Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)
|
|
- Horace Hancock
- 8 years ago
- Views:
Transcription
1 Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS) How Financial Institutions Can Comply to Data Security Best Practices Vormetric, Inc N. 1st Street, San Jose, CA United States: United Kingdom: South Korea:
2 Page 1 Executive Summary In June 2013, the Monetary Authority of Singapore issued new guidelines concerning technology risk management. These rules took effect on July For financial institutions in Singapore, complying with these guidelines will be a critical endeavour. This white paper looks at the specific guidelines the TRM provides in the area of data security, and it details how the Vormetric Data Security Platform can help address these requirements. Introduction For financial institutions in Singapore, security threats, customer requirements, and technological environments continue to evolve with increasing rapidity. However, in spite of all this change, the fact is that safeguarding customer data and protecting systems and processes from attacks has been and will remain a critical endeavour. To help financial institutions in addressing these objectives, the Monetary Authority of Singapore (MAS) published Technology Risk Management (TRM) Guidelines. These guidelines are intended to help financial firms establish sound technology risk management, strengthen system security, and safeguard sensitive data and transactions. The TRM contains statements of industry best practices that financial institutions conducting business in Singapore are expected to adopt. The MAS makes clear that, while the TRM requirements are not legally binding, they will be a benchmark the MAS uses in assessing the risk of financial institutions. Many of the guidelines from the MAS concern the security of sensitive data and the keys used to encrypt that data. In the following sections, the white paper introduces the Vormetric Data Security Platform. The paper then details the specific TRM requirements that relate to data security, and it reveals how the Vormetric Data Security Platform can help organizations comply with these requirements. Addressing MAS TRM Security Guidelines for Data-at-Rest The Vormetric Data Security Platform makes it efficient to manage data-at-rest security across an entire organization and can help financial institutions satisfy many of the TRM guidelines. The Vormetric Data Security Platform consists of several product offerings that share a common, extensible infrastructure. The solution features capabilities for data-at-rest encryption, key management, privileged user access control, and security intelligence. Through the platform s centralized policy and key management, customers can address security policies and MAS TRM guidelines across databases, files, and big data nodes whether they re located in the cloud or in virtual or traditional infrastructures. With this platform s comprehensive, unified capabilities, a financial institution can reduce their total cost of ownership for deploying and maintaining data-at-rest security. Further, these features enable organizations to deploy and expand quickly, so they can more consistently meet their audit deadlines. Unstructured Files Structured Databases Application- Layer Big Data Security Intelligence Collection Cloud Vormetric Data Security Manager SIEM Integration TDE Key Management Privileged User Access Control KMIP Compliant Keys Certificate Storage
3 Page 2 The Vormetric Data Security Platform features the following products: Vormetric Data Security Manager. Vormetric Data Security Manager offers centralized management of keys and policies for the entire suite of products available within the Vormetric Data Security Platform. The product is available as a physical or virtual appliance. Vormetric Transparent Encryption. This offering leverages an agent that runs in the file system to provide high-performance encryption and least-privileged access controls for files, directories, and volumes. Vormetric Transparent Encryption supports both structured databases and unstructured files. Vormetric Application Encryption. Vormetric Application Encryption employs standards-based APIs to simplify the process of doing column-level encryption in applications. Vormetric Key Management. With this product, administrators can centrally manage keys for Vormetric products, Oracle TDE, Microsoft TDE, and more. In addition, the product securely stores certificates and offers support for the Key Management Interoperability Protocol (KMIP). Vormetric Security Intelligence. Vormetric Security Intelligence can deliver granular file access logs to popular security information and event management (SIEM) systems and be used to support audits. Vormetric Data Security Platform Support for MAS TRM: Sections 8-13 Many of the MAS TRM guidelines offer detailed guidance for how financial institutions should safeguard sensitive assets at rest in different IT systems. The following table looks at many of these guidelines and details how the Vormetric Data Security Platform can be used to satisfy these requirements. Guideline Description The FI should encrypt backup tapes and disks, including USB disks, containing sensitive or confidential information before they are transported offsite for storage Confidential information stored on IT systems, servers and databases should be encrypted and protected through strong access controls, bearing in mind the principle of least privilege c Access control principle The FI should only grant access rights and system privileges based on job responsibility and the necessity to have them to fulfil one's duties. The FI should check that no person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities. By encrypting data at the file-system level or at the application layer, Vormetric Data Security Platform can help financial institutions ensure information is secured as it backed up to tapes, disks, and other storage mechanisms. The Vormetric Data Security Platform provides centralized management of encryption keys and policies, which significantly simplifies customer data life cycle management. With Vormetric Transparent Encryption, organizations can employ encryption and privileged user access control to secure confidential customer data wherever it resides including in physical, big data, and cloud environments. Vormetric Transparent Encryption can effectively enforce least-privileged access control with fine-grained security policies. The solution enables administrators to control data access by a range of factors, including user, process, and resources. Vormetric Security Intelligence also provides comprehensive data access logs that can be fed into SIEM solutions for compliance analysis and reporting. With Vormetric Transparent Encryption, security teams can enforce very granular least-privileged user access policies. Granular policies can be applied by user, process, file type, time of day, and other parameters. Enforcement options are very granular; they can be used to control not only permission to access clear-text data, but what file-system commands are available to a user.
4 Page 3 Guideline Description The FI should only grant user access to IT systems and networks on a need-to-use basis and within the period when the access is required. The FI should ensure that the resource owner duly authorises and approves all requests to access IT resources. With the Vormetric Data Security Platform, administrators, by default, must create a strong separation of duties between encryption policy and key administrators, as well as data owners. The Vormetric Data Security Platform encrypts files, while leaving their metadata in the clear. In this way, IT administrators, such as hypervisor, cloud, storage, and system administrators can perform their system administration tasks, without being able to gain access to the sensitive data residing on those systems. For those managing the Vormetric system infrastructure, also have separated role based responsibilities to assure the utmost protection and institution of best data security practices Privileged Access Management d. Grant privileged access on a need-to-have basis e. Maintain audit logging of system activities performed by privileged users f. Disallow privileged users from accessing systems logs in which their activities are being captured. Vormetric Transparent Encryption provides finegrained, policy-based access controls that restrict access to encrypted data. Privileged users whether cloud, virtualization, or storage administrators can manage systems, without gaining access to encrypted data, unless they have expressly been granted permissions to do so. Vormetric logs capture all access attempts to protected data. These security intelligence logs can accelerate detection of advanced persistent threats (APTs) and insider abuse because they offer visibility into file access. Further, these logs provide vital intelligence needed to track and demonstrate compliance. These logs can t be accessed by privileged users and are only accessible by assigned security auditor or security administrators. 13 payment card security (automated teller machines, credit and debit cards). The Vormetric Data Security Platform delivers the data-at-rest security capabilities that your organization needs to safeguard cardholder data, wherever it resides. With broad support of Windows, Linux and UNIX operating systems, a host of platforms can be supported at both the file-system and the application layer. To learn more about Vormetric PCI DSS Support visit: Vormetric Data Security Platform Support for MAS TRM Appendix C: Cryptography The MAS TRM Appendix C offers very specific guidelines for implementing a best-in-class cryptographic solution. Vormetric Data Security meets or exceeds these guidelines as follows: TRMG Section C.2.2. C.2.3. Functions that involved cryptographic algorithms and crypto-key configurations are vetted for deficiencies and loopholes. The choice of ciphers, key sizes, key exchange control protocols, hashing functions and random number generators are evaluated. There is sufficient size and randomness of the seed number to preclude the possibility of optimised brute force attack. Vormetric supports standards based AES256 bit encryption. The policy and key manager is available with FIPS Level 2 and FIPS Level 3 validation. In addition, Vormetric supports NSA Suite B cryptographic algorithms. The Vormetric Data Security Manager supports two factor authentication for administrative access. Vormetric Key Management offers supports encryption algorithms, AES256 bit, which offer the highest levels of protection against brute force attacks. Also supported as part of NSA Suite B cryptographic algorithms: Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures Elliptic Curve Diffie Hellman (ECDH) key agreement Secure Hash Algorithm 2 (SHA-256 and SHA-384) message digest
5 Page 4 TRMG Section C.3.1 Cryptographic key management policy and procedures covering key generation, distribution, installation, renewal, revocation and expiry are established. By leveraging the Vormetric Data Security Manager, security teams can securely manage cryptographic keys throughout their lifecycle. Vormetric Data Security Manager centrally generates and stores cryptographic keys. The actual keys are never visible to anyone, including key custodians or systems administrators. Vormetric also provides extensive audit capabilities that enable reporting on all key operations and activities, including key generation, distribution, installation, renewal, revocation, and expiry. When keys are distributed to agents, they are encrypted with a one-time-use AES-256 master key and sent over a mutually authenticated TLS connection. Cryptographic keys are generated securely. All materials used in the key generation process are destroyed after usage. Vormetric Data Security Manager (DSM) supports C3.2.1 by ensuring cryptographic keys are generated using FIPS certified OpenSSL or an integrated HSM card to generate the seed for key generation. The actual keys are never visible to anyone, including key custodians or systems administrators. The DSM implements separation of duties. Vormetric DSM restricts access to keys and key management activities to security administrators. With these safeguards, security team can ensure that only authorized key custodians gain access to key controls. When we generate a key, the seed is generated by FIPS certified OpenSSL or HSM card, all the factors for the seed are from HSM card hardware; they are random and will not be persistent. C.3.2 C.3.3 No single individual knows any key in its entirety or has access to all the constituents making up the keys. All keys are created, stored, distributed or changed under stringent conditions. Unencrypted symmetric keys are entered into tamper resistant device, such as hardware security module, only in the form of at least two components using the principles of dual control. With Vormetric Data Security Manager, actual keys are never visible to anyone, including key custodians or systems administrators. The product also supports an M-of-N sharing scheme for backing up keys. As a result, a specific number of shares must be provided in order to restore the encrypted contents of a Vormetric Data Security Manager archive in a new or replacement platform. YES. With Vormetric solutions, all key lifecycle management processes can take place on a hardened, FIPS compliant hardware appliance. With Vormetric Key Management, organizations can centralize keys for many different encryption platforms on these secure devices. With the product, administrators can centrally manage and secure keys generated by the Vormetric Data Security Platform, IBM InfoSphere, Guardium Data Encryption, Oracle TDE, Microsoft TDE, and KMIP-compliant encryption products. Symmetric keys stored in the DSM are always encrypted. The master encryption key is stored in the HSM. With Vormetric solutions, the master encryption keys can be stored and secured in a hardware appliance that is FIPS Level 3 validated. Strong separation-of-duties policies can be enforced to ensure that one administrator does not have complete control over data security activities, encryption keys, or administration. In addition, the Vormetric Data Security Manager supports two-factor authentication for administrative access.
6 Page 5 TRMG Section C.3.4 C.3.5 C.3.6 C.3.7 The appropriate crypto period for each cryptographic key is considered and decided. The frequency of key changes is determined by the sensitivity of data and operational criticality. Hardware security modules and keying materials are physically and logically protected. Cryptographic keys are not exposed during usage and transmission. When cryptographic keys expired, a secure key destruction method is used to ensure keys could not be recovered by any parties. With the Vormetric Data Security Platform, security teams can centrally manage cryptographic keys for multiple encryption devices; these teams can efficiently and consistently enforce key rotation policies as dictated by data sensitivity levels. With Vormetric Data Security Manager, organizations can manage keys on FIPS level 3 compliant hardware appliances that have been validated to address some of the most stringent demands for physical tamper resistance. Further, the platform offers a range of logical protections, including requiring multi-factor authentication and separation of duties to control administrative access. With the Vormetric Data Security Platform, organizations can leverage robust controls to ensure keys remain secure at all times. With the Vormetric Data Security Manager, cryptographic keys are centrally and securely generated and stored. The actual keys are never visible to anyone, including key custodians or systems administrators. Further, clear text keys never leave the Vormetric Data Security Manager appliance. When keys are distributed to agents, they are encrypted with a one timeuse AES 256 key and sent over a mutually authenticated TLS connection. During usage encryption keys will have to remain in the clear. When not in use they will be obfuscated. With the Vormetric Data Security Manager, administrators can permanently delete keys, and take steps to ensure they can t be recovered. C.3.8 C.3.9 When changing a cryptographic key, a new key is generated independently from the previous key. A backup of cryptographic keys is maintained. The same level of protection as the original cryptographic keys is accorded to backup keys. Compromised keys and all keys encrypted under or derived from compromised keys are immediately revoked, destroyed and replaced. YES. With the Vormetric Data Security Manager, administrators can rotate cryptographic keys according to security requirements and policies. When new keys are generated, they are always completely independent from prior keys. Vormetric Data Security Manager features redundant components and the ability to cluster appliances for fault tolerance and high availability. The product also offers support for manual and automated backups. All the DSM backups are encrypted by AES256 wrapper keys, and the wrapper keys can only be transferred between DSMs using M-of-N sharing scheme. Cryptographic keys can changed by key custodians In the event a key has been weakened or compromised. In addition, once a key has been replaced, the custodian can ensure it is permanently deleted. C.3.10 All parties concerned with the revocation of the compromised keys are informed. Vormetric Security Intelligence provides extensive auditing logs that report on a host of user and administrative activities, including key revocation and other key management tasks. The solution provides extensive audit capabilities that can be used to report on all activities relating to key usage, including key generation, rotation, destruction, import, expiration, and export. Vormetric features security intelligence integration for HP ArcSight, IBM QRadar, McAfee ESM, LogRhythm, and Splunk. Sharing these logs with a SIEM platform helps uncover anomalous patterns that can prompt further investigation, and it can streamline the communications needed to ensure any changes are communicated with the staff necessary.
7 Page 6 Vormetric: Enabling Customer Success for Financial Institutions Vormetric Data Security is quick and easy to administer, while having negligible impact on performance. It s the perfect solution for meeting PCI DSS requirements. Daryl Belfry, Director of IT, TAB Bank Vormetric Data Security offered us an easier yet effective method to encrypt our SQL Server databases and comply with PCI DSS encryption and key management requirement. Troy Larson, Vice President, Information Systems, MetaBank Vormetric encryption was easy to implement, scalable for every type of platform and use case, and encrypted the data with controls on the privileged user. An executive with a leading global investment bank. By adopting Vormetric solutions, this organization reduced the the project timeline for their compliance initiative from 24 months to 2.4 months. The Vormetric Data Security Platform support their heterogeneous database environment, which includes Sybase, Oracle, Microsoft SQL Server, Progress, and more. Vormetric is the only solution that can meet our critical timeline, and be able to support the older version of MSSQL database that we have. A manager at an ASEAN bank that has deployed Vormetric solutions to address MAS TRM requirements We have looked at many data encryption solutions and also at options for native database encryption, and the Vormetric solution scored far ahead of these other alternatives. Plus, Vormetric delivered a proof of concept smoothly and within two days. An executive with Singapore-based bank that has acquired Vormetric solutions to support MAS TRM compliance Conclusion To safeguard sensitive customer data and comply with such standards as the MAS TRM guidelines, organizations need to apply consistent, robust, and granular controls. With the Vormetric Data Security Platform, customers can leverage the flexible integration, comprehensive capabilities, and centralized policy and key management they need to efficiently address these rules throughout the organization. About Vormetric Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, virtual and cloud environments. Data is the new currency and Vormetric helps over 1,400 customers, including 17 of the Fortune 30 and many of the world s most security conscious government organizations, to meet compliance requirements and protect what matters their sensitive data from both internal and external threats. The company s scalable Vormetric Data Security Platform protects any file, any database and any application anywhere it resides with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence. For more information, please visit: Copyright 2014 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. All other trademarks are the property of their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, photocopying, recording or otherwise, without prior written consent of Vormetric.
Vormetric Encryption Architecture Overview
Vormetric Encryption Architecture Overview Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationAlliance Key Manager Solution Brief
Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major
More informationVormetric Data Security Platform Data Sheet
Vormetric Data Security Platform Data Sheet The makes it efficient to manage data-at-rest security across an entire organization. The Vormetric Data Security Platform is a broad set of products that share
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationHow To Use Vormetric.Com To Protect Your Data From Hackers
Data Sheet Vormetric Data Security Platform The makes it efficient to manage data-at-rest security across your entire organization. Built on an extensible infrastructure, products can be deployed individually,
More informationVORMETRIC CLOUD ENCRYPTION GATEWAY Enabling Security and Compliance of Sensitive Data in Cloud Storage
VORMETRIC CLOUD ENCRYPTION GATEWAY Enabling Security and Compliance of Sensitive Data in Cloud Storage Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom:
More informationVORMETRIC DATA SECURITY PLATFORM ARCHITECTURE
VORMETRIC DATA SECURITY PLATFORM ARCHITECTURE Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711 Singapore: +65.6829.2266 info@vormetric.com
More informationComplying with Payment Card Industry (PCI-DSS) Requirements with DataStax and Vormetric
Complying with Payment Card Industry (PCI-DSS) Requirements with DataStax and Vormetric Table of Contents Table of Contents... 2 Overview... 3 PIN Transaction Security Requirements... 3 Payment Application
More informationSecuring Sensitive Data
Securing Sensitive Data A Comprehensive Guide to Encryption Technology Approaches Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Executive Summary Enterprises can
More informationRSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief
RSA Encryption and Key Management Suite The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information
More informationEfficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules
Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules WHITE PAPER Thales e-security www.thalesesec.com/oracle TABLE OF CONTENT Introduction...3 Oracle Database 11g
More informationUsing Encryption and Access Control for HIPAA Compliance
A Fortrex Using Encryption and Access Control for HIPAA Compliance Page 1 Introduction On January 25, 2013, the final HIPAA Omnibus Rule was published. It expanded to business associates the obligation
More informationSECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS
SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS The Challenges and the Solutions Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711
More informationBECAUSE DATA CAN T DEFEND ITSELF
BECAUSE DATA CAN T DEFEND ITSELF 1 THE GAME OF DATA DEFENSE HAS CHANGED Not so long ago, it was much easier to protect your data. Perimeter defenses were in place and there were only so many ways in. Data
More informationSafeNet DataSecure vs. Native Oracle Encryption
SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises
More informationCloud Data Security. Sol Cates CSO @solcates scates@vormetric.com
Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric
More informationWhite Paper Big Data Without Big Headaches
Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732 United Kingdom: +44.118.949.7711 Singapore: +65.6829.2266 info@vormetric.com www.vormetric.com THE NEW WORLD OF DATA IS
More informationSymantec Backup Exec 11d for Windows Servers New Encryption Capabilities
WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive
More informationKey Management Best Practices
White Paper Key Management Best Practices Data encryption is a fundamental component of strategies to address security threats and satisfy regulatory mandates. While encryption is not in itself difficult
More informationVormetric and PCI Compliance in AWS A COALFIRE WHITE PAPER
A COALFIRE WHITE PAPER Using Encryption and Access Control for PCI DSS 3.0 Compliance in AWS Implementing the Vormetric Data Security Platform in a Payment Card Environment running in Amazon Web Service
More informationVormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard
Partner Addendum Vormetric Addendum to VMware Solution Guide for Payment Card Industry Data Security Standard The findings and recommendations contained in this document are provided by VMware-certified
More informationVormetric and SanDisk : Encryption-at-Rest for Active Data Sets
WHITE PAPER Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets 951 SanDisk Drive, Milpitas, CA 95035 www.sandisk.com Table of Contents Abstract... 3 Introduction... 3 The Solution... 3 The
More informationVormetric Addendum to VMware Product Applicability Guide
Vormetric Data Security Platform Applicability Guide F O R P A Y M E N T C A R D I N D U S T R Y ( P C I ) P A R T N E R A D D E N D U M Vormetric Addendum to VMware Product Applicability Guide FOR PAYMENT
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationProtecting Data at Rest with Vormetric Data Security Expert
V O R M E T R I C W H I T E P A P E R Protecting Data at Rest with Vormetric Data Security Expert Deploying Encryption and Access Control to Protect Stored Data Across the Enterprise Enterprise Information
More informationData Protection: From PKI to Virtualization & Cloud
Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security
More informationA Strategic Approach to Enterprise Key Management
Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption
More informationFinancial Data Services Provider Achieves PCI DSS Compliance for Virtual Desktop Infrastructure
Financial Services PCI Financial Data Services Provider Achieves PCI DSS Compliance for Virtual Desktop Infrastructure Case Study Customer: A leading Fortune 500 corporation providing financial data services
More informationFAMILY BROCHURE Sensitive data is everywhere. So are we.
WHERE IS YOUR DATA? WHERE ARE YOUR KEYS? Structured Data Unstructured Data Live Data 1 Site-to-site Virtualized Data 2 Stored & Archived Data 3 Key Management and Root of Trust 4 SaaS Apps Access WHO AND
More informationAlliance Key Manager Cloud HSM Frequently Asked Questions
Key Management Alliance Key Manager Cloud HSM Frequently Asked Questions FAQ INDEX This document contains a collection of the answers to the most common questions people ask about Alliance Key Manager
More informationSecuring Sensitive Data within Amazon Web Services EC2 and EBS
Page 1 Securing Sensitive Data within Amazon Web Services EC2 and EBS Challenges and Solutions to Protecting Data within the AWS Cloud Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States:
More informationOFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
More informationDebunking The Myths of Column-level Encryption
Debunking The Myths of Column-level Encryption Vormetric, Inc. 888.267.3732 408.433.6000 sales@vormetric.com www.vormetric.com Page 1 Column-level Encryption Overview Enterprises have a variety of options
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More information2014 IBM Corporation
2014 IBM Corporation This is the 27 th Q&A event prepared by the IBM License Metric Tool Central Team (ICT) Currently we focus on version 9.x of IBM License Metric Tool (ILMT) The content of today s session
More informationFIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0
FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282
More informationHIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com
HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationThales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices
> Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices WHITE PAPER November 2011 www.thales-esecurity.com TABLE OF CONTENTS THE
More informationKey Management Interoperability Protocol (KMIP)
(KMIP) Addressing the Need for Standardization in Enterprise Key Management Version 1.0, May 20, 2009 Copyright 2009 by the Organization for the Advancement of Structured Information Standards (OASIS).
More informationTechnology Risk Management
1 Monetary Authority of Singapore Technology Risk Guidelines & Notices New Requirements for Financial Services Industry Mark Ames Director, Seminar Program ISACA Singapore 2 MAS Supervisory Framework Impact
More informationSimpliVity OmniStack with Vormetric Transparent Encryption
SimpliVity OmniStack with Vormetric Transparent Encryption Page 1 of 12 Table of Contents Executive Summary... 3 Audience... 3 Solution Overview... 3 Simplivity Introduction... 3 Why Simplivity For Virtualized
More informationAll Things Oracle Database Encryption
All Things Oracle Database Encryption January 21, 2016 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development Integrigy Corporation Agenda Database Encryption
More informationSafeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST
Safeguarding Data Using Encryption Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST What is Cryptography? Cryptography: The discipline that embodies principles, means, and methods
More informationWindows Least Privilege Management and Beyond
CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationIBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems
IBM InfoSphere Guardium Data Activity Monitor for Hadoop-based systems Proactively address regulatory compliance requirements and protect sensitive data in real time Highlights Monitor and audit data activity
More informationIBM Tivoli Storage Manager
Help maintain business continuity through efficient and effective storage management IBM Tivoli Storage Manager Highlights Increase business continuity by shortening backup and recovery times and maximizing
More informationBANKING SECURITY and COMPLIANCE
BANKING SECURITY and COMPLIANCE Cashing In On Banking Security and Compliance With awareness of data breaches at an all-time high, banking institutions are working hard to implement policies and solutions
More informationMaking Data Security The Foundation Of Your Virtualization Infrastructure
Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P: 650.681.8100 Securing data has never been an easy task. Its challenges
More informationSecuring and protecting the organization s most sensitive data
Securing and protecting the organization s most sensitive data A comprehensive solution using IBM InfoSphere Guardium Data Activity Monitoring and InfoSphere Guardium Data Encryption to provide layered
More informationUsing BroadSAFE TM Technology 07/18/05
Using BroadSAFE TM Technology 07/18/05 Layers of a Security System Security System Data Encryption Key Negotiation Authentication Identity Root Key Once root is compromised, all subsequent layers of security
More informationUsing Data Encryption to Achieve HIPAA Safe Harbor in the Cloud
Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud 1 Contents The Obligation to Protect Patient Data in the Cloud................................................... Complying with the HIPAA
More informationSecurity Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background
Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background What is a privileged user? A privileged user is an individual who, by virtue of function,
More informationVodacom Managed Hosted Backups
Vodacom Managed Hosted Backups Robust Data Protection for your Business Critical Data Enterprise class Backup and Recovery and Data Management on Diverse Platforms Vodacom s Managed Hosted Backup offers
More informationApplying Cryptography as a Service to Mobile Applications
Applying Cryptography as a Service to Mobile Applications SESSION ID: CSV-F02 Peter Robinson Senior Engineering Manager RSA, The Security Division of EMC Introduction This presentation proposes a Cryptography
More informationNational Security Agency Perspective on Key Management
National Security Agency Perspective on Key Management IEEE Key Management Summit 5 May 2010 Petrina Gillman Information Assurance (IA) Infrastructure Development & Operations Technical Director National
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationPaxata Security Overview
Paxata Security Overview Ensuring your most trusted data remains secure Nenshad Bardoliwalla Co-Founder and Vice President of Products nenshad@paxata.com Table of Contents: Introduction...3 Secure Data
More informationENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT
ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT IS THIS ebook RIGHT FOR ME? Not sure if this is the right ebook for you? Check the following qualifications to make
More informationMANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationAchieving PCI Compliance for: Privileged Password Management & Remote Vendor Access
edmz Introduces Achieving PCI Compliance for: & Remote Vendor Access [ W H I T E P A P E R ] Written by e-dmz Security, LLC February 2010 C o p y r ig h t 2 0 1 0 e - D M Z S e c u r i t y, LL C. A l l
More informationLogRhythm and PCI Compliance
LogRhythm and PCI Compliance The Payment Card Industry (PCI) Data Security Standard (DSS) was developed to encourage and enhance cardholder data security and facilitate the broad adoption of consistent
More informationRSA Digital Certificate Solution
RSA Digital Certificate Solution Create and strengthen layered security Trust is a vital component of modern computing, whether it is between users, devices or applications in today s organizations, strong
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationAcano solution. Security Considerations. August 2015 76-1026-01-E
Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration
More informationEmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions
EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...
More informationNetop Remote Control Security Server
A d m i n i s t r a t i o n Netop Remote Control Security Server Product Whitepaper ABSTRACT Security is an important factor when choosing a remote support solution for any enterprise. Gone are the days
More informationFIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager
FIPS 140-2 Security Policy LogRhythm 6.0.4 Log Manager LogRhythm 3195 Sterling Circle, Suite 100 Boulder CO, 80301 USA September 17, 2012 Document Version 1.0 Module Version 6.0.4 Page 1 of 23 Copyright
More informationOdyssey Access Client FIPS Edition
Odyssey Access Client FIPS Edition Data Sheet Published Date July 2015 Product Overview The need today is greater than ever to ensure that systems are securely configured. Government agencies and secure
More informationUnderstanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective
Understanding the Role of Hardware Data Encryption in EMV and P2PE from the CEO s Perspective Futurex. An Innovative Leader in Encryption Solutions. For over 30 years, more than 15,000 customers worldwide
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationData Sheet: Backup & Recovery Symantec Backup Exec 12.5 for Windows Servers The gold standard in Windows data protection
The gold standard in Windows data protection Overview Symantec Backup Exec 12.5 delivers market-leading backup and recovery protection from server to desktop, providing complete data protection for the
More informationHow To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)
Data Sheet Cisco Storage Media Encryption for Disk and Tape Product Overview Cisco Storage Media Encryption (SME) protects data at rest on heterogeneous tape drives, virtual tape libraries (VTLs), and
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationBuilding Secure Cloud Applications. On the Microsoft Windows Azure platform
Building Secure Cloud Applications On the Microsoft Windows Azure platform Contents 1 Security and the cloud 3 1.1 General considerations 3 1.2 Questions to ask 3 2 The Windows Azure platform 4 2.1 Inside
More informationSolutions for Encrypting Data on Tape: Considerations and Best Practices
Solutions for Encrypting Data on Tape: Considerations and Best Practices NOTICE This white paper may contain proprietary information protected by copyright. Information in this white paper is subject to
More informationSecuring Data in Oracle Database 12c
Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationCA Top Secret r15 for z/os
PRODUCT SHEET: CA TOP SECRET FOR z/os we can CA Top Secret r15 for z/os CA Top Secret for z/os (CA Top Secret ) provides innovative, comprehensive security for your business transaction environments, including
More informationSecuring sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant
Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File
More informationCrittografia e Enterprise Key Management una sfida possibile da affrontare
Crittografia e Enterprise Key Management una sfida possibile da affrontare Giuseppe Russo Oracle Chief Technologist giuseppe.russo@oracle.com Simone Mola SafeNet Sales Engineer simone.mola@safenet-inc.com
More informationManaged Encryption Service
Amethyst Cryptographic Services Ltd Managed Encryption Service An Overview Chris Greengrass March 2011 Encryption and Cryptography The use of encryption/decryption is as old as the art of communication.
More informationData-Centric Security vs. Database-Level Security
TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides
More informationOnline Transaction Processing in SQL Server 2008
Online Transaction Processing in SQL Server 2008 White Paper Published: August 2007 Updated: July 2008 Summary: Microsoft SQL Server 2008 provides a database platform that is optimized for today s applications,
More informationWith Great Power comes Great Responsibility: Managing Privileged Users
With Great Power comes Great Responsibility: Managing Privileged Users Darren Harmer Senior Systems Engineer Agenda What is a Privileged User Privileged User Why is it important? Security Intelligence
More informationIBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services. Combine resources for one complete online business security solution.
IBM Tivoli Access Manager and VeriSign Managed Strong Authentication Services Combine resources for one complete online business security solution. Big e-business opportunities demand security to match
More informationApple Corporate Email Certificates Certificate Policy and Certification Practice Statement. Apple Inc.
Apple Inc. Certificate Policy and Certification Practice Statement Version 2.0 Effective Date: April 10, 2015 Table of Contents 1. Introduction... 4 1.1. Trademarks... 4 1.2. Table of acronyms... 4 1.3.
More informationCloud Storage Backup for Storage as a Service with AT&T
WHITE PAPER: CLOUD STORAGE BACKUP FOR STORAGE AS A SERVICE........ WITH..... AT&T........................... Cloud Storage Backup for Storage as a Service with AT&T Who should read this paper Customers,
More informationLeveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP
P a g e 1 Leveraging Microsoft Privileged Identity Management Features for Compliance with ISO 27001, PCI, and FedRAMP December 24, 2015 Coalfire Systems, Inc. www.coalfire.com 206-352- 6028 w w w. c o
More informationCompliance for the Road Ahead
THE DATA PROTECTION COMPANY CENTRAL CONTROL A NTROL RBAC UNIVERSAL DATA PROTECTION POLICY ENTERPRISE KEY DIAGRAM MANAGEMENT SECURE KEY STORAGE ENCRYPTION SERVICES LOGGING AUDITING Compliance for the Road
More informationSecurity Controls for the Autodesk 360 Managed Services
Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices
More information