Copyright 2015Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP Restricted HP Atalla Data-Centric Security & Encryption Solutions Jean-Charles Barbou Strategic Sales Manager HP Atalla EMEA MAY 2015
HP Atalla 160+ million US card transactions protected daily Leading payments HSM vendor serving Americas, APJ and EMEA card payments markets 70% of US card transactions touch HP Atalla Hardcore Rock-solid security Trusted name 50 patents FIPS 140-2 validated$ Trillions Level 2 and level 3+ Creative engineers delivering security inventions and driving HP s security thinking Our Enterprise Secure Key Managers (ESKM) and Network Security Processors (NSP) are built for the highest standards Atalla secures 1 in 3 card transactions, HP also processes billions of card transactions annually invented the security you take for granted 2
HP Atalla Data Security & Encryption Solutions $ HP Atalla Network Security Processor (NSP) Also known as Atalla Payments HSM leading product in payments security HP Enterprise Secure Key Manager (ESKM) Creates, serves, and protects encryption keys for enterprises HP Cloud Access Security protection platform Adallom - Cloud Access Security Broker HP Atalla Information Protection and Control (IPC) Lifecycle security classification and protection for unstructured sensitive enterprise data HP Security Voltage Encryption & tokenization of structured data, Encryption & key management for email 3 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Imperatives driving information security Movement to cloud and mobility is forcing a new infrastructure; expanding the attack surface, much of this new infrastructure is not in full control of IT. Information is the target breaches are frequent; adversary is focused on sensitive data. Compromising insider credentials immune to perimeter defenses. You re still responsible for compliance needs attention, scarce skills, investment and monitoring. Legislation, regulation, notification/disclosure requirements, data sovereignty, state actors, risk, etc. 4 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
99% of breaches are about the data. 5 Copyright 2015 2014 Hewlett-Packard Development Company, L.P. L.P. The The information contained herein herein is subject is subject to change to change without without notice. notice.
Attack Life Cycle Research Research Potential Targets Threat Intelligence HP Security Research Infiltration Phishing Attack and Malware Block Adversary HP TippingPoint HP Fortify Monetization Data Sold on Black Market Discovery Mapping Breached Environment Detect Adversary HP ArcSight Exfiltration/Damag Exfiltrate/Destroy e Stolen Data Action HP Services Capture Obtain data Protect Data HP Atalla HP Security Voltage
Full coverage of data protection use cases PCI compliance/ scope reduction Data de-identification and privacy HP Atalla Atalla HSMs Payments applications, EMV, mobile, customizations and compliance in FIPS Level 3+ appliances ESKM and Atalla Cloud Encryption Securing infrastructure & cloud; KMIP enterprise key management HP Security Voltage HP SecureData HP Secure Stateless Tokenization (SST)/ secure commerce solution with Page Integrated Encryption (PIE) HP SecureData Format preserving Encryption (FPE) Securing the data while enabling business processes Collaboration security HP Atalla IPC Automatic enterprise data classification Cloud Access Security protection platform visibility, governance and control for SaaS HP Secure Mail and HP SecureFile for email security without PKI complexity and for file protection using Identity Based Encryption (IBE)
HP Security Voltage
A History of Excellence HP Security Voltage : Founded in 2002 out of Stanford University, based in Cupertino, California. Acquired by HP : February 2015 Mission: By: tokenization solutions used or stored Market Leadership: To protect the world s sensitive data Providing encryption and that protect data wherever it is PCI solutions are used by six of the top eight U.S. payment processors Provide the world s most pervasive email encryption solutions Video Introduction Contribute technology to multiple standards organizations Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
10
HP Security Voltage Voltage solves the industry s biggest problem: making encryption and tokenization of data simple for even the most complex use cases 11
Example: Cloud Data De-Identification Top Card Brand Enable Adoption of Public Cloud Implementation Enable highly sensitive data to exist in a public Cloud environment Minimal support from security and IT Line of business range of motion to embrace low cost public cloud model HP SecureData with HP Format-Preserving Encryption HP Stateless Key Management Preservation of referential integrity and format of data within the cloud Enabled Security to say Yes to public cloud Business saving over 40% per application per year about $200K/app/year CIO praise of LOB and Security for solution 12
Example: Email Security for PII Data Payroll Processor More Secure, Cost-effective Way to Send Statements Containing PII Replace costly paper statement delivery Allow for easy access to statements by customers Improve environmental standards by eliminating large amounts of paper HP SecureMail Statements Edition No software required for recipient Solution rapidly deployed Millions of statements sent electronically on a monthly basis Average about one technical support call per month Manage system with less than one FTE 13
Protecting data-at-rest HP Enterprise Secure Key Manager 4.0
Don t leave the keys in the car Encryption is only strong at protecting information if the encryption keys that scramble the data are themselves well protected.
Enterprise key management is a hard job with high stakes
HP Enterprise Secure Key Manager (ESKM) solves the problem Manage business-critical encryption keys Value Proposition o Manages encryption keys at enterprise scale o Separates keys from the data o Handles key backup, rotation, audit logging, etc. Quick Facts o Easily Deployed: 1U hardware appliance o Highly Available: deployed in clusters of 2-8 nodes o Scales for Modern Datacenters: 25K clients, 2 million keys o Highly Secure: FIPS 140-2 Level 2 validated appliance o Interoperable: supports industry-standard interface (KMIP) https://wiki.oasis-open.org/kmip/knownkmipimplementations http://www.snia.org/forums/ssif/kmip/results
ESKM 4.0 Unified Key Management for the Enterprise BEST Database Security Encryption www.hp.com/go/eskm
Intelligence to Action: Data classification with HP Atalla Information Protection and Control (IPC)
#1 cause and concern of data loss Human Error! CompTIA report 2015 Cause Percentage Human error 52% End-user failure to follow policies & procedures 42% General carelessness 42% Failure to get up to speed on new threats 31% Lack of expertise with website/applications 29% IT staff failure to follow policies & procedures 26% Concerns Percentage Human Error as the leading contributor to security breaches 52% Human error - general staff 30% Human error - IT staff 27%
Partnership with Video Introduction
www.hp.com/go/atallaipc
HP Atalla Information Protection & Control Embeds security at the point of data creation Capture Classify Protect Client /SaaS apps File shares User generated Cloud storage devices 23
Key Atalla IPC information protection elements Injected at creation or initial access for protection at every stage in data lifecycle Classificatio n Encryption Permissions Policy Usage tracking Integrate with ArcSight: Identify propagation of sensitive information Active monitoring for privileged information users and detect abnormal behavior
Atalla IPC Information classification prism Optimized classification cycle is triggered upon intercepted events (open, close, save, download, upload, copy, etc.) Folder Applications Web SaaS Cloud IP Ranges Source Destination User Email Domain AD Attributes Identity File Properties ECM Attributes Metadata Phrases Patterns Thresholds Algorithms Content Data Classes User Classification Customer Info Finance Info Top Secret Third Party Public Info Others Classified 25
Key use cases/threat vectors Internal exposure IT admin/privileged user External exposure (DLP) Cyber threats Secure collaboration Compliance Exposure of sensitive data to unauthorized employees Exposure to privileged users/it admins, whether serverside/client-side/ or cloud Threat of data exposure outside of the organization Malware or other cyber attacks, threat of data theft/leak/loss Need to share sensitive data with people outside (or within) the organization Compliance with industry/governmental regulatory directives
Cloud Access Security protection platform
Partnership with Video Introduction
Cloud Access Security Visibility, Governance and Protection Visibility Gain complete context into users, data devices, activities, access Governance Implement policies for access, activities and data sharing Protection Address risky activities, suspicious behaviors and threats Integrates with multiple cloud applications Works with any user, network, any device (managed & unmanaged) Secures data at rest and data in motion
Choice of deployment architecture depending on use case API Integration for normal usage Smart Proxy for high-security use cases Cloud apps Cloud apps API (data at rest) Managed device Scalable model Sits out of band (minimal performance impact) HP currently using this mode unmanaged device SMARTProxy TM (data in motion) home device Monitors data in real time for more control and governance Note: On-premises deployment is a customer option
We protect the world s information Banks data about your finances and accounts Payments made to you Health records your care provider manages for you Your credit rating information Your interactions with SaaS applications Your Telco s information about your account Your email correspondence Your customers data. Your organizational data. Your private email to and from your smartphone 32
HP Atalla Driving leadership in data-centric security and protecting the world s largest brands 33 Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 33
Thank you! hp.com/go/atalla