Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules
|
|
- Sophie Kennedy
- 8 years ago
- Views:
Transcription
1 Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security
2 TABLE OF CONTENT Introduction...3 Oracle Database 11g Release 2 Advanced Security and Transparent Data Encryption (TDE)...5 Why encryption is unique and important...7 Industry regulation and the costs of breaches...8 What is a hardware security module (HSM)?...9 Benefits of Using HSMs for Key Management...10 The need for centralized key management...11 Oracle and Thales: Added Value for Centralized Key Management and High Security...12 Operational benefits...12 Security and compliance benefits...13 Compliance benefits...13 Conclusion...15 For more information...16 About Thales...16 About Thales e-security
3 INTRODUCTION Sensitive data is everywhere bank transactions, healthcare records, student information, credit card data, and more. Data not only lives in the data center, point-of-sale terminal, or trading workstation, it also travels beyond the controls of the IT department whether transferred over the Internet or shipped by truck for archiving. Businesses and governments are responsible for protecting the privacy and private data of their customers, patients, citizens, employees, and business partners. This responsibility is now part of legislation, regulation, and industry rules. Increasingly, encryption is the means by which organizations meet this responsibility. Databases are a core operational component in running a modern business. Organizations are storing increasing amounts of sensitive information in databases, which poses a risk if there is a breach of data confidentiality. A data breach can result in fines and lost business. Database encryption solutions can be used to help mitigate this risk. Whether data remains in a database, is transferred over a network, or is backed up to tape, encryption ensures that data is readable only by applications or individuals with the appropriate encryption keys. As highlighted in a 2011 Ponemon Institute research report titled What Auditors Think about Crypto Technologies, protecting the confidentiality of data in storage is one of the more challenging aspects for compliance with increasing data security regulations. While encryption is considered the best technology for securing databases, the administration of the key management system is equally important for auditors. Oracle s Database 11g Release 2 Transparent Data Encryption (TDE) provides database encryption to address the risks outlined above. Oracle Database 11g Release 2 supports centralized key management in hardware security modules (HSMs) such as the Thales nshield family. The main business driver for this type of solution is the need to meet compliance requirements, notably PCI. 3
4 This white paper is aimed at IT Security professionals and database administrators. It discusses the benefits of encryption, focusing on database encryption using Oracle s TDE integrated with Thales nshield HSMs. Also discussed is how HSMs improve the operational aspects of key management and offer a higher level of security assurance to the customer and aid compliance. 4
5 ORACLE DATABASE 11G RELEASE 2 ADVANCED SECURITY AND TRANSPARENT DATA ENCRYPTION (TDE) Advanced Security is an option for the Oracle Database 11g Release 2 Enterprise Edition that includes network encryption, transparent data encryption (TDE), and strong authentication. It is TDE that is the main focus of this paper. Oracle Advanced Security TDE can easily secure both new and existing database deployments without modification to any of the applications or processes consuming the data. This is possible because TDE by its very design is transparent to the application as it resides within the database engine. Therefore, TDE can be applied to many types of data: customer data, credit card data, financial, healthcare records and other types of sensitive information. TDE provides two modes of encryption: TDE column encryption TDE Tablespace encryption Figure 1: TDE is part of Oracle Advanced Security 5
6 TDE column encryption permits security managers to identify specific data (for example credit card numbers) in an application table column that should be protected using encryption. This requires a good understanding of where the sensitive information resides in the database that needs protection. Figure 2: Sample database table. Tablespace 1 encryption is a feature unique to the Oracle database. It allows the security officer to select which tablespaces should be encrypted. The feature was first introduced with Oracle Database 11g Release 2 and offers an important advantage compared to the column-level approach: If the exact location of sensitive data is unknown, then use tablespace encryption to protect all data in a tablespace. It removes the effort of having to locate and classify data within the tables. It is the simplest approach to implement and manage precisely because an organization does not need to locate sensitive data and classify it within the database tables. 1 A tablespace is a logical entity within the Oracle database; it can be thought of as a container that stores tables and all other database objects within the database. Every table in the database resides within a tablespace. This logical entity is the bridge between the logical and physical database. Each tablespace is associated with one or many data files. In other words, the data is stored within a database table, which is logically stored within a tablespace where the tablespace physically stores the data within data files on the operating system. 6
7 Figure 3: Each tablespace can contain one or several tables and other database objects like Indexes. Any applications, including non-oracle applications that use Oracle Database 11g Release 2 or plan to use the database, can take advantage of the full range of TDE capabilities. For example, there is a growing list of applications that have been tested and certified by Oracle to use TDE tablespace encryption. At the time of going to press the list includes: Oracle E-Business Suite Oracle PeopleSoft Enterprise Oracle Siebel CRM 8.0+ Oracle JD Edwards Enterprise One SAP (6.40_EX and later) Why encryption is unique and important Securing sensitive data against security breaches helps mitigate reputational and compliance risks to the business. Encryption provides a unique solution to the problem of data security when compared to access controls that can manage user access to database tables. 7
8 Encryption offers protection in many scenarios: when database disks are exchanged for maintenance purposes or when database files are written to an export file or to backup such as a tape library. In these instances database encryption becomes far more important than access controls because by moving data from the database the encrypted data has been separated from the master encryption key that is required to access the data. As a result, anyone finding the media containing the encrypted database files is unable to read it. There is an additional benefit to encrypting data. When data needs to be destroyed and disposed of, simply destroying the keys will prevent the data ever being read. This is especially valuable in cases where disks might be accidentally sold or lost without being wiped or cleared. Why is encryption so important? Enterprises need encryption to satisfy various compliance requirements, which vary depending on the industry sector. For example, encryption plays an important role in aiding compliance with PCI DSS 2, which is an industry standard that mandates the consistent protection of credit card data. While traditional security mechanisms that monitor and control access to applications are still required, encryption is an increasingly necessary component to achieve compliance. Encryption protects data wherever it goes, even beyond the boundaries of the data center. Industry regulation and the costs of breaches Many industries are proactively taking steps to protect their customers privacy and avert government regulation. For example, PCI DSS consolidates security standards created by American Express, Discover, JCB, MasterCard, and Visa. All organizations processing, transmitting, or handling credit card data must document and report their PCI DSS compliance. PCI DSS mandates the protection of Primary Account Numbers (PANs) in transit and in storage. Encryption is commonly used to achieve PCI DSS compliance, and audits are used to verify compliance. Passing an external audit can be time-consuming, complex and expensive, often requiring changes to processes and technology. In addition to the regulatory activities led by industry there are numerous privacy breach notification laws in place that effectively mandate encryption. The first such law was the 2 Payment Card Industry Data Security Standard 8
9 State of California Senate Bill 1386 and more recently the State of Massachusetts mandated stricter requirements for the use of encryption. Not encrypting data can prove to be very costly to organizations. Published in 2009, the U.S. Cost of a Data Breach Study by the Ponemon Institute reports that data breaches cost organizations an average of US$202 per lost record, with the total cost of an average breach reaching US$6.6 million. Most of the costs arise from the notification of customers and lost future business due to reputational damage. As such, security and compliance can prove to be competitive advantages. What is a hardware security module (HSM)? A HSM is a hardware device that is typically deployed in the data center. Generally, HSMs are either plug-in cards that serve a single server or network-based hardware appliances that support many servers concurrently. HSMs are deployed in a variety of applications identity management, public key infrastructure (PKI), database encryption, POS format preserving encryption and tokenization, web services, hi-tech manufacturing, digital rights management and more. They do the following: Protect cryptographic keys and perform cryptographic functions within a secure tamper-resistant hardware environment. Overcome the threat of a software-based attack on the OS by protecting the keys within the hardware, and provide robust tools to enforce key management policies across the key life cycle. Provide a simple strong authentication mechanism for key management administrators and can be used to establish and enforce powerful separation of duty schemes (e.g. so that no one person could subvert the key security). Are dedicated to individual servers (usually in the form of a PCI or PCIe card) or when using an appliance can be shared by multiple servers. Incorporate high-speed cryptographic processors to improve performance and therefore system capacity. 9
10 Benefits of Using HSMs for Key Management HSMs are important for three main reasons: Security: HSMs ensure the security of cryptographic keys as they are created, stored, and used. They provide the highest level of security assurance for the keys that are protecting sensitive data. Typically HSMs are required to be certified and comply with well-known security standards, FIPS and Common Criteria 3. Operations: Management of the encryption keys is handled by the HSM. Many key management operations can be simplified by using an HSM. Compliance: Organizations address and reduce the amount of effort needed for compliance by deploying an HSM as part of their encryption solution. Encryption keys are central to data security your data is only as secure as your keys. This makes key management extremely important. The need for centralized key management An Oracle Advanced Security TDE deployment may involve a number of database instances, each with their own encryption keys and associated TDE master keys. Rotating and managing each of these keys individually can be expensive when compared to the use of an HSM to centralize the management. Some of the benefits in using a HSM to provide centralized key management to multiple databases and possibly other applications too include: 3 The Federal Information Processing Standard (FIPS) defines security requirements for cryptographic modules used in protecting sensitive data within government and enterprise information systems. The standard is promulgated by the United States and Canada and enjoys international recognition. Common Criteria is an internationally recognized computer security product evaluation framework. 10
11 All the HSM functions outlined earlier in the section What is a hardware security module (HSM) equally apply to a centralized HSM appliance. One central appliance that can be deployed in a clustered failover and loadbalancing configuration. Central location for key life cycle management simplifies the operational management. Reduction in key rotation frequency. When compared to using software protection of a key, the use of a HSM reduces the frequency of key rotation because of the higher level of security afforded which reduces operating costs. Central repository for key storage e.g. this assists with PCI compliance requirements for the keys to be stored in as few places as possible. Audits are simplified. HSMs are a well understood part of the modern IT security infrastructure, simplifying key management in a manner that readily aids auditors in assessing adherence to good policy. This in turn reduces the expense of meeting compliance. 11
12 ORACLE AND THALES: ADDED VALUE FOR CENTRALIZED KEY MANAGEMENT AND HIGH SECURITY Oracle and Thales have partnered to integrate the Oracle Database 11g Release 2 and the Thales nshield HSM product family. The Thales nshield Solo PCI or PCIe card can be installed in a server to provide local key management to that server (appropriate when multiple database instances are installed on one server, replacing their individual Oracle Wallets), while the Thales nshield Connect appliances can be deployed centrally to service multiple servers. A unique feature of the Thales nshield family is that the HSMs are compatible with each other. The nshield Solo and nshield Connect are fully compatible and if required may be deployed together in the same installation. HSMs centrally manage the master encryption keys, which improves operational efficiency and provides a higher level of assurance for the keys. As a result, organizations can more easily and efficiently meet PCI compliance requirements by managing keys effectively and storing them in as few places as possible. Below we outline the important benefits of deploying a Thales nshield with the Oracle Database 11g Release 2 TDE. Operational benefits Smooth deployment Fully tested and supported by Thales and Oracle for quick deployment - integrates out of the box via the industry standard PKCS#11 API Scalability As the number of databases and tablespaces increases or the encryption load increases more HSMs can be added that also includes automatic load balancing. Support for virtualized environments For Thales nshield Connect, users have the option to add hardware-based key management to virtualized servers 12
13 Performance Hardware acceleration enables organizations to avoid server CPU bottlenecks caused by the high processing requirements of cryptography. Failover capability The Thales nshield HSM family provides users with the option of deploying a redundant configuration in the event of an HSM failure. Recovery Thales HSMs offer a unique ability for simple and secure backup of sensitive keys and recovery in the event of a disk, server or HSM failure. Cost-effectiveness Thales nshield Connects enable the shared use of single modules across several servers to reduce costs Security and compliance benefits Hardware key protection Stores the TDE master keys in a secure environment, the keys are never exposed to anyone outside of the HSM. High security An HSM provides a TDE deployment with the highest level of security assurance for protecting the encryption keys. This level of protection is only achievable by the use of tamper-resistant hardware a security strength that software protection alone could not provide. Advanced separation of duties Where (1) the key management is separated from the database administration functions, (2) management of the HSM includes separation of roles, (3) strong authentication (including smartcard quorums) of HSM administrators and operators. Compliance benefits Reduced cost of compliance The centralized key management of the nshield Connect reduces the operational costs that includes a reduced need for key rotation, and reduces the cost of meeting compliance. FIPS validated hardware The nshield Solo and nshield Connect security are certified to FIPS level 3. Only purpose built hardware solutions can meet this level of security certification, thus augmenting the certifications of the Oracle database. 13
14 Common criteria The nshield Solo and nshield Connect security are certified to Common Criteria EAL4+. Again this also augments the security certification of the Oracle database. Figure 4: nshield HSMs can be dedicated to one server or provide cryptographic services to an entire infrastructure. In summary, for the purposes of PCI compliance nshield HSMs offer strong cryptography with associated key-management processes and procedures. This includes secure key generation and key storage in as few locations as possible, along with tight integration with the Oracle database. 14
15 CONCLUSION Sensitive data is worth its weight in gold to cyber-criminals, product counterfeiters, and other corporate and rogue government data thieves. Therefore, databases must be protected at the highest level of security or risk breaches that can result in damage to an organization s brand and competitive advantage, not to mention the incurrence of serious fines for non-compliance of data protection laws. Database encryption is the answer to the challenge since it ensures that stolen encrypted data will be useless to thieves. Encryption also satisfies compliance and regulatory compliance. For databases, Oracle has addressed the need for security and compliance using a defense-in-depth approach that emphasizes preventive and detective controls data encryption, data masking, access controls, and monitoring. Oracle Advanced Security TDE provides organizations with an easy way to encrypt sensitive data with minimal impact on business applications and administrators. Implemented as a native encryption service inside the database, TDE is a big step forward for organizations running Oracle Database 11g Release 2. However, simply encrypting the data with TDE is not enough. Organizations must take another critical step forward with centralized key management if they want to adopt database encryption in the most efficient and cost-effective manner throughout the enterprise. Industry regulations demand stringent key management processes, while data breach notification rules with safe harbor clauses require strong custody and control of keys. Database encryption with Oracle Advanced Security TDE and Thales nshield HSMs raises the bar for the operation, management, and protection of TDE encryption keys. By providing centralized key storage, backup, and recovery, as well as fault tolerance, this combined encryption and key management solution helps organizations comply with international security standards while achieving the highest levels of database security. 15
16 FOR MORE INFORMATION For more information, on Thales security solutions for Oracle users, please contact or visit About Thales Thales is a global technology leader for the Aerospace and Space, Defense, Security and Transportation markets. In 2009, the company generated revenues of 12.9 billion Euros with 68,000 employees in 50 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers as local partners. About Thales e-security Thales is a leading global provider of data encryption solutions to the financial services, manufacturing, government and technology sectors. With a 40-year track record of protecting corporate and government information, Thales solutions are used by four of the five largest energy and aerospace companies, 22 NATO countries, and they secure more than 70 percent of worldwide payment transactions. Thales e-security has offices in France, Hong Kong, Norway, United States and the United Kingdom. For more information, visit Thales e-security 16
Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices
> Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices WHITE PAPER November 2011 www.thales-esecurity.com TABLE OF CONTENTS THE
More informationSecure SSL, Fast SSL
Citrix NetScaler and Thales nshield work together to protect encryption keys and accelerate SSL traffic With growing use of cloud-based, virtual, and multi-tenant services, customers want to utilize virtual
More information1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information
1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Public Information The following is intended to outline our general product direction. It is intended for information purposes only,
More informationStrong data protection. Strategic business value. www.thales-esecurity.com
Someone is stalking your sensitive data. Coveting your intellectual property. Waiting for the slightest crack in the window of opportunity to hack it, misuse it, and run. How can you best protect and control
More information<Insert Picture Here> Oracle Database Security Overview
Oracle Database Security Overview Tammy Bednar Sr. Principal Product Manager tammy.bednar@oracle.com Data Security Challenges What to secure? Sensitive Data: Confidential, PII, regulatory
More informationINFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW
Summary Purpose Business Value Product Type Technical function/certifications Product Family Name 1 General purpose Hardware Security Modules (HSMs) To securely protect cryptographic keys wherever they
More informationENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make
More informationAn Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance
An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationKey Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking
Key Steps to Meeting PCI DSS 2.0 Requirements Using Sensitive Data Discovery and Masking SUMMARY The Payment Card Industry Data Security Standard (PCI DSS) defines 12 high-level security requirements directed
More informationOracle White Paper October 2010. Oracle Advanced Security with Oracle Database 11g Release 2
Oracle White Paper October 2010 Oracle Advanced Security with Oracle Database 11g Release 2 Introduction... 1 Oracle Advanced Security... 2 Transparent Data Encryption... 3 Support for hardware-based encryption
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Oracle Database Security Advanced Security Option Thanos Terentes Printzios DB & Options Specialist A&C Technology Adoption Office Oracle Partner Business Development, ECEMEA 2 What is a customers INFORMATION
More informationVormetric Encryption Architecture Overview
Vormetric Encryption Architecture Overview Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationAll Things Oracle Database Encryption
All Things Oracle Database Encryption January 21, 2016 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda Database Encryption
More informationThales e-security Key Isolation for Enterprises and Managed Service Providers
Thales e-security Key Isolation for Enterprises and Managed Service Providers Technical White Paper May 2015 Contents 1. Introduction 1. Introduction... 2 2. Business Models.... 3 3. Security World...
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationEncryption Key Management for Microsoft SQL Server 2008/2014
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationProtecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance
Payment Security White Paper Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance Breaches happen across all industries as thieves look for vulnerabilities.
More informationPerceptions about Self-Encrypting Drives: A Study of IT Practitioners
Perceptions about Self-Encrypting Drives: A Study of IT Practitioners Executive Summary Sponsored by Trusted Computing Group Independently conducted by Ponemon Institute LLC Publication Date: April 2011
More informationBusiness Continuity and Disaster Recovery Solutions in Government
> Business Continuity and Disaster Recovery Solutions in Government Protecting Critical Data Flow for Uninterrupted Services WHITE PAPER January 2010 J. Asenjo, CISSP www.thalesgroup.com/iss Information
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationData Protection and Mobile Payments. Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security
Data Protection and Mobile Payments Jose Diaz - Business Development & Technical Alliances Ted Heiman Key Account Manager Thales e-security 2 Today s reality It s a data-centric world. And the data is
More informationTokenization Amplified XiIntercept. The ultimate PCI DSS cost & scope reduction mechanism
Tokenization Amplified XiIntercept The ultimate PCI DSS cost & scope reduction mechanism Paymetric White Paper Tokenization Amplified XiIntercept 2 Table of Contents Executive Summary 3 PCI DSS 3 The PCI
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information
More information<Insert Picture Here> Oracle Database Vault
Oracle Database Vault Kamal Tbeileh Senior Principal Product Manager, Database Security The following is intended to outline our general product direction. It is intended for information
More informationCompliance for the Road Ahead
THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road
More informationEnterprise Data Protection
PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION
More informationSecurity Trends and Client Approaches
Security Trends and Client Approaches May 2010 Bob Bocchino, CISA ERM Security and Compliance Business Advisor IBU Technology Sales Support Industries Business Unit, Technology Sales Support 1 Mark Dixon
More informationTransparent Data Encryption: New Technologies and Best Practices for Database Encryption
Sponsored by Oracle : New Technologies and Best Practices for Database Encryption A SANS Whitepaper April 2010 Written by Tanya Baccam, SANS senior instructor and course author for SEC509: Oracle Database
More informationComplete Database Security. Thomas Kyte http://asktom.oracle.com/
Complete Database Security Thomas Kyte http://asktom.oracle.com/ Agenda Enterprise Data Security Challenges Database Security Strategy Oracle Database Security Solutions Defense-in-Depth Q&A 2 Copyright
More informationAlliance Key Manager Cloud HSM Frequently Asked Questions
Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager
More information2015 Global Encryption & Key Management Trends Study. Sponsored by Thales e-security
2015 Global Encryption & Key Management Trends Study Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report 2015
More informationSecuring Sensitive Data
Securing Sensitive Data A Comprehensive Guide to Encryption Technology Approaches Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Executive Summary Enterprises can
More informationGlobal Encryption and Key Management Trends Study
Global Encryption and Key Management Trends Study SPONSORED BY THALES E-SECURITY INDEPENDENTLY CONDUCTED BY PONEMON INSTITUTE LLC PUBLICATION DATE: APRIL 2015 www.thalesgroup.com Background Data Rise of
More informationWhitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption
Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,
More informationProtecting Sensitive Data Reducing Risk with Oracle Database Security
Protecting Sensitive Data Reducing Risk with Oracle Database Security Antonio.Mata.Gomez@oracle.com Information Security Architect Agenda 1 2 Anatomy of an Attack Three Steps to Securing an Oracle Database
More informationFive Truths. About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK 100 68 0 12
Five Truths About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK 100 68 0 12 1. Business data is everywhere and it s on the move. Data has always
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationPCI Compliance Overview
PCI Compliance Overview 1 PCI DSS Payment Card Industry Data Security Standard Standard that is applied to: Merchants Service Providers (Banks, Third party vendors, gateways) Systems (Hardware, software)
More informationPrivyLink Cryptographic Key Server *
WHITE PAPER PrivyLink Cryptographic Key * Tamper Resistant Protection of Key Information Assets for Preserving and Delivering End-to-End Trust and Values in e-businesses September 2003 E-commerce technology
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationMeeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)
Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS) How Financial Institutions Can Comply to Data Security Best Practices Vormetric, Inc. 2545 N. 1st Street,
More information2012 Global Encryption Trends Study
2012 Global Encryption Trends Study Organizations continue to increase their deployment of encryption across the enterprise in response to diverse threats and commercial imperatives Sponsored by Thales
More informationInnovations in Digital Signature. Rethinking Digital Signatures
Innovations in Digital Signature Rethinking Digital Signatures Agenda 2 Rethinking the Digital Signature Benefits Implementation & cost issues A New Implementation Models Network-attached signature appliance
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationAccelerating PCI Compliance
Accelerating PCI Compliance PCI Compliance for B2B Managed Services March 8, 2016 What s the Issue? Credit Card Data Breaches are Expensive for Everyone The Wall Street Journal OpenText Confidential. 2016
More informationOverview of Luna High Availability and Load Balancing
SafeNet HSM TECHNICAL NOTE Overview of Luna High Availability and Load Balancing Contents Introduction... 2 Overview... 2 High Availability... 3 Load Balancing... 4 Failover... 5 Recovery... 5 Standby
More informationDatabase Security & Compliance with Audit Vault and Database Firewall. Pierre Leon Database Security
Database Security & Compliance with Audit Vault and Database Firewall Pierre Leon Database Security 1 Topics Encryption Authentication Authorising highly privileged users Access control by data classification
More informationPCI Data Security. Meeting the Challenges of PCI DSS Payment Card Security
White Paper 0x8c1a3291 0x56de5791 0x450a0ad2 axd8c447ae 8820572 0x5f8a153d 0x19df c2fe97 0xd61b5228 0xf32 4856 0x3fe63453 0xa3bdff82 0x30e571cf 0x36e0045b 0xad22db6a 0x100daa87 0x48df 0x5ef8189b 0x255ba12
More informationDebunking The Myths of Column-level Encryption
Debunking The Myths of Column-level Encryption Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Column-level Encryption Overview Enterprises have a variety of options
More informationA Strategic Approach to Enterprise Key Management
Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption
More informationPCI Solution for Retail: Addressing Compliance and Security Best Practices
PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment
More informationPCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:
What is PCI DSS? PCI DSS is an acronym for Payment Card Industry Data Security Standards. PCI DSS is a global initiative intent on securing credit and banking transactions by merchants & service providers
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationHow To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)
Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and
More informationRSA Digital Certificate Solution
RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationOracle 1Z0-528 Exam Questions & Answers
Oracle 1Z0-528 Exam Questions & Answers Number: 1Z0-528 Passing Score: 660 Time Limit: 120 min File Version: 21.1 http://www.gratisexam.com/ Oracle 1Z0-528 Exam Questions & Answers Exam Name: Oracle Database
More informationWhy You Should Consider Cloud- Based Email Archiving. A whitepaper by The Radicati Group, Inc.
. The Radicati Group, Inc. 1900 Embarcadero Road, Suite 206 Palo Alto, CA 94303 Phone 650-322-8059 Fax 650-322-8061 http://www.radicati.com THE RADICATI GROUP, INC. Why You Should Consider Cloud- Based
More informationBuilding Trust in a Digital World. Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd.
Building Trust in a Digital World Brian Phelps, BSc CISSP Director of Advanced Solutions Group EMEA Thales UK, Ltd. 2 Global incidents Equivalent of 117,339 incoming attacks per day, everyday Total number
More informationMPOS: RISK AND SECURITY
MPOS: RISK AND SECURITY 2 Evolution of Payment Acceptance Consumers want to get the best deal with the minimum pain Sellers want to ensure they never turn down a sale and maximise consumer loyalty 3 Evolution
More informationHow To Protect Your Data From Harm With Safenet
SafeNet Information Security Government Solutions Disk & File Encryption Database & Application Encryption Network & WAN Encryption Identity & Access Management Application & Transaction Security Information
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationWhite Paper Achieving PCI Data Security Standard Compliance through Security Information Management. White Paper / PCI
White Paper Achieving PCI Data Security Standard Compliance through Security Information Management White Paper / PCI Contents Executive Summary... 1 Introduction: Brief Overview of PCI...1 The PCI Challenge:
More informationOdyssey Access Client FIPS Edition
Odyssey Access Client FIPS Edition Data Sheet Published Date July 2015 Product Overview The need today is greater than ever to ensure that systems are securely configured. Government agencies and secure
More informationPLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.
PLATFORM ENCRYPTlON ARCHlTECTURE How to protect sensitive data without locking up business functionality. 1 Contents 03 The need for encryption Balancing data security with business needs Principles and
More informationOracle Database Encryption
By Craig Moir craig@mydba.co.za http://www.mydba.co.za August 2012 Version 1 WHAT IS ENCRYPTION? Encryption is the process of transforming information, using an algorithm or an encryption key, into an
More informationCopyright 2013, Oracle and/or its affiliates. All rights reserved.
1 Solutions for securing and auditing Oracle database Edgars Ruņģis Technology Consultant Why Are Databases Vulnerable? 80% of IT Security Programs Don t Address Database Security Forrester Research Enterprises
More informationnshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption
nshield Modules Integration Guide for Oracle Database 11g Release 2 Transparent Data Encryption Version: 2.0 Date: 01 November 2013 Copyright 2013 Thales e-security Limited. All rights reserved. Copyright
More informationAccounting and Administrative Manual Section 100: Accounting and Finance
No.: C-13 Page: 1 of 6 POLICY: It is the policy of the University of Alaska that all payment card transactions are to be executed in compliance with standards established by the Payment Card Industry Security
More informationCopyright 2012, Oracle and/or its affiliates. All rights reserved.
1 Seguridad en profundidad Jaime Briggs MSc CS, CISSP, CCSK Sales Manager Strategic accounts Agenda Los Controles ISO 27001 Defensa en Profundidad Productos que dan respuesta Roadmap a seguridad Q&A 3
More informationPCI DSS COMPLIANCE DATA
PCI DSS COMPLIANCE DATA AND PROTECTION EagleHeaps FROM CONTENTS Overview... 2 The Basics of PCI DSS... 2 PCI DSS Compliance... 4 The Solution Provider Role (and Accountability).... 4 Concerns and Opportunities
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationUsing Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4
WHITEPAPER Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4 An in-depth look at Payment Card Industry Data Security Standard Requirements 10, 11,
More informationPreemptive security solutions for healthcare
Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare
More informationHow SUSE Manager Can Help You Achieve Regulatory Compliance
White Paper Server How SUSE Manager Can Help You Achieve Regulatory Compliance Table of Contents page Why You Need a Compliance Program... 2 Compliance Standards: SOX, HIPAA and PCI... 2 What IT Is Concerned
More informationSecurity in Fax: Minimizing Breaches and Compliance Risks
Security in Fax: Minimizing Breaches and Compliance Risks Maintaining regulatory compliance is a major business issue facing organizations around the world. The need to secure, track and store information
More informationBaltimore UniCERT. www.baltimore.com. the world s leading PKI. global e security
TM the world s leading PKI www.baltimore.com global e security Bringing Real Business On-Line The Internet is now forming a key part of organizations operating strategy. Although most companies accept
More informationPCI Compliance in Oracle E-Business Suite
PCI Compliance in Oracle E-Business Suite May 14, 2015 Mike Miller Chief Security Officer Integrigy Corporation David Kilgallon Oracle Integration Manager CardConnect Moderated by Phil Reimann, Director
More informationTREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS
TREASURER S OFFICE ADMINISTRATIVE STANDARDS FOR THE TREASURER S FISCAL PROCEDURE No. 08-01 MERCHANT DEBIT AND CREDIT CARD RECEIPTS 1. Introduction Debit and Credit Card Receipt Standards apply to the administration
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationPCI DSS and the A10 Solution
WHITE PAPER PCI DSS and the A10 Solution How Cloud Service Providers Can Achieve PCI Compliance with A10 Thunder ADC and vthunder Table of Contents The Challenge of PCI Compliance... 3 Overview of PCI
More informationPlanning and Administering Windows Server 2008 Servers 70-646
Hands-On Planning and Administering Windows Server 2008 Servers 70-646 Course Description This Hands-On course provides students with the knowledge and skills to implement, monitor, and maintain Windows
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationPCI Data Security Standards (DSS)
ENTERPRISE APPLICATION WHITELISTING SOLUTION Achieving PCI Compliance at the Point of Sale Using Bit9 Parity TM to Protect Cardholder Data PCI: Protecting Cardholder Data As the technology used by merchants
More informationPayment Card Industry Data Security Standard (PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) WARNING: Your company may be in noncompliance with the Payment Card Industry Data Security Standard (PCI DSS), placing it at risk of brand damage,
More informationOnline Transaction Processing in SQL Server 2008
Online Transaction Processing in SQL Server 2008 White Paper Published: August 2007 Updated: July 2008 Summary: Microsoft SQL Server 2008 provides a database platform that is optimized for today s applications,
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationAdopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud
Adopting Cloud Apps? Ensuring Data Privacy & Compliance Varun Badhwar Vice President of Product Strategy CipherCloud Agenda Cloud Adoption & Migration Challenges Introduction to Cloud Computing Cloud Security
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationAn Oracle White Paper August 2010. Massachusetts Data Security Law Signals New Challenges in Personal Information Protection
An Oracle White Paper August 2010 Massachusetts Data Security Law Signals New Challenges in Personal Information Protection Introduction... 2 Massachusetts Data Protection Law... 3 First of its Kind...
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More information