Maintaining Trust & Control of your Data in the Cloud
•
1 like•709 views
Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and maintain the trust. Gemalto’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.
Andrew Watts-Curnow, Solutions Architect, Amazon Web Services, ASEAN
Sheung Chi Ng, Senior Security Consulting Manager, Identity and Data Protection (IDP), APAC, Gemalto (Formerly SafeNet)
1 of 34
Download to read offline
More Related Content
Maintaining Trust & Control of your Data in the Cloud
1. Complete encryption and key
management available directly
from AWS and Marketplace
Complete encryption and key management available
directly from AWS and Marketplace
Sheung-Chi NG, APAC
Sheungchi.Ng@safenet-inc.com
Apr 2016
2. We are the world leader in digital security
29.04.16Trust. Every day.2
WE’RE UNIQUE. WE’RE GLOBAL. WE’RE INNOVATIVE
2,900R&D ENGINEERS
114
NEW PATENTS
FILED IN 2014
180+COUNTRIES WHERE
OUR CLIENTS ARE
BASED
14,000+EMPLOYEES
16NATIONALITIES
€2.5bn2014 REVENUE
+2bn
END USERS
BENEFIT FROM
OUR SOLUTIONS
3. DATA
PROTECTON
PORTFOLIO
DATA ENCRYPTION
CRYPTO MANAGEMENT
DIGITAL PAYMENTS
ENTERPRISE AUTHENTICATION
TRUSTED IDENTITIES
EBANKING & ECOMMERCE
SECURITY AT THE
core
SECURITY AT THE
edge
DATA SECURITY IS BASED ON
TWO ELEMENTS
IDENTITY
PROTECTION
PORTFOLIO
Gemalto IDP Business Areas
3 Introduction to Identity Data Protection 29.04.16
7. Security and Compliance Concerns
with Cloud Computing
How do you maintain ownership and control of your
information in a multi-tenant environment?
• Securing, tracking and lifecycle/destruction of
backups?
• Government requests?
• Privilege users of the cloud infrastructure?
How do you extend data governance and compliance to
internal and external mandates?
7
Can Be Challenging to Illustrate Control Of Protected and
Sensitive Information in the Cloud
13. The industry’s first comprehensive solution protecting your data across physical, virtual, and cloud
infrastructure.
With ProtectV you can enable customers to:
• Isolate Virtual Machines and storage through encryption
• Authorize VM launches with StartGuard
• Track key access to all copies of your data
• Revoke key access after terminating an instance in the cloud or a breach
ProtectV enables you to migrate your sensitive data to untrusted or shared environments securely.
ProtectV
Manager
VM
VM
Microsoft
Linux
Red Hat
13
SafeNet ProtectV
15. ProtectV: Secures the Entire Instance Lifecycle
Protect – Identify and encrypt entire VM, including
boot and storage partitions
You must be
authenticated and
authorized to boot a
server to the OS
All data and VMs are
encrypted
Every time you
delete a key, it
“digitally shreds”
the data, rendering
all copies of VMs
inaccessible
Every copy of VM in
storage or backup is
encrypted
Protect
Start
Daily Operations
Snapshot
Delete
1
2
3
4
5
15
20. ProtectFile Provides Separation of Duties
20
Finance
Sales
Human
Resources KeySecureKeySecure
SSL
Server
Administrator
Server
(Windows or Linux)
Server
(Windows or Linux)
DataSecure
Administrator
Application
Hardware
Operating
System
Database
Files and
Folders
Remote Storage
(NAS, SAN)
Local
Storage
(DAS)
ProtectFile
29. Customer Example: Netflix Key
Management
Goals
• Remove data center dependencies and
complexity
• Increase reliability and performance
Approach
• HSMs per region/environment
• Migrated from SafeNet KeySecure in the
data center to CloudHSM
• Decommissioned data center configuration
30. Netflix: Results
Using AWS Cloud HSM with
HSM appliances in 3 regions
Lower latency and high
security
Eliminate on-premises
datacenter-based HSM/KM
Saves money – 33% savings
over original projections
AWS
Virtual Private Cloud
CloudHSM VPC Instance
SSL
Application
HSM Client
31. Customer : FXXX MXXX - Property loan
Need?
FXXX MXXX hosts borrower or loan servicer information along with credit scores and other personal
information. They plan to move their information to AWS cloud (cost savings). Their security team will
not allow any server on the cloud unless the personal information on databases hosted in public
cloud is protected (i.e. encrypted).
Why are they interested in ProtectV?
Unique AWS solution
Key Management on premise
Encrypting the entire VM
Environment?
AWS VPC Public Cloud
Handful of servers
Want to encrypt everything that goes into the cloud
31
32. Customer : TXX - Logistics company
No infrastructure deployed to TXX Express premises
Resilient cloud based service allowing for easy re-use of the
service globally
Low per user per month token cost allowing for integration with the
remote access service, offering an integrated and robust solution
• Cost the same as old remote access solution but offers,
• Strong authentication as standard
• More flexible access options
Flexible form factors allowing easier deployment and acceptance
of the technology
Lower TCO of the existing Authentication solution
Time to provision a user down from 5 days to 30 minutes