IT Security Automation Conference 2009. Endpoint Data Protection (EDP) In The Cloud

Similar documents
Protect Everything: Networks, Applications and Cloud Services

Clinical Trials in the Cloud: A New Paradigm?

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

FTP-Stream Data Sheet

Develop HIPAA-Compliant Mobile Apps with Verivo Akula

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

White Paper - Crypto Virus. A guide to protecting your IT

Building Blocks of the Private Cloud

Securing the Cloud - Using Encryption and Key Management to Solve Today's Cloud Security Challenges

Introducing Backup & Replication v5.7

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Document control for sensitive company information and large complex projects.

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services

Dashlane Security Whitepaper

Overview. Timeline Cloud Features and Technology

Tableau Online Security in the Cloud

BBM Protected Secure mobile

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

The problem with privileged users: What you don t know can hurt you

How To Protect Your Data From Harm

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Overview of Luna High Availability and Load Balancing

Enabling Storage Services in Virtualized Cloud Environments

MANAGED SERVICE PROVIDERS SOLUTION BRIEF

The Security Behind Sticky Password

CloudBerry Dedup Server

Powered by. FSS Buyer s Guide Why a File Sync & Sharing Solution is Critical for Your Business

SECURITY IS JOB ZERO. Security The Forefront For Any Online Business Bill Murray Director AWS Security Programs

How To Get To A Cloud Storage And Byod System

EVault Endpoint Protection All the Details: Enterprise Management, Backup and Recovery, and Security

Colligo Engage Windows App 7.0. Administrator s Guide

Trends in Application Recovery. Andreas Schwegmann, HP

White Paper: Librestream Security Overview

Automating client deployment

PI Cloud Connect. Frequently Asked Questions

Online Backup by Mozy. Common Questions

Comprehensive VMware Virtual Machine Protection with Asigra Cloud Backup TM

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

Secure cloud access system using JAR ABSTRACT:

How To Make A Multi-Tenant Platform Secure And Secure

Phoenix backs up servers using Windows and Linux operating systems. Here is a list of Windows servers that Phoenix supports:

Making Data Security The Foundation Of Your Virtualization Infrastructure

Deploy Remote Desktop Gateway on the AWS Cloud

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

Combined Proxy Re-Encryption

Exchange Mail Hosting

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Sticky Password 7. Sticky Password 7 is the latest, most advanced, portable, cross platform version of the powerful yet

PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.

IP Address Management: Smoothing the Way to Cloud-Based Services

AVLOR SERVER CLOUD RECOVERY

MS Managing and Maintaining Windows 8

Security Architecture Whitepaper

AUTOMATED DISASTER RECOVERY SOLUTION USING AZURE SITE RECOVERY FOR FILE SHARES HOSTED ON STORSIMPLE

Sync Security and Privacy Brief

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

Manage all your Office365 users and licenses

SavvyDox Publishing Augmenting SharePoint and Office 365 Document Content Management Systems

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Security Overview Enterprise-Class Secure Mobile File Sharing

What Do You Mean My Cloud Data Isn t Secure?

Comprehensive Agentless Cloud Backup and Recovery Software for the Enterprise

Salesforce1 Mobile Security Guide

Cloud Models and Platforms

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Enhancing Organizational Security Through the Use of Virtual Smart Cards

mobilecho: 5-Step Deployment Plan for Mobile File Management

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

The Software-as-a Service (SaaS) Delivery Stack

Cisco Network Services Manager 5.0

HarePoint Workflow Extensions for Office 365. Quick Start Guide

Course 20688A: Managing and Maintaining Windows 8

DIY Device Cloud Documentation

SaaS & Cloud Application Development & Delivery

DISK IMAGE BACKUP. For Physical Servers. VEMBU TECHNOLOGIES TRUSTED BY OVER 25,000 BUSINESSES

Corporate PC Backup - Best Practices

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

Deploying a Geospatial Cloud

Deploying EFS: Part 1

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

PATCH MANAGER what does it do?

Apptix Online Backup by Mozy

VMware vsphere Data Protection

Transcription:

IT Security Automation Conference 2009 Endpoint Data Protection (EDP) In The Cloud Gary Sumner Founder & CTO Datacastle Corporation garysu@datacastlecorp.com 1

Top 10 8 Lessons Learned #1 Means to an end, not end in itself #2 Automated key management is, well, key #3 Keep control at the top where it belongs #4 Multi-tenant everything #5 Client deduplication over encrypted data #6 Web access, be careful what you ask for #7 Expect and plan for failures #8 Deployment flexibility 2

#1: Means to an end, not end in itself Anti Virus!= EDP Data Loss Prevention!= EDP Why even run any of these tools? Your data is valuable EDP needs to be multi-faceted 3

#2: Automated key management is, well, key Cryptographically random keys required Manual key management doesn t scale past more than a handful of keys Hard to get right, so most solutions push problem to end user - Password derived keys significantly weaken effective key strength - Easy for hackers to crack with regular cracking tools Not just about initial key generation and key management - complete key life cycle management - policy driven, automated key rotation 4

#3: Keep control at the top where it belongs* Can t rely on end user behavior All aspects of client agent functionality needs to be able to be policy driven - What, Where, When, How Often, How Long Policy changes should auto-propagate within defined window Ideally end user doesn t even know they are being protected - Silent install, auto-activation, policy configured * Name the movie featuring a young Matthew Broderick that this line was unashamedly lifted from? 5

#4: Multi-tenant everything Cloud services = shared infrastructure Security and privacy shouldn t be compromised Management portal needs granular delegated permissions Hierarchical policy inheritance Storage deduplication based on arbitrary logical separation Tenant requirements may dictate physical separation of storage 6

#5: Client deduplication over encrypted data Encrypted data and data deduplication work totally against each other Encrypt in transport, deduplicate on server, then encrypt in storage For client side deduplication, server side needs to control, or at least have access to keys Keys need to be shared and passed around Datacastle has designed and built a system that allows for client side deduplication of encrypted data without decrypting it first or sharing of encryption keys. 7

#6: Web access, be careful what you ask for This one goes hand-in-hand with #2 around key management Web portal where protected data can be accessed from anywhere Great convenience, but at what cost - Privacy and security are now compromised - File system metadata stored in the clear - If not, server needs to know your encryption key - Password based key needed - Server administrator can now easily get to your data 8

#7: Expect and plan for failures The downside of scale Example deployment in Amazon Cloud Use commodity components Stateless application tier Fail gracefully - Allow clients to work offline - Support reverting database 9

#8: Deployment flexibility Internal IT model really no different than external 3 rd party multi-tenant model Client deployment model differences - Silent deployment - IT need to be able to recover device - Auto activation synched with internal domain All communication should go over HTTPS Support deployment to internal IT data center, 3 rd party partners data center or via the cloud without changing software. 10

OK, just one marketing slide Support for running on Windows in FIPS mode utilizing FIPS validated crypto libraries (Dec 09) Automated encryption key rotation by policy (1H10) Secure Web Access (2H10) Available on Apps.Gov today via a partner delivering a cloud service from a Designated Homeland Security Critical Infrastructure Facility 11

12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information