ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT"

Transcription

1 ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

2 IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make sure this ebook will get you the right information: YOUR COMPANY MUST MEET COMPLIANCE REGULATIONS AND PASS DATA SECURITY AUDITS YOU ARE STARTING AN ENCRYPTION PROJECT AND WANT TO LEARN MORE ABOUT ENCRYPTION KEY MANAGEMENT YOU ARE ALREADY ENCRYPTING BUT ARE NOT SURE IF YOU ARE USING KEY MANAGEMENT BEST PRACTICES 2

3 CONTENTS 1 WHAT IS ENCRYPTION KEY MANAGEMENT? /4 2 KEY MANAGEMENT BEST PRACTICES /5 3 IMPORTANT CERTIFICATIONS /7 4 MEET COMPLIANCE REQUIREMENTS /8 5 KEY MANAGEMENT FOR EVERY PLATFORM /11 6 ABOUT TOWNSEND SECURITY /15 3

4 WHAT IS ENCRYPTION KEY MANAGEMENT? The most important part of a data encryption strategy is the protection of the encryption keys you use. Encryption keys are the real secret that protects your data, and key management is the special province of security companies who create encryption key hardware security modules (HSMs) for this purpose. These systems are a combination of hardware and software specifically designed to create and manage encryption keys, and to restrict their use to authorized users and applications. Key management HSMs also incorporate a variety of security techniques to thwart unauthorized access, report on suspicious system activity, and mirror critical information to backup servers for high availability. WHAT IS ENCRYPTION KEY MANAGEMENT? WATCH THIS BRIEF VIDEO FEATUREING DATA PRIVACY EXPERT PATRICK TOWNSEND TO FIND OUT IF YOU SHOULD BE USING ENCRYPTION KEY MANAGEMENT TO PROTECT YOUR DATA. 4

5 KEY MANAGEMENT BEST PRACTICES Because encryption key management is crucial to data protection the National Institute of Standards and Technology (NIST) provides guidelines on best practices for key management and a cryptographic module certification program. The NIST Special Publication SP provides recommendations for encryption key management. Additionally, NIST Publishes standards for cryptographic systems in the Federal Information Processing Standards (FIPS 140-2). Key Management vendors can have their solutions certified by NIST to the FIPS standard, and this certification is required for Federal agencies. These best practices are recognized by federal and industry standards as critical steps to building a strong encryption and key management solution Dual Control means that no one person should be able to manage your encryption keys. Creating, distributing, and defining access controls should require at least two individuals working together to accomplish the task. Separation of Duties means that different people should control different aspects of your key management strategy. This is the old adage don t put your eggs in one basket. The person who creates and manages the keys should not have access to the data they protect. And, the person with access to protected data, should not be able to manage encryption keys. Split Knowledge applies to the manual generation of encryption keys, or at any point where encryption keys are available in the clear. More than one person should be required to constitute or reconstitute a key in this situation. 5

6 KEY MANAGEMENT BEST PRACTICES Q WHY IS INTEGRATED KEY MANAGEMENT A BEST PRACTICE RED FLAG? Integrated key management is a term of art that refers to storing an encryption key on the same platform where the encrypted data is stored. It is impossible to use key management best practices when you are storing encryption keys with the encrypted data, and doing this also makes it impossible to meet some compliance requirements such as PCI-DSS Section 3. Dual control, separation of duties, and split knowledge can only be achieved using an external key manager HSM. Q WHAT ARE THE PRACTICAL IMPLICATIONS OF THESE BEST PRACTICES AND CORE CONCEPTS? The practical implications of these best practices fall to the system administrators. On all major operating systems such as Linux, Windows, and IBM i (AS/400) there is one individual who has the authority to manage all processes and files on the system. This is the Administrator on Windows, the root user on Linux and UNIX, and the security officer on the IBM i platform. In fact, there are usually multiple people who have this level of authority. When there are so many authorized users and no protection of keys, the data is at a very high risk. That s why storing encryption keys on the same system where the protected data resides violates all of the core principles of data protection, and that s why we are seeing auditors and payment networks reject this approach. 6

7 IMPORTANT CERTIFICATIONS The National Institute of Standards and Technology (NIST) issues non-military government standards for a wide variety of technologies including data encryption and encryption key management. Because NIST uses an open and professional process to establish standards, the private sector usually adopts NIST standards for commercial use. NIST is one of the most trusted sources for technology standards. You should always look for an encryption and key management solution that is NIST-certified. ENCRYPTION CERTIFICATIONS Established by NIST as the highest standard for encryption, the most widely accepted cryptographic standard is the Advanced Encryption Standard (AES). AES supports nine modes of encryption, and NIST defines three key sizes for encryption: 128-bit, 192-bit, and 256-bit keys. KEY MANAGEMENT CERTIFICATIONS The highest standard for encryption key management is the Federal Information Processing Standard (FIPS) issued by NIST. A key management hardware security module (HSM) with a FIPS certification will offer the highest level of compliance for your company. 7

8 MEET COMPLIANCE REQUIREMENTS Data security compliance regulations exist in order to protect personal and sensitive information that businesses handle on a regular basis. Cyber crime and identity theft are on the rise in today s electronic world, and these regulations are designed to help protect consumers against these threats. Currently, the network of compliance regulations is fragmented across multiple regulating organizations. Some of them are government based and some are private industry based. Common regulations that all organizations are likely to run into are: $ Payment Card Industry Data Security Standards (PCI DSS) If you take or process credit card information, you fall under PCI DSS standards. This means that you must encrypt credit card information when it is at rest or in motion and protect encryption keys in accordance with Section 3. You also must implement encryption key management that uses proper dual control and separation of duties. PCI DSS also requires periodic encryption key rotation. Click Here to Read the Blog: Meet PCI-DSS & HIPAA/HITECH with Key Management for SQL Server 8

9 Health Insurance Portability and Accountability Act / Health Information Technology for Economic and Clinical Health Act (HIPAA/HITECH) If your company operates in the medical sector which is any organization defined as a covered entity within the HIPAA act you fall under HIPAA/HITECH data security regulations. The HITECH act of 2009 strengthened HIPAA regulations tremendously by referring to NIST for encryption standards, best practices of encryption key management, and the collection of system logs. Although there is no mandate by HHS and HIPAA/HITECH that you must encrypt patient information, there is a back door mandate that in the event of a data breach, all covered entities must report the breach to HHS. The only safe harbor from breach notification and potential fines is to be properly encrypting data. $ Gramm-Leach-Bliley Act and Federal Financial Institutions Examination Council (GLBA and FFIEC) The Gramm-Leach-Bliley Act and Federal Financial Institutions Examination Council regulate data security in the financial sector. Under these regulations the financial industry is defined broadly and certainly includes banks, but also covers credit reporting agencies and other financial institutions. FFIEC is tasked with conducting audits and making sure banks line up with regulations, which have a strong focus on protecting consumer information. One statement they make in their documentation is that effective and proper key management based on industry standards is crucial. 9

10 Sarbanes-Oxley (SOX) Any publicly traded company in the United States falls under SOX regulations. There has been quite an increase in the focus on data privacy by SOX auditors--particularly encryption key management and system logging. From the beginning SOX auditors have held IT departments to high standards in terms of best practices and proper control of data. This increased focus on data protection has developed within the last 12 months or so. Several of our customers have told us they ve been penalized for their insufficient encryption key management strategy by SOX auditors. Federal and State Laws Currently 44 out of 50 states have data privacy regulations. Many organizations are unaware of their own state s data privacy laws, or assume those laws do not apply to them, when in fact they almost always do. Apart from the data security standards listed above, there is currently a proposed federal privacy law working through congress. It is safe to assume that a new federal data privacy law will be enacted soon. Ultimately, regulations are becoming more stringent, not less. Fines and penalties are getting steeper, not cheaper. And certifications are becoming more important, not less important. Even more critical is the fact that these regulators recommend or require that you use industry standard, NIST and FIPS certified key management and encryption. Without these credentials, your company may not be compliant. 10

11 KEY MANAGEMENT FOR EVERY PLATFORM Key management is a necessary part of encryption and compliance, and you should be able to use key management on every platform including multi-platform environments. Some major platforms including Microsoft SQL Server 2008, SQL Server 2008 R2, SQL Server 2012, and IBM i V7R1 support easy and automatic encryption with the ability to use a third-party key manager. Encryption and key management can also be enabled on Oracle, Linux, DB2, and Windows. In this section we ll discuss encryption key management on two popular operating systems: Microsoft SQL Server 2008/20012 and IBM i. 11

12 ENCRYPTION KEY MANAGEMENT FOR SQL SERVER 2008/2012 ORGANIZATIONS CONTINUE TO EXPERIENCE DAMAGING LOSSES DUE TO DATA BREACHES. These losses include legal costs, costs to reimburse customers and employees, lost stakeholder value, and reduction of goodwill. The estimate of these financial losses range into the billions of dollars every year. This section highlights excerpts from the White Paper, ENCRYPTION KEY MANAGEMENT FOR SQL SERVER 2008/2012, and outlines how Microsoft provides for the encryption of sensitive data in its flagship SQL Server database system. MICROSOFT SQL SERVER 2008/2012 EXTENSIBLE KEY MANAGEMENT Recognizing the importance of proper key management for data security, Microsoft implemented extensible key management (EKM) in SQL Server EKM is both a new architecture for encryption key management services, and a new interface for third party key managers. While EKM provides for local, on-server management of encryption keys, Microsoft and third party security professionals recommend the use of external key management HSMs. TRANSPARENT DATA ENCRYPTION Transparent Data Encryption, or TDE, is a part of the Microsoft SQL Server Extensible Key Management system. When implemented, TDE encrypts the entire database table space providing security for the entire database. The key management HSM contains the master key that protects the entire table. Many Microsoft customers prefer the TDE approach to protecting data for several reasons: It is easy to implement and does not require modification of the application. They key that protects the database never leaves the HSM, providing better security. The impact on performance is smaller than other alternatives. Watch this video to learn how to set up TDE & EKM on SQL Server in under 10 minutes! Using TDE with a key management HSM provides customers with comprehensive data protection; it matches the best practice recommendations of security professionals and compliance auditors; performance impacts are minimal; and it is the easiest and least expensive solution to implement. 12

13 ENCRYPTION KEY MANAGEMENT FOR SQL SERVER 2008/2012 EXTENSIBLE KEY MANAGEMENT (EKM) AND KEY MANAGER SECURE CONNECTIONS WITH TLS Key management best practices require that encryption keys be protected at all times and not be exposed to loss as they move from the key server HSM to the SQL Server application. A good key manager should use authenticated and secure Transport Layer Security (TLS) communications and standard PKI methods to insure that critical information is protected as it moves to and from the key server. Your organization can use existing PKI infrastructure to create the necessary X509 certificate and private keys used to protect TLS sessions, or you can use OpenSSL to generate the necessary certificates and keys. Regardless of the method you use to create the certificates and keys, your key management HSM should always protect encryption keys and sensitive data as it moves between SQL Server and the HSM. CELL LEVEL ENCRYPTION Cell Level Encryption, or column encryption, is also a part of the Microsoft SQL Server Extensible Key Management system. When implemented, cell level encryption encrypts a single column of a table. Unlike TDE, the Microsoft developer must implement cell level encryption in their SQL statements. For Microsoft customers and ISVs who have legacy applications that perform encryption, this may be the best way to implement data protection in the SQL Server database. Watch the Webinar: Encryption & Key Management on SQL Server to Learn: Principles and best practices for encryption and key management Using EKM & TDE to easily encrypt sensitive data on SQL Server 2008/2012 Encryption strategies for all SQL Server platforms Performance impacts of encryption on SQL Server How to easily meet compliance requirements 13

14 ENCRYPTION KEY MANAGEMENT FOR IBM i END OF SUPPORT FOR V5R4 On September 30, 2013, IBM will end support for IBM i V5R4. This decision will force their customers running on V5R4 to upgrade to either V6R1 or V7R1. The most notable difference between V6R1 and V7R1 is the new FIELDPROC exit point capability offered exclusively in V7R1. Short for field procedure, FIELDPROC allows a user to identify all fields they wish to encrypt with a third-party automatic AES encryption solution without making application changes. IBM i V7R1 and FIELDPROC The newest version of the IBM i operating system, V7R1, brings sophisticated new security tools from IBM s larger systems to mid-range markets. These new features allow third-party companies such as Townsend Security to offer NIST-certified automatic AES encryption, so that you can now encrypt your sensitive data without application changes. Encryption key management used in conjunction with FIELDPROC encryption enables IBM i customers to meet compliance mandates such as PCI-DSS. Encryption is only half of the solution. Without a comprehensive encryption key management plan, an encryption project is still weak and incomplete. 14

15 TOWNSEND SECURITY: DEDICATED TO DATA PRIVACY Townsend Security has earned the trust of over 3,000 customers worldwide with our easyto-use, affordable, and comprehensive encryption and key management solutions. With over 20 years of experience in the data security industry, Townsend Security has helped some of the largest enterprises meet their evolving compliance requirements (PCI DSS, HIPAA/HITECH, and others) and mitigate the risk of data breaches and cyber-attacks. Our encryption key management solutions are FIPS certified, and our data in motion and data at rest products are certified by NIST. Townsend Security is committed to both our end-users and partner channel. We provide our partners with Enterprise ready appliances with simplified distribution models that make it easy for OEMs, ISVs, and System Integrators to be successful. Our team is dedicated to providing training, back-end support, and marketing materials to your technical and sales staff and remains accessible long after the training is complete. Web: Phone: (800) or (360)

Encryption Key Management for Microsoft SQL Server 2008/2014

Encryption Key Management for Microsoft SQL Server 2008/2014 White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

OVERCOMING CRITICAL SECURITY ISSUES. A GUIDE TO PROPER ENCRYPTION KEY MANAGEMENT FOR RETAIL ISVs

OVERCOMING CRITICAL SECURITY ISSUES. A GUIDE TO PROPER ENCRYPTION KEY MANAGEMENT FOR RETAIL ISVs OVERCOMING CRITICAL SECURITY ISSUES A GUIDE TO PROPER ENCRYPTION KEY MANAGEMENT FOR RETAIL ISVs As we see time and time again in the news, retailers still experience data breaches through their payment

More information

Key Management in the Multi-Platform Environment

Key Management in the Multi-Platform Environment White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

Securing Your Sensitive Data with EKM & TDE. on SQL Server 2008/2012

Securing Your Sensitive Data with EKM & TDE. on SQL Server 2008/2012 Securing Your Sensitive Data with EKM & TDE on SQL Server 2008/2012 About The Speaker Founder & CEO of Townsend Security Leading data security expert 30 years IT industry experience Introduction Organizations

More information

Critical Steps to Encryption & Key Management in the Microsoft Azure Cloud

Critical Steps to Encryption & Key Management in the Microsoft Azure Cloud White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

Alliance Key Manager Cloud HSM Frequently Asked Questions

Alliance Key Manager Cloud HSM Frequently Asked Questions Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

Alliance AES Key Management

Alliance AES Key Management Alliance AES Key Management Solution Brief www.patownsend.com Patrick Townsend Security Solutions Criteria for selecting a key management solution for the System i Key Management is as important to your

More information

Automatic Encryption With V7R1 Townsend Security

Automatic Encryption With V7R1 Townsend Security Automatic Encryption With V7R1 Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 THE ENCRYPTION COMPANY 25 years experience data communication and data security Recognized

More information

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g

More information

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security

PCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12

More information

MySQL Security: Best Practices

MySQL Security: Best Practices MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse.

IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. IBM i Encryption in a Snap! Implement IBM FIELDPROC with a simple to use GUI and a few clicks of your mouse. Presented by Richard Marko, Manager of Technical Services Sponsored by Midland Information Systems,

More information

All Things Oracle Database Encryption

All Things Oracle Database Encryption All Things Oracle Database Encryption January 21, 2016 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda Database Encryption

More information

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing

More information

DMZ Gateways: Secret Weapons for Data Security

DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security A L I N O M A S O F T W A R E W H I T E P A P E R DMZ Gateways: Secret Weapons for Data Security EXECUTIVE

More information

Alliance AES Encryption for IBM i Solution Brief

Alliance AES Encryption for IBM i Solution Brief Encryption & Tokenization Alliance AES Encryption for IBM i Solution Brief A Complete AES Encryption Solution Alliance AES Encryption for IBM i provides AES encryption for sensitive data everywhere it

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

<Insert Picture Here> Oracle Database Vault

<Insert Picture Here> Oracle Database Vault Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security The following is intended to outline our general product direction. It is intended for information

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

SafeNet Enterprise Data Protection. An Integrated Suite of Data-centric Security Solutions to Protect Data and Achieve Compliance

SafeNet Enterprise Data Protection. An Integrated Suite of Data-centric Security Solutions to Protect Data and Achieve Compliance SafeNet Enterprise Data Protection An Integrated Suite of Data-centric Security Solutions to Protect Data and Achieve Compliance Securing Today s Connected Enterprise Today, data management extends not

More information

BANKING SECURITY and COMPLIANCE

BANKING SECURITY and COMPLIANCE BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Alliance Key Manager A Solution Brief for Technical Implementers

Alliance Key Manager A Solution Brief for Technical Implementers KEY MANAGEMENT Alliance Key Manager A Solution Brief for Technical Implementers Abstract This paper is designed to help technical managers, product managers, and developers understand how Alliance Key

More information

VORMETRIC DATA SECURITY USE CASE

VORMETRIC DATA SECURITY USE CASE VORMETRIC DATA SECURITY USE CASE Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711 South Korea: +82.2.2190.3830 info@vormetric.com www.vormetric.com

More information

Vormetric Encryption Architecture Overview

Vormetric Encryption Architecture Overview Vormetric Encryption Architecture Overview Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

What IT Auditors Need to Know About Secure Shell. SSH Communications Security What IT Auditors Need to Know About Secure Shell SSH Communications Security Agenda Secure Shell Basics Security Risks Compliance Requirements Methods, Tools, Resources What is Secure Shell? A cryptographic

More information

2013 AWS Worldwide Public Sector Summit Washington, D.C.

2013 AWS Worldwide Public Sector Summit Washington, D.C. Washington, D.C. Next Generation Privileged Identity Management Control and Audit Privileged Access Across Hybrid Cloud Environments Ken Ammon, Chief Strategy Officer Who We Are Security software company

More information

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide

More information

Key Management Best Practices

Key Management Best Practices White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage

More information

THE KEY TO DATA SECURITY

THE KEY TO DATA SECURITY Secure Correspondence and File Sharing Zero-Knowledge Client-Side Encryption THE KEY TO DATA SECURITY TitanFile provides the highest level of security without compromising efficiency or ease of use. Securing

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

GiftCardXpress - Elavon Brief

GiftCardXpress - Elavon Brief GiftCardXpress - Elavon Brief CFXWORKS, INC 2015 http://www.cfxworks.com GiftCardXpress - Elavon Brief GiftCardXpress (Elavon) Version 16.1: This gift card solution, GiftCardXpress (Elavon), is an open

More information

Securing Your Business with Managed File Transfer

Securing Your Business with Managed File Transfer Why FTP/SFTP Solutions Are No Longer a Viable Option www.stonebranch.com Executive Summary This white paper sets out to explain the importance of a Managed File Transfer solution implementation within

More information

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures

Adopt and implement privacy procedures, train employees on requirements, and designate a responsible party for adopting and following procedures Whitesheet Navigate Your Way to Compliance The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is an American federal law that requires organizations that handle personal health information

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

Compliance for the Road Ahead

Compliance for the Road Ahead THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road

More information

SafeNet DataSecure vs. Native Oracle Encryption

SafeNet DataSecure vs. Native Oracle Encryption SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises

More information

The syslog-ng Store Box 3 LTS

The syslog-ng Store Box 3 LTS The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies

Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies WHITE PAPER Protecting Legacy Host Systems with Enterprise Authentication and Authorization Technologies Under

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

Securing Oracle E-Business Suite in the Cloud

Securing Oracle E-Business Suite in the Cloud Securing Oracle E-Business Suite in the Cloud November 18, 2015 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda The

More information

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital

More information

syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com

syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com Introduction Log messages contain information about the events happening on the hosts.

More information

Enforcive / Enterprise Security

Enforcive / Enterprise Security TM Enforcive / Enterprise Security End to End Security and Compliance Management for the IBM i Enterprise Enforcive / Enterprise Security is the single most comprehensive and easy to use security and compliance

More information

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy

More information

What s New in Centrify DirectAudit 2.0

What s New in Centrify DirectAudit 2.0 CENTRIFY DATASHEET What s New in Centrify DirectAudit 2.0 Introduction Centrify DirectAudit s detailed, real-time auditing of privileged user sessions on Windows, UNIX and Linux systems provides a full

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Security Solutions. MyDBA s. Security Solutions. For Databases. October 2012. Copyright 2012 MyDBA CC. Version 3

Security Solutions. MyDBA s. Security Solutions. For Databases. October 2012. Copyright 2012 MyDBA CC. Version 3 MyDBA s Security Solutions For Databases October 2012 Version 3 The Protection of Personal Information (POPI) Bill The Bill requires that: Anyone who processes personal information will need to take appropriate

More information

Design of Database Security Policy In Enterprise Systems

Design of Database Security Policy In Enterprise Systems Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World

More information

Can You be HIPAA/HITECH Compliant in the Cloud?

Can You be HIPAA/HITECH Compliant in the Cloud? Can You be HIPAA/HITECH Compliant in the Cloud? Background For the first 10 years of its existence, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was a toothless tiger. Although

More information

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets WHITE PAPER Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets 951 SanDisk Drive, Milpitas, CA 95035 www.sandisk.com Table of Contents Abstract... 3 Introduction... 3 The Solution... 3 The

More information

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR)

kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) kamai Technologies Inc. Commonly Accepted Security Practices and Recommendations (CASPR) June 2015 Table of Contents CASPR... 2 FIPS 140-2: Security Requirements For Cryptographic Modules... 2 Federal

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

HIPAA COMPLIANCE AND

HIPAA COMPLIANCE AND INTRONIS CLOUD BACKUP & RECOVERY HIPAA COMPLIANCE AND DATA PROTECTION CONTENTS Introduction 3 The HIPAA Security Rule 4 The HIPAA Omnibus Rule 6 HIPAA Compliance and Intronis Cloud Backup and Recovery

More information

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery WHITE PAPER HIPPA Compliance and Secure Online Data Backup and Disaster Recovery January 2006 HIPAA Compliance and the IT Portfolio Online Backup Service Introduction October 2004 In 1996, Congress passed

More information

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution 1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales

More information

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC www.fmsinc.org 1 2015 Financial Managers Society, Inc. Cloud Security Implications

More information

IT Security & Compliance Risk Assessment Capabilities

IT Security & Compliance Risk Assessment Capabilities ATIBA Governance, Risk and Compliance ATIBA provides information security and risk management consulting services for the Banking, Financial Services, Insurance, Healthcare, Manufacturing, Government,

More information

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE

More information

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

Netwrix Auditor for SQL Server

Netwrix Auditor for SQL Server Netwrix Auditor for SQL Server Quick-Start Guide Version: 7.1 10/26/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from

More information

HIPAA Privacy & Security White Paper

HIPAA Privacy & Security White Paper HIPAA Privacy & Security White Paper Sabrina Patel, JD +1.718.683.6577 sabrina@captureproof.com Compliance TABLE OF CONTENTS Overview 2 Security Frameworks & Standards 3 Key Security & Privacy Elements

More information

Navigate Your Way to NERC Compliance

Navigate Your Way to NERC Compliance Navigate Your Way to NERC Compliance NERC, the North American Electric Reliability Corporation, is tasked with ensuring the reliability and safety of the bulk power system in North America. As of 2010,

More information

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...

More information

4 Steps to Financial Data Security Compliance Technologies to Help Your Financial Service Organization Comply with U.S.

4 Steps to Financial Data Security Compliance Technologies to Help Your Financial Service Organization Comply with U.S. 4 Steps to Financial Data Security Compliance Technologies to Help Your Financial Service Organization Comply with U.S. Regulations Introduction Legislation related to data security in financial services

More information

Business Communications for Healthcare

Business Communications for Healthcare Business Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization

More information

Top Signs You re Prime for a Data Breach in 2014

Top Signs You re Prime for a Data Breach in 2014 Hacking Into Your Healthcare Systems Series Top Signs You re Prime for a Data Breach in 2014 PRESENTED BY: IronBox Data Protection Website: www.goironbox.com Email: contactus@goironbox.com About IronBox

More information

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services Introduction Patient privacy has become a major topic of concern over the past several years. With the majority of

More information

Feature. Log Management: A Pragmatic Approach to PCI DSS

Feature. Log Management: A Pragmatic Approach to PCI DSS Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who

More information

The syslog-ng Store Box 3 F2

The syslog-ng Store Box 3 F2 The syslog-ng Store Box 3 F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance

More information

HIPAA Compliance and the Protection of Patient Health Information

HIPAA Compliance and the Protection of Patient Health Information HIPAA Compliance and the Protection of Patient Health Information WHITE PAPER By Swift Systems Inc. April 2015 Swift Systems Inc. 7340 Executive Way, Ste M Frederick MD 21704 1 Contents HIPAA Compliance

More information

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services

Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Ensuring HIPAA Compliance with eztechdirect Online Backup and Archiving Services Introduction Patient privacy continues to be a chief topic of concern as technology continues to evolve. Now that the majority

More information

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP

Auditing your institution's cybersecurity incident/breach response plan. Baker Tilly Virchow Krause, LLP Auditing your institution's cybersecurity incident/breach response plan Objectives > Provide an overview of incident/breach response plans and their intended benefits > Describe regulatory/legal requirements

More information

Email Encryption Services

Email Encryption Services Services ZixCorp provides easy-to-use email encryption services for privacy and regulatory compliance. As the largest email encryption services provider, ZixCorp protects tens of millions of members in

More information

Securing Data on Portable Media. www.roxio.com

Securing Data on Portable Media. www.roxio.com Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7

More information

Real-Time Database Protection and. Overview. 2010 IBM Corporation

Real-Time Database Protection and. Overview. 2010 IBM Corporation Real-Time Database Protection and Monitoring: IBM InfoSphere Guardium Overview Agenda Business drivers for database security InfoSphere Guardium architecture Common applications The InfoSphere portfolio

More information

Innovations in Digital Signature. Rethinking Digital Signatures

Innovations in Digital Signature. Rethinking Digital Signatures Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Security Talk: Protecting Your Data Using Encryption in SQL Server. Il-Sung Lee Senior Program Manager Microsoft Corporation

Security Talk: Protecting Your Data Using Encryption in SQL Server. Il-Sung Lee Senior Program Manager Microsoft Corporation Security Talk: Protecting Your Data Using Encryption in SQL Server Il-Sung Lee Senior Program Manager Microsoft Corporation ilsung@microsoft.com What We Will Cover Cell-Level Encryption Transparent Data

More information

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background

Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background What is a privileged user? A privileged user is an individual who, by virtue of function,

More information

Using Encryption and Access Control for HIPAA Compliance

Using Encryption and Access Control for HIPAA Compliance A Fortrex Using Encryption and Access Control for HIPAA Compliance Page 1 Introduction On January 25, 2013, the final HIPAA Omnibus Rule was published. It expanded to business associates the obligation

More information

Oracle 1Z0-528 Exam Questions & Answers

Oracle 1Z0-528 Exam Questions & Answers Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database

More information

White Paper How Noah Mobile uses Microsoft Azure Core Services

White Paper How Noah Mobile uses Microsoft Azure Core Services NoahMobile Documentation White Paper How Noah Mobile uses Microsoft Azure Core Services The Noah Mobile Cloud service is built for the Microsoft Azure platform. The solutions that are part of the Noah

More information