HP Atalla. Data-Centric Security & Encryption Solutions. Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

Transcription

1 Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015

2 HP Atalla 160+ million US card transactions protected daily Leading payments HSM vendor serving Americas, APJ and EMEA card payments markets 70% of US card transactions touch HP Atalla Hardcore Rock-solid security Trusted name 50 patents FIPS validated$ Trillions Level 2 and level 3+ Creative engineers delivering security inventions and driving HP s security thinking Our Enterprise Secure Key Managers (ESKM) and Network Security Processors (NSP) are built for the highest standards Atalla secures 1 in 3 card transactions, HP also processes billions of card transactions annually invented the security you take for granted 2

3 HP Atalla Data Security & Encryption Solutions $ HP Atalla Network Security Processor (NSP) Also known as Atalla Payments HSM leading product in payments security HP Enterprise Secure Key Manager (ESKM) Creates, serves, and protects encryption keys for enterprises HP Cloud Access Security protection platform Adallom - Cloud Access Security Broker HP Atalla Information Protection and Control (IPC) Lifecycle security classification and protection for unstructured sensitive enterprise data HP Security Voltage Encryption & tokenization of structured data, Encryption & key management for 3 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

4 Imperatives driving information security Movement to cloud and mobility is forcing a new infrastructure; expanding the attack surface, much of this new infrastructure is not in full control of IT. Information is the target breaches are frequent; adversary is focused on sensitive data. Compromising insider credentials immune to perimeter defenses. You re still responsible for compliance needs attention, scarce skills, investment and monitoring. Legislation, regulation, notification/disclosure requirements, data sovereignty, state actors, risk, etc. 4 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

5 99% of breaches are about the data. 5 Copyright Hewlett-Packard Development Company, L.P. L.P. The The information contained herein herein is subject is subject to change to change without without notice. notice.

6 Attack Life Cycle Research Research Potential Targets Threat Intelligence HP Security Research Infiltration Phishing Attack and Malware Block Adversary HP TippingPoint HP Fortify Monetization Data Sold on Black Market Discovery Mapping Breached Environment Detect Adversary HP ArcSight Exfiltration/Damag Exfiltrate/Destroy e Stolen Data Action HP Services Capture Obtain data Protect Data HP Atalla HP Security Voltage

7 Full coverage of data protection use cases PCI compliance/ scope reduction Data de-identification and privacy HP Atalla Atalla HSMs Payments applications, EMV, mobile, customizations and compliance in FIPS Level 3+ appliances ESKM and Atalla Cloud Encryption Securing infrastructure & cloud; KMIP enterprise key management HP Security Voltage HP SecureData HP Secure Stateless Tokenization (SST)/ secure commerce solution with Page Integrated Encryption (PIE) HP SecureData Format preserving Encryption (FPE) Securing the data while enabling business processes Collaboration security HP Atalla IPC Automatic enterprise data classification Cloud Access Security protection platform visibility, governance and control for SaaS HP Secure Mail and HP SecureFile for security without PKI complexity and for file protection using Identity Based Encryption (IBE)

8 HP Security Voltage

9 A History of Excellence HP Security Voltage : Founded in 2002 out of Stanford University, based in Cupertino, California. Acquired by HP : February 2015 Mission: By: tokenization solutions used or stored Market Leadership: To protect the world s sensitive data Providing encryption and that protect data wherever it is PCI solutions are used by six of the top eight U.S. payment processors Provide the world s most pervasive encryption solutions Video Introduction Contribute technology to multiple standards organizations Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.

10 10

11 HP Security Voltage Voltage solves the industry s biggest problem: making encryption and tokenization of data simple for even the most complex use cases 11

12 Example: Cloud Data De-Identification Top Card Brand Enable Adoption of Public Cloud Implementation Enable highly sensitive data to exist in a public Cloud environment Minimal support from security and IT Line of business range of motion to embrace low cost public cloud model HP SecureData with HP Format-Preserving Encryption HP Stateless Key Management Preservation of referential integrity and format of data within the cloud Enabled Security to say Yes to public cloud Business saving over 40% per application per year about $200K/app/year CIO praise of LOB and Security for solution 12

13 Example: Security for PII Data Payroll Processor More Secure, Cost-effective Way to Send Statements Containing PII Replace costly paper statement delivery Allow for easy access to statements by customers Improve environmental standards by eliminating large amounts of paper HP Secur Statements Edition No software required for recipient Solution rapidly deployed Millions of statements sent electronically on a monthly basis Average about one technical support call per month Manage system with less than one FTE 13

14 Protecting data-at-rest HP Enterprise Secure Key Manager 4.0

15 Don t leave the keys in the car Encryption is only strong at protecting information if the encryption keys that scramble the data are themselves well protected.

16 Enterprise key management is a hard job with high stakes

17 HP Enterprise Secure Key Manager (ESKM) solves the problem Manage business-critical encryption keys Value Proposition o Manages encryption keys at enterprise scale o Separates keys from the data o Handles key backup, rotation, audit logging, etc. Quick Facts o Easily Deployed: 1U hardware appliance o Highly Available: deployed in clusters of 2-8 nodes o Scales for Modern Datacenters: 25K clients, 2 million keys o Highly Secure: FIPS Level 2 validated appliance o Interoperable: supports industry-standard interface (KMIP)

18 ESKM 4.0 Unified Key Management for the Enterprise BEST Database Security Encryption

19 Intelligence to Action: Data classification with HP Atalla Information Protection and Control (IPC)

20 #1 cause and concern of data loss Human Error! CompTIA report 2015 Cause Percentage Human error 52% End-user failure to follow policies & procedures 42% General carelessness 42% Failure to get up to speed on new threats 31% Lack of expertise with website/applications 29% IT staff failure to follow policies & procedures 26% Concerns Percentage Human Error as the leading contributor to security breaches 52% Human error - general staff 30% Human error - IT staff 27%

21 Partnership with Video Introduction

22

23 HP Atalla Information Protection & Control Embeds security at the point of data creation Capture Classify Protect Client /SaaS apps File shares User generated Cloud storage devices 23

24 Key Atalla IPC information protection elements Injected at creation or initial access for protection at every stage in data lifecycle Classificatio n Encryption Permissions Policy Usage tracking Integrate with ArcSight: Identify propagation of sensitive information Active monitoring for privileged information users and detect abnormal behavior

25 Atalla IPC Information classification prism Optimized classification cycle is triggered upon intercepted events (open, close, save, download, upload, copy, etc.) Folder Applications Web SaaS Cloud IP Ranges Source Destination User Domain AD Attributes Identity File Properties ECM Attributes Metadata Phrases Patterns Thresholds Algorithms Content Data Classes User Classification Customer Info Finance Info Top Secret Third Party Public Info Others Classified 25

26 Key use cases/threat vectors Internal exposure IT admin/privileged user External exposure (DLP) Cyber threats Secure collaboration Compliance Exposure of sensitive data to unauthorized employees Exposure to privileged users/it admins, whether serverside/client-side/ or cloud Threat of data exposure outside of the organization Malware or other cyber attacks, threat of data theft/leak/loss Need to share sensitive data with people outside (or within) the organization Compliance with industry/governmental regulatory directives

27 Cloud Access Security protection platform

28 Partnership with Video Introduction

29

30 Cloud Access Security Visibility, Governance and Protection Visibility Gain complete context into users, data devices, activities, access Governance Implement policies for access, activities and data sharing Protection Address risky activities, suspicious behaviors and threats Integrates with multiple cloud applications Works with any user, network, any device (managed & unmanaged) Secures data at rest and data in motion

31 Choice of deployment architecture depending on use case API Integration for normal usage Smart Proxy for high-security use cases Cloud apps Cloud apps API (data at rest) Managed device Scalable model Sits out of band (minimal performance impact) HP currently using this mode unmanaged device SMARTProxy TM (data in motion) home device Monitors data in real time for more control and governance Note: On-premises deployment is a customer option

32 We protect the world s information Banks data about your finances and accounts Payments made to you Health records your care provider manages for you Your credit rating information Your interactions with SaaS applications Your Telco s information about your account Your correspondence Your customers data. Your organizational data. Your private to and from your smartphone 32

33 HP Atalla Driving leadership in data-centric security and protecting the world s largest brands 33 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33

34 Thank you! hp.com/go/atalla