Maginatics Security Architecture

Size: px
Start display at page:

Download "Maginatics Security Architecture"

Transcription

1 Maginatics Security Architecture What is the Maginatics Cloud Storage Platform? Enterprise IT organizations are constantly looking for ways to reduce costs and increase operational efficiency. Although cloud storage offers a means to achieve these objectives, many enterprises are still reluctant to fully embrace the cloud because of security concerns. In addition, enterprises are also looking for ways to boost productivity by giving their mobile workforce anywhere, any-device access to business-critical data through corporate BYOD (bring your own device) policies. However, rolling-out a BYOD strategy raises security and management challenges of its own for the enterprise. First, in the absence of an acceptable ITapproved alternative, workers often select a cloud-based personal file sharing service such as Dropbox, Box or an equivalent. Not only do these services place responsibility for data security in the hands of a thirdparty entity, they enable former workers to retain access to proprietary information even after leaving the company. In short, cloud storage and BYOD promise major benefits to enterprises in the form of decreased costs, increased efficiency and enhanced workforce productivity; but getting to these benefits requires overcoming the friction that exists among the IT security team (tasked with enforcing data security and integrity best practices, even on user-controlled endpoint devices), the infrastructure team and CIO (tasked with cost reduction) and the internal user (tasked with meeting productivity goals that demand efficient access to sensitive data on the go). This friction has never been more pronounced. The Maginatics Cloud Storage Platform (MCSP) is the only solution in the market today that addresses all aspects of this friction and ensures alignment among all constituencies, enabling enterprises to capture the benefits of both cloud and mobility without sacrificing data security or availability.

2 Data Protection from End to End Enterprise security spans multiple components, including: Physical security: Controlled data center access, surveillance, guards. Data encryption: At rest and in transit. Access control: Network policies and systems, identity management policies and systems. Data integrity: Ensuring data accuracy, consistency and reliability. The Maginatics security architecture fits this model perfectly, allowing enterprises to seamlessly leverage their existing systems, polices and tools for data protection while augmenting the traditional enterprise environment with features and capabilities that ensure end-to-end security in an era of cloud computing and unfettered mobility. Four pillars support this architecture: Physical and network security Unlike any competing solution, MCSP allows IT to persistently store all encryption keys, metadata and user database information exclusively within the confines of the enterprise s own physical data centers. Fine-grained encryption Upon entry into the system, every file is broken into many small, variable sized chunks, each of which is individually encrypted with its own independent AES-256 key. In addition, all data and metadata transfers take place over HTTPS. Access control native to the enterprise MCSP integrates natively with existing enterprise identity management systems such as Active Directory, enabling IT administrators to control access to data stored in the cloud with MCSP exactly as they would with data stored in a traditional filer. Connectivity between endpoints and the identity management system is secured using either VPN or a reverse proxy, while

3 cryptographically signed, time-limited tokens ensure that only authorized clients can access data stored in the system. (Note: a reverse proxy option provides an equivalent level of security as VPN without the need for VPN.) Data integrity A robust data verification process protects against malicious clients or network failures (e.g., HTTP proxy errors) causing data corruption. Chunks written to the object store are quarantined prior to being verified, so a misbehaving client cannot affect common data. What are the components of Maginatics Cloud Storage Platform? There are three foundational components that comprise MCSP (see figure 1). Figure 1: Key Components of Maginatics Cloud Storage Platform

4 1. The Maginatics Virtual Filer (MVF) The point of control for the MCSP is the Maginatics Virtual Filer (MVF), which is deployed as a virtual appliance and hosted where the customer wishes: (1) in its own data center; (2) by a trusted service provider or; (3) in the cloud. MVF provides, among other things, the control plane for the MCSP. It is responsible for mediating all data operations, as well as for access control (via the customer s existing Active Directory or another identity management system), data integrity, cache consistency and management of de-duplication maps. The MVF does not host data and therefore does not present a dataflow bottleneck as seen with legacy technologies. Instead, the Maginatics Virtual Filer hosts metadata (including all encryption keys) and acts as a gatekeeper to the data, which is hosted in the cloud. 2. The MagFS Agent The MagFS Agent is a native agent that resides on endpoint devices and communicates over the secure control plane with the MVF for permission to execute data operations. The agent then executes these operations by communicating directly with the object store over the secure data plane. Taking full advantage of the power and functionality of modern devices, the MagFS Agent does much of the heavy lifting in the system (in concert with the Maginatics Virtual Filer), including WAN optimization, fine-grained end-toend encryption and file segmentation and re-assembly. The use of endpoint agents allows MCSP to deliver security, scalability and control throughout the entire system: in the cloud, on the endpoint devices, and in-flight. 3. The Object Store The Object Store is any public, private or hybrid object store chosen by the customer.

5 Physical Data Center Protection The Maginatics security architecture renders data anywhere in the system in the cloud, on an endpoint device or in transit completely opaque to anyone who should acquire it without the ability to authenticate through the native enterprise identity management system. This is accomplished by persisting sensitive data elements that could compromise data security uniquely behind the enterprise firewall. That is, regardless of whether data is stored on-premises or in the cloud, the following elements are persistently stored only in the customer s data center (unless the customer chooses to store them elsewhere): Encryption keys Metadata (which can be more sensitive than its associated data) User database Fine-Grained Encryption As shown below, MCSP encryption/decryption is performed by the MagFS Agent entirely on the endpoint device, taking full advantage of the power, capabilities and hardware acceleration of modern computing devices. The encryption process is best illustrated using the following example; i.e., that of a user who wishes to save a file located on an endpoint device to the cloud. The steps are as follows: 1. File Segmentation The file is segmented into many small pieces or chunks of variable size. Besides enhancing performance by enabling granular inline deduplication and allowing threaded transfers of files between the endpoint and object store, file chunking improves security by forcing an attacker to compromise not just a single key, but many keys, in order to decrypt a single file. Chunk sizes are determined algorithmically to optimize deduplication efficiency.

6 Figure 2: MCSP Encryption 2. Encryption With MCSP, there is no master key that can compromise all data in the system in the event of a theft or loss. Instead, each plaintext chunk is individually encrypted with its own independent AES-256 key. This key is applied to the raw chunk using the AES/CBC-256 cipher, generating the encrypted chunks. The one-way cryptographic hash function is then applied again, this time to the encrypted chunk, to generate the chunk reference. 3. Key management The unique encryption key for the chunk is sent over HTTPS to the Figure 3: Recovery Modes

7 MVF, where it is persistently stored in an integrated key management system. The key is then deleted from memory on the endpoint device. 4. Data storage Each <chunk-reference, encrypted chunk> tuple represents a <key, value> pair which is stored in the local encrypted cache of the endpoint device to enable deduplication and to enhance performance (if the same key-value pair is already resident in the cache, this new copy is ignored). The chunk-reference is also transmitted along with other metadata (e.g., the associated file name) over HTTPS to the MVF, which persists the information and uses it to create a chunk map that maps file names to their constituent encrypted chunks. Upon receipt of the chunk-reference, the MVF computes a location in the cloud to which the associated encrypted chunk will be stored and generates a pointer to that location in the form of a cryptographically signed, time-limited URI which is sent over HTTPS to the MagFS Agent. Communicating over its own secure channel with the object store using the latter s native REST interface, the MagFS Agent transfers the encrypted chunk to the cloud with a simple PUT command. The object store validates the URI by checking the signature and expiration time before storing the encrypted chunk. If the time limit is exceeded, the MagFS Agent must request a new URI from the MVF. When retrieving files from the object store, the process is essentially reversed: 1. The MagFS Agent requests a file by name. Using its chunk map, the MVF identifies the constituent chunks, retrieves the associated chunk-references, URIs and keys and sends these elements over HTTPS to the MagFS Agent, where the chunk-references and keys are stored in memory. 2. The MagFS Agent checks its local encrypted cache for any of the chunk-references it has just received and decrypts the encrypted chunks associated with those it finds using the keys provided by the

8 MVF. On cache misses, the MagFS Agent uses the <URI, encryption key> pair to retrieve the missing chunks, decrypts them, reassembles the file (using chunk map data provided by the MVF) and presents the file to the user, ending the operation. All keys are deleted from memory once the application accessing the file closes or the active user session ends. Access Control As illustrated below, MCSP enables enterprise IT to control access to data using existing enterprise tools and workflows. Figure 3: Access Control The MVF integrates natively with existing enterprise identity management (IDM) systems such as Active Directory, allowing IT administrators to control access to data stored with MCSP exactly as they would with any traditional data center asset. There is no need to configure a new IDM system or to create new user profiles MCSP leverages existing systems, profiles and workflows.

9 Authentication Users authenticate against an internal Active Directory server by passing credentials over an HTTPS connection. The MVF validates the user credentials against Active Directory using the Kerberos protocol and retrieves the user s security identifier (SID) and group memberships via LDAP queries to Active Directory. The SID and group membership information is retained to perform access control as described below; user credentials are deleted after authentication. Access Control The file system objects in an MCSP deployment are individually protected by access control lists (ACLs) analogous to those used in a NTFS file system. When a file is accessed by a MagFS Agent, the MVF checks the ACL on the file and compares it with the SID and groups in the current user session. Access control can also be enforced at the share level. MCSP allows enterprise IT to choose VPN or a reverse proxy with custom third-party certificates as the means by which users (MagFS Agents) gain access to the MVF. Either option safeguards the perimeter with deep packet inspection, IP blocking, etc. Regardless of the method chosen, MCSP supports the use of single sign-on systems as illustrated in the figure above. Additionally, all data transfers (Agent-to-object store and Agent-to-MVF as well as asynchronous MVF-to-object store communication for encrypted chunk creation, verification and garbage collection) take place over HTTPS. As noted earlier, access control is further enhanced with the use of cryptographically signed, time-limited URIs.

10 Data Integrity A cardinal requirement for any storage architecture, data integrity is especially challenging in today s distributed enterprise, where untrusted endpoint devices outside the control of central IT must be able to safely write to the system, and do so over the public Internet. MCSP ensures that all data entering the system is stored accurately, reliably and consistently. In this environment, a misbehaving client may mark a failed write as successful due to a bug that manifests only under certain conditions (e.g., a buggy library), while a misbehaving HTTP proxy may give even a sound client incorrect information about an operation. More ominously, a virus-infected or otherwise malicious client may provide incorrect or simply random hash values (chunk-references) that bear no connection to the uploaded encrypted chunks. Without appropriate protection, any of these conditions may lead to data corruption issues. MCSP guards against these and all related risks with a robust, out-ofband data verification process. With this mechanism, Maginatics guarantees the reliability and consistency of all data written to the system and ensures that buggy, misbehaving or malicious clients cannot affect data integrity. Summary Enterprises have never before stored as much data as they do today, and access has never been so distributed and dispersed. Moving from legacy architectures to more cost-effective software-defined and cloudbacked architectures can help enterprises address these challenges. However, most existing solutions address only some aspects of security, mainly around data encryption. By deploying a cloud storage solution that makes security and data authentication top priorities, enterprises can alleviate these security and data integrity concerns that often inhibit their transition to the cloud.

A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief

A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief A Virtual Filer for VMware s Virtual SAN A Maginatics and VMware Joint Partner Brief With the massive growth of unstructured data in today s enterprise environments, storage IT administrators are constantly

More information

Maginatics Cloud Storage Platform A primer

Maginatics Cloud Storage Platform A primer Maginatics Cloud Storage Platform A primer Who is Maginatics? Maginatics is an emerging leader in distributed enterprise storage solutions. We provide enterprises with distributed, scalable and secure

More information

Amazon Web Services and Maginatics Solution Brief

Amazon Web Services and Maginatics Solution Brief Amazon Web Services and Maginatics Solution Brief Today, enterprise IT organizations are faced with unprecedented challenges when it comes to storing unstructured data both cost-effectively and securely

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Cloud-Era File Sharing and Collaboration

Cloud-Era File Sharing and Collaboration Cloud-Era File Sharing and Collaboration Maginatics Cloud Storage Platform Perspective 2012 Neovise, LLC. All Rights Reserved. Report Published July 29, 2014 Introduction Distributed file systems have

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

Security Architecture Whitepaper

Security Architecture Whitepaper Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer

More information

MagFS: The File System for the Cloud

MagFS: The File System for the Cloud MagFS: The File System for the Cloud 1 Table of Contents Introduction... 4 Traditional Network File Systems... 5 Cloud Gateways... 5 Online File Sharing... 6 Maginatics MagFS... 7 Key Advantages of the

More information

Oracle WebCenter Content

Oracle WebCenter Content Oracle WebCenter Content 21 CFR Part 11 Certification Kim Hutchings US Data Management Phone: 888-231-0816 Email: khutchings@usdatamanagement.com Introduction In May 2011, US Data Management (USDM) was

More information

SENSE Security overview 2014

SENSE Security overview 2014 SENSE Security overview 2014 Abstract... 3 Overview... 4 Installation... 6 Device Control... 7 Enrolment Process... 8 Authentication... 9 Network Protection... 12 Local Storage... 13 Conclusion... 15 2

More information

CrashPlan Security SECURITY CONTEXT TECHNOLOGY

CrashPlan Security SECURITY CONTEXT TECHNOLOGY TECHNICAL SPECIFICATIONS CrashPlan Security CrashPlan is a continuous, multi-destination solution engineered to back up mission-critical data whenever and wherever it is created. Because mobile laptops

More information

Analyzing HTTP/HTTPS Traffic Logs

Analyzing HTTP/HTTPS Traffic Logs Advanced Threat Protection Automatic Traffic Log Analysis APTs, advanced malware and zero-day attacks are designed to evade conventional perimeter security defenses. Today, there is wide agreement that

More information

Data Security using Encryption in SwiftStack

Data Security using Encryption in SwiftStack Data Security using Encryption in SwiftStack May 2015 Copyright 2015 SwiftStack, Inc. swiftstack.com Page 1 of 11 Table of Contents Introduction... 3 Defining Three Threat Models... 3 Encrypted Data and

More information

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models

High Security Online Backup. A Cyphertite White Paper February, 2013. Cloud-Based Backup Storage Threat Models A Cyphertite White Paper February, 2013 Cloud-Based Backup Storage Threat Models PG. 1 Definition of Terms Secrets Passphrase: The secrets passphrase is the passphrase used to decrypt the 2 encrypted 256-bit

More information

Xerox DocuShare Private Cloud Service. Security White Paper

Xerox DocuShare Private Cloud Service. Security White Paper Xerox DocuShare Private Cloud Service Security White Paper Table of Contents Overview 3 Adherence to Proven Security Practices 3 Highly Secure Data Centers 4 Three-Tier Architecture 4 Security Layers Safeguard

More information

Security Considerations for DirectAccess Deployments. Whitepaper

Security Considerations for DirectAccess Deployments. Whitepaper Security Considerations for DirectAccess Deployments Whitepaper February 2015 This white paper discusses security planning for DirectAccess deployment. Introduction DirectAccess represents a paradigm shift

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

Develop HIPAA-Compliant Mobile Apps with Verivo Akula Develop HIPAA-Compliant Mobile Apps with Verivo Akula Verivo Software 1000 Winter Street Waltham MA 02451 781.795.8200 sales@verivo.com Verivo Software 1000 Winter Street Waltham MA 02451 781.795.8200

More information

Maginatics Cloud Storage Platform Feature Primer

Maginatics Cloud Storage Platform Feature Primer Maginatics Cloud Storage Platform Feature Primer Feature Function Benefit Admin Features REST API Orchestration Multi-cloud Vendor Support Deploy and manage MCSP components from within your own code. Maginatics

More information

SECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions

SECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions SECUR Y IN MIRTH CONNECT Best Practices and Vulnerabilities of Mirth Connect Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions Date: May 15, 2015 galenhealthcare.com 2015. All rights

More information

EMC DATA DOMAIN ENCRYPTION A Detailed Review

EMC DATA DOMAIN ENCRYPTION A Detailed Review White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to

More information

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper

Active Directory Compatibility with ExtremeZ-IP. A Technical Best Practices Whitepaper Active Directory Compatibility with ExtremeZ-IP A Technical Best Practices Whitepaper About this Document The purpose of this technical paper is to discuss how ExtremeZ-IP supports Microsoft Active Directory.

More information

F5 and Microsoft Exchange Security Solutions

F5 and Microsoft Exchange Security Solutions F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application

More information

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2 BlackBerry Enterprise Service 10 BlackBerry Device Service Solution Version: 10.2 Security Technical Overview Published: 2014-09-10 SWD-20140908123239883 Contents 1 About BlackBerry Device Service solution

More information

Sync Security and Privacy Brief

Sync Security and Privacy Brief Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical

More information

FileCloud Security FAQ

FileCloud Security FAQ is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file

More information

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO

Secure VidyoConferencing SM TECHNICAL NOTE. Protecting your communications. www.vidyo.com 1.866.99.VIDYO TECHNICAL NOTE Secure VidyoConferencing SM Protecting your communications 2012 Vidyo, Inc. All rights reserved. Vidyo, VidyoTechnology, VidyoConferencing, VidyoLine, VidyoRouter, VidyoPortal,, VidyoRouter,

More information

PRIVACY, SECURITY AND THE VOLLY SERVICE

PRIVACY, SECURITY AND THE VOLLY SERVICE PRIVACY, SECURITY AND THE VOLLY SERVICE Delight Delivered by EXECUTIVE SUMMARY The Volly secure digital delivery service from Pitney Bowes is a closed, secure, end-to-end system that consolidates and delivers

More information

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief ForeScout CounterACT Device Host and Detection Methods Technology Brief Contents Introduction... 3 The ForeScout Approach... 3 Discovery Methodologies... 4 Passive Monitoring... 4 Passive Authentication...

More information

Chapter 10. Cloud Security Mechanisms

Chapter 10. Cloud Security Mechanisms Chapter 10. Cloud Security Mechanisms 10.1 Encryption 10.2 Hashing 10.3 Digital Signature 10.4 Public Key Infrastructure (PKI) 10.5 Identity and Access Management (IAM) 10.6 Single Sign-On (SSO) 10.7 Cloud-Based

More information

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI

More information

The Nasuni Security Model

The Nasuni Security Model Nasuni Security Model Nasuni s security architecture protects off-premises data, allowing enterprises to safely leverage cloud storage Executive Summary Storing data off-premises in cloud or as-a-service

More information

Application Reviews and Web Application Firewalls Clarified. Information Supplement: PCI Data Security Standard (PCI DSS) Requirement:

Application Reviews and Web Application Firewalls Clarified. Information Supplement: PCI Data Security Standard (PCI DSS) Requirement: Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls

More information

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW

WHITE PAPER NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW NEXSAN TRANSPORTER PRODUCT SECURITY AN IN-DEPTH REVIEW INTRODUCTION As businesses adopt new technologies that touch or leverage critical company data, maintaining the highest level of security is their

More information

The Security Behind Sticky Password

The Security Behind Sticky Password The Security Behind Sticky Password Technical White Paper version 3, September 16th, 2015 Executive Summary When it comes to password management tools, concerns over secure data storage of passwords and

More information

The increasing popularity of mobile devices is rapidly changing how and where we

The increasing popularity of mobile devices is rapidly changing how and where we Mobile Security BACKGROUND The increasing popularity of mobile devices is rapidly changing how and where we consume business related content. Mobile workforce expectations are forcing organizations to

More information

Securing an IP SAN. Application Brief

Securing an IP SAN. Application Brief Securing an IP SAN Application Brief All trademark names are the property of their respective companies. This publication contains opinions of StoneFly, Inc., which are subject to change from time to time.

More information

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy? SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY How Can I Both Enable and Protect My Organization in the New Application Economy? CA Security solutions can help you enable and protect your business

More information

Citrix ShareFile Enterprise: a technical overview citrix.com

Citrix ShareFile Enterprise: a technical overview citrix.com Citrix ShareFile Enterprise: a technical overview White Paper Citrix ShareFile Enterprise: a technical overview 2 The role of IT organizations is changing rapidly as the forces of consumerization pose

More information

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107

Three Ways to Integrate Active Directory with Your SaaS Applications OKTA WHITE PAPER. Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 OKTA WHITE PAPER Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street, Suite 300 San Francisco CA, 94107 info@okta.com 1-888-722-7871 wp-3waysad-113012 Table

More information

DarkFS - An Encrypted File System

DarkFS - An Encrypted File System 1 DarkFS - An Encrypted File System Team: Arjun Narayanan, Yuta 1. Motivation In many software applications, we want to store files in a remote, untrusted file server. With an untrusted file server, we

More information

Improve your mobile application security with IBM Worklight

Improve your mobile application security with IBM Worklight Improve your mobile application security with IBM Worklight Contents 1 Introduction 2 IBM Worklight overview 4 Enabling mobile security with IBM Worklight 6 Integrating IBM Worklight with enterprise security

More information

Xerox Mobile Print Cloud

Xerox Mobile Print Cloud September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Product Datasheet The governance IT needs Easy user adoption Trusted Managed File Transfer solutions Full-featured Enterprise-class IT Solution for Managed File Transfer Organizations today must effectively

More information

Policy Management: The Avenda Approach To An Essential Network Service

Policy Management: The Avenda Approach To An Essential Network Service End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Maginatics Cloud Storage Platform Version 3.0 Feature Brief

Maginatics Cloud Storage Platform Version 3.0 Feature Brief Maginatics Cloud Storage Platform Version 3.0 Feature Brief The launch of the Maginatics Cloud Storage Platform (MCSP) version 3.0 brings an exciting range of new functionality and features to further

More information

Key Management Interoperability Protocol (KMIP)

Key Management Interoperability Protocol (KMIP) (KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).

More information

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

CyberSource Payment Security. with PCI DSS Tokenization Guidelines CyberSource Payment Security Compliance The PCI Security Standards Council has published guidelines on tokenization, providing all merchants who store, process, or transmit cardholder data with guidance

More information

Secure remote access to your applications and data. Secure Application Access

Secure remote access to your applications and data. Secure Application Access Secure Application Access Secure remote access to your applications and data Accops HySecure is an application access gateway that enables secure access to corporate applications, desktops and network

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Web Application Hosting Cloud Architecture

Web Application Hosting Cloud Architecture Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described

More information

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Implementation Guide SAP NetWeaver Identity Management Identity Provider Implementation Guide SAP NetWeaver Identity Management Identity Provider Target Audience Technology Consultants System Administrators PUBLIC Document version: 1.10 2011-07-18 Document History CAUTION Before

More information

White paper Contents

White paper Contents Three Ways to Integrate Active Directory with Your SaaS Applications Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 User Management Challenges of Software

More information

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5 bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5 2008 Adobe Systems Incorporated. All rights reserved. Adobe Flash Media Rights Management Server 1.5 Overview for Microsoft

More information

ORGANIZATION S DATA INCREASES

ORGANIZATION S DATA INCREASES www.stacksync.org DO YOU KNOW? Your organization is dealing with an increasing amount of data, so your IT infrastructure may collapse soon. Resulting in another expensive investment. Furthermore, users

More information

Egnyte Local Cloud Architecture. White Paper

Egnyte Local Cloud Architecture. White Paper w w w. e g n y t e. c o m Egnyte Local Cloud Architecture White Paper Revised June 21, 2012 Table of Contents Egnyte Local Cloud Introduction page 2 Scalable Solutions Personal Local Cloud page 3 Office

More information

When enterprise mobility strategies are discussed, security is usually one of the first topics

When enterprise mobility strategies are discussed, security is usually one of the first topics Acronis 2002-2014 Introduction When enterprise mobility strategies are discussed, security is usually one of the first topics on the table. So it should come as no surprise that Acronis Access Advanced

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott Symantec Enterprise Firewalls From the Internet Thomas Symantec Firewalls Symantec offers a whole line of firewalls The Symantec Enterprise Firewall, which emerged from the older RAPTOR product We are

More information

managing SSO with shared credentials

managing SSO with shared credentials managing SSO with shared credentials Introduction to Single Sign On (SSO) All organizations, small and big alike, today have a bunch of applications that must be accessed by different employees throughout

More information

Deploying Firewalls Throughout Your Organization

Deploying Firewalls Throughout Your Organization Deploying Firewalls Throughout Your Organization Avoiding break-ins requires firewall filtering at multiple external and internal network perimeters. Firewalls have long provided the first line of defense

More information

M2M. Machine-to-Machine Intelligence Corporation. M2M Intelligence. Architecture Overview

M2M. Machine-to-Machine Intelligence Corporation. M2M Intelligence. Architecture Overview M2M Machine-to-Machine Intelligence Corporation M2M Intelligence Architecture Overview M2M Intelligence - Essential platform for the M2M and IoT Economy Architecture Overview Revised styles and edits 6/3/2016

More information

SharePoint 2013 Business Connectivity Services Hybrid Overview

SharePoint 2013 Business Connectivity Services Hybrid Overview SharePoint 2013 Business Connectivity Services Hybrid Overview Christopher J Fox Microsoft Corporation November 2012 Applies to: SharePoint 2013, SharePoint Online Summary: A hybrid SharePoint environment

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

THE LINK OFFLINE DATA ARCHITECTURE

THE LINK OFFLINE DATA ARCHITECTURE SECURE ENTERPRISE HTML5 THE LINK OFFLINE DATA ARCHITECTURE A MOBILE HELIX WHITEPAPER THE LINK OFFLINE DATA ARCHITECTURE The Link HTML5 SDK makes it simple for developers to build mobile apps with offline

More information

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX

SECURE YOUR DATA EXCHANGE WITH SAFE-T BOX SECURE YOUR DATA EXCHANGE SAFE-T BOX WHITE PAPER Safe-T. Smart Security Made Simple. 1 The Costs of Uncontrolled Data Exchange 2 Safe-T Box Secure Data Exchange Platform 2.1 Business Applications and Data

More information

Simple Storage Service (S3)

Simple Storage Service (S3) Simple Storage Service (S3) Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used

More information

Our Key Security Features Are:

Our Key Security Features Are: September 2014 Version v1.8" Thank you for your interest in PasswordBox. On the following pages, you ll find a technical overview of the comprehensive security measures PasswordBox uses to protect your

More information

Securing the Intelligent Network

Securing the Intelligent Network WHITE PAPER Securing the Intelligent Network Securing the Intelligent Network New Threats Demand New Strategies The network is the door to your organization for both legitimate users and would-be attackers.

More information

SOOKASA WHITEPAPER SECURITY SOOKASA.COM

SOOKASA WHITEPAPER SECURITY SOOKASA.COM SOOKASA WHITEPAPER SECURITY SOOKASA.COM Sookasa Overview Sookasa was founded in 2012 by a team of leading security experts. The company s patented file-level encryption enables enterprises to protect data

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Ensuring the security of your mobile business intelligence

Ensuring the security of your mobile business intelligence IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive

More information

Xerox DocuShare Security Features. Security White Paper

Xerox DocuShare Security Features. Security White Paper Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a

More information

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement

Data Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through

More information

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 Table of Contents 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2 2 Features and Benefits 2-1 Key Features 2-1 Support for the Browser/Server Resource Access Model 2-1 Support for Client/Server

More information

Security Policy Revision Date: 23 April 2009

Security Policy Revision Date: 23 April 2009 Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure

More information

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity SSL-VPN Combined With Network Security Introducing A popular feature of the SonicWALL Aventail SSL VPN appliances is called End Point Control (EPC). This allows the administrator to define specific criteria

More information

Market Application Delivery Networking. Products ADC, WAN Optimization, Secure Access

Market Application Delivery Networking. Products ADC, WAN Optimization, Secure Access Company snapshot Founded 2000 Headquarters Milpitas, CA, USA Employees 400+ Market Application Delivery Networking Products ADC, WAN Optimization, Secure Access Segments Enterprise, Service Provider, Public

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview STRATEGIC WHITE PAPER Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview Abstract Cloud architectures rely on Software-Defined Networking

More information

Achieve Deeper Network Security

Achieve Deeper Network Security Achieve Deeper Network Security Dell Next-Generation Firewalls Abstract Next-generation firewalls (NGFWs) have taken the world by storm, revolutionizing network security as we once knew it. Yet in order

More information

Citrix ShareFile Enterprise technical overview

Citrix ShareFile Enterprise technical overview Citrix ShareFile Enterprise technical overview 2 The role of IT organizations is changing rapidly as the forces of consumerization pose new challenges. IT is transitioning from the sole provider of user

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

ShareFile Enterprise technical overview

ShareFile Enterprise technical overview Overview Guide ShareFile Enterprise technical overview Secure data sync and sharing services ShareFile empowers users to securely share files with anyone and to sync files across all of their devices The

More information

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS Adaptive Authentication in Juniper SSL VPN Environments Solution Brief RSA Adaptive Authentication is a comprehensive authentication platform providing

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure

More information

Easy and secure application access from anywhere

Easy and secure application access from anywhere Easy and secure application access from anywhere Citrix is the leading secure access solution for applications and desktops HDX SmartAccess Delivers simple and seamless secure access anywhere Data security

More information

Introduction to Endpoint Security

Introduction to Endpoint Security Chapter Introduction to Endpoint Security 1 This chapter provides an overview of Endpoint Security features and concepts. Planning security policies is covered based on enterprise requirements and user

More information

Security IIS Service Lesson 6

Security IIS Service Lesson 6 Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and

More information