Encryption Keys Oracle TDE, SQL Server TDE and Vormetric.
Download Whitepaper

Security Policy and Key Management

Tina Stewart, Vice President of Marketing

Click - to - tweet

www.Vormetric.com

You might also like