ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary



Similar documents
Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Compliance for the Road Ahead

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security

Data Protection: From PKI to Virtualization & Cloud

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Encryption, Key Management, and Consolidation in Today s Data Center

SafeNet DataSecure vs. Native Oracle Encryption

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Making Data Security The Foundation Of Your Virtualization Infrastructure

Alliance Key Manager Solution Brief

A Strategic Approach to Enterprise Key Management

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

FAMILY BROCHURE Sensitive data is everywhere. So are we.

Complying with PCI Data Security

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Welcome to the SafeNet Executive Day! Новые ГоризонтыИнформа ционной Безопасности

Securing Data-at-Rest in Files, Folders and Shares:

ways to enhance security in AWS ebook

Addressing Cloud Computing Security Considerations

Key Management Best Practices

Safeguarding the cloud with IBM Dynamic Cloud Security

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

Vormetric Encryption Architecture Overview

Vistara Lifecycle Management

Encrypting Data at Rest

VDI Security for Better Protection and Performance

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Solutions for Encrypting Data on Tape: Considerations and Best Practices

White Paper: Nasuni Cloud NAS. Nasuni Cloud NAS. Combining the Best of Cloud and On-premises Storage

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Crittografia e Enterprise Key Management una sfida possibile da affrontare

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

ABC of Storage Security. M. Granata NetApp System Engineer

PICO Compliance Audit - A Quick Guide to Virtualization

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

How To Encrypt Data On A Network With Cisco Storage Media Encryption (Sme) For Disk And Tape (Smine)

WHITE PAPER WHY ORGANIZATIONS NEED LTO-6 TECHNOLOGY TODAY

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

EMC DATA DOMAIN ENCRYPTION A Detailed Review

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS

Overcoming Security Challenges to Virtualize Internet-facing Applications

Cloud Storage Backup for Storage as a Service with AT&T

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

Effective End-to-End Cloud Security

The True Story of Data-At-Rest Encryption & the Cloud

SteelFusion with AWS Hybrid Cloud Storage

BMC s Security Strategy for ITSM in the SaaS Environment

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

ways to enhance security in AWS ebook

WhitePaper. Private Cloud Computing Essentials

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Windows Least Privilege Management and Beyond

The Market for Two-Factor Authentication

Drawbacks to Traditional Approaches When Securing Cloud Environments

Total Cloud Protection

Preemptive security solutions for healthcare

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Security Issues in Cloud Computing

Secure the AWS Cloud with SafeNet Solutions ebook GEMALTO.COM

Securing Data at Rest with Encryption

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

Increased Security, Greater Agility, Lower Costs for AWS DELPHIX FOR AMAZON WEB SERVICES WHITE PAPER

Network Virtualization Solutions - A Practical Solution

Navigating Endpoint Encryption Technologies

Autodesk PLM 360 Security Whitepaper

SERENA SOFTWARE Serena Service Manager Security

IBM Security Privileged Identity Manager helps prevent insider threats

Securing Virtual Applications and Servers

Security Overview Enterprise-Class Secure Mobile File Sharing

WHITE PAPER: Egenera Cloud Suite

SafeNet Network Encryption Solutions Safenet High-Speed Network Encryptors Combine the Highest Performance With the Easiest Integration and

How To Protect Your Data From Harm With Safenet

NEXT-GENERATION, CLOUD-BASED SERVER MONITORING AND SYSTEMS MANAGEMENT

PCI DSS 3.0 Compliance

Paxata Security Overview

Amazon Cloud Storage Options

BBM Protected Secure mobile

Strengthen security with intelligent identity and access management

Symantec Enterprise Vault.cloud Overview

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

Enterprise level security, the Huddle way.

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Transcription:

VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION PROOF OF COMPLIANCE CONTROL KEYS IN HARDWARE ROLE-BASED ACCESS MGMT DIGITAL SHREDDING ProtectV Securing Sensitive Data in Virtual and Cloud Environments whitepaper Features Function Benefits Addressing Requirements for Securing Sensitive Data in Virtual Environments Data Isolation Separation of Duties Cloud Compliance Pre-launch Authentication Multi-tenant Protection Executive Summary Virtual environments and cloud deployment scenarios can present a host of security gaps and challenges, but the adoption of these approaches continues to pick up speed and grow increasingly pervasive. This paper looks at the challenges of safeguarding sensitive assets in virtual datacenters and in private and public cloud deployments. In addition, it reveals how SafeNet ProtectV delivers the critical capabilities security teams need to effectively and persistently meet their governance, compliance, and data protection mandates in these environments. Introduction: The Pervasiveness of Virtualization and Cloud Adoption Whether IT and security teams are embracing the prospect, lukewarm on the idea, or adamantly opposed, business decision makers are driving the move to virtualization and the cloud. Incented by the opportunities for boosting agility and cost efficiency, organizations are quickly and pervasively embarking on virtualization and cloud initiatives. Today, 39.4% of servers are virtual. By 2018, 86% of all workloads are expected to be running in virtual machines. Plus, by the end of the year, the cloud market is expected to grow to $60 billion. The Challenge: Addressing Security Gaps in Virtual and Cloud Environments In spite of their widespread adoption, virtualization technologies and cloud services continue to present some significant challenges for the security teams tasked with safeguarding sensitive data. Following are a few of the more pressing obstacles: Increased data volumes and mobility. In virtual environments, workloads, data repositories, and sensitive data are highly mobile, and frequently being shifted to different virtual and physical resources. In these environments, it is easier than ever to move and copy sensitive data. For example, virtual machines are often routinely backed up, according to proper retention policies. However, given the volume of virtual machines running and the persistent backups of these resources, the locations of sensitive data can increase substantially. Consider that if one virtual machine is backed up every hour, there would be 24 copies of that virtual machine created on a daily basis. This explosive growth in virtual machines and their associated backups all ultimately result in sensitive data residing in many more locations than in years past. This proliferation presents security teams with inherent challenges, increasing the complexity and effort required to secure sensitive assets. ProtectV Whitepaper 1

Digital shredding. Exacerbating matters is the uncertainty that can surround data destruction and retention. With the volume of virtual machine snapshots ending up in physical media, it grows increasingly difficult to determine with certainty whether all instances of a sensitive repository are completely and permanently removed from all potential locations. Administrative exposure. Another potential challenge is posed by the changing dynamics of administration in virtual environments. Compared to prior computing models, cloud and virtualization ultimately introduce more privileged users and a new class of administrators. Typically, teams of administrators focused on servers, storage, backups, and applications will have some level of access in virtual environments, and quite often security policies and administrative functions are handled independently by each group. Security teams need to have the visibility and control to ensure sensitive assets aren t exposed to unauthorized access. Unlike traditional environments, establishing and retaining these controls presents a host of unprecedented challenges. Security Requirements in Virtual and Cloud Environments The challenges above are fundamentally at odds with the objectives and responsibilities of enterprise security teams. As with traditional computing environments, security teams need to have the visibility and control to ensure sensitive assets aren t exposed to unauthorized access. Unlike traditional environments, establishing and retaining these controls presents a host of unprecedented challenges whether you re running applications on virtualization technologies in your own datacenter, in private or virtual private clouds, or in public clouds. In these environments, security teams have to be able to realize the following objectives: Data governance. Security administrators have to overcome the inherently limited visibility of dynamic, virtual environments. They need to be able to identify, track, and control where instances containing sensitive assets reside at any given time. They need to be able to track each virtual machine s replication and to monitor each event associated with these instances. Finally, they have to be able to track and guard against unauthorized copying of a virtual resource. Data compliance. Compliance initiatives remain a critical requirement. To ensure their organizations sustain their compliance status, security administrators have to be able to enforce adequate controls of specific data assets. They need to be able to definitively track access to sensitive data, enforce proper access controls, and present a trusted audit trail that can provide complete details on all access events. Data protection. Minimizing the risks of breaches and data loss is a fundamental requirement in virtual environments. To realize these objectives, security administrators have to be able to ensure that all data instances are secure and only accessed by authorized users. Further, in the event of some risk being detected, whether a potential vulnerability or known breach, security administrators need to be able to apply effective security measures in order to mitigate and minimize the exposure. SafeNet ProtectV: Delivering Unparalleled Security to Virtual and Cloud Environments Today, SafeNet offers solutions that enable organizations to leverage the business benefits of virtualization and cloud services, while meeting their governance, compliance, and data protection requirements. With SafeNet ProtectV, organizations can encrypt and secure entire virtual machines, protecting these assets from theft or exposure. Further, with ProtectV, security teams can encrypt virtual storage, ensuring cloud data is isolated and secured even in shared, multi-tenant cloud environments used for application hosting, data storage, or disaster recovery. ProtectV can be deployed in public cloud (Amazon EC2), private cloud (Amazon VPC), and virtual datacenter (VMware vcenter) environments. ProtectV Whitepaper 2

With ProtectV, organizations enjoy these advantages: Leverage the deepest, most comprehensive visibility of virtual environments in order to enable effective governance. Ensure the highest levels of compliance with all relevant policies and regulatory mandates. Apply maximum security and protection to sensitive data assets in virtual environments. ProtectV: Key Capabilities Comprehensive Security Featuring support for robust encryption algorithms, including FIPS-approved AES 256 and 3DES, ProtectV enables organizations to apply strong protection to their sensitive assets. ProtectV is the only solution available today that enables organizations to encrypt the entire virtual machine, including virtual machine partitions and operating system partitions, delivering the most comprehensive levels of security. ProtectV addresses the key requirements needed to secure virtual datacenters and cloud environments: Data isolation. With ProtectV, security teams can logically separate the volumes and virtual instances that hold sensitive data from other areas in the environment. In addition, this solution enables organizations to implement safeguards against potential hackers who might breach cloud hypervisors, and from the cloud super-users who administer the virtual environment. Separation of duties. ProtectV enables security teams to separate administrative responsibilities for specific instances and volumes from the cloud super-users who control the larger virtual environment. The solution offers controls for ensuring that any one administrator can t abuse his or her privileges. For example, using approaches like M-of-N separation, organizations can require that multiple administrators must always conduct such critical administrative tasks as policy changes and key export. Cloud compliance. ProtectV offers the core confidentiality and integrity controls that are key requirements for ensuring compliance with regulatory mandates, including version 2.0 of the Payment Card Industry Data Security Standard (PCI DSS), which includes rules on safeguarding payment data in virtual environments. Strong pre-launch access authentication. Featuring password-based protection at the user level, ProtectV enables authentication controls over which resources can be accessed, when, and by whom. When a virtual machine launches, only authorized users can access the OS partition. With alternative encryption approaches, unauthorized users can launch virtual machines and access whatever is stored in the system partition. Multi-tenant protection. With ProtectV s comprehensive, robust capabilities, organizations can ensure that, even in shared, multi-tenant cloud environments, administrators gain the visibility and controls they need to safeguard sensitive assets. With these comprehensive capabilities, organizations can apply consistent, effective security measures across the entire virtual machine lifecycle, including provisioning, starting, operation, snapshots, and deletion. Central, Secure Key Management ProtectV is fully integrated with SafeNet KeySecure, a solution that simplifies the management of encryption keys while ensuring keys are secure and always available to authorized users. KeySecure automates the backup and distribution of encryption keys across an enterprise. Based on a hardened security appliance, KeySecure safeguards keys against theft, tampering, and unexpected system failures. Using the solution s management console, administrators can simultaneously manage multiple appliances, including disk and tape storage encryption platforms from NetApp, Quantum, and SafeNet, and SAN switches from Brocade. ProtectV Whitepaper 3

Advantages of KeySecure Centralized management of encryption keys and policies, delivering a central root of trust. Comprehensive key management for a number of encryption solutions, including those for storage, tape libraries, databases, SAN switches, applications, tokenization, and more. Easy integration with third-party appliances through support for the Key Management Interoperability Protocol (KMIP). Secure storage of encryption keys, offering a robust hardware security module (HSM) that is FIPS 140-2 level 3 certified. Improved safeguards against insider threats, compliance with PCI and other mandates through granular, role-based authorization and secure authentication. Lifecycle management of keys that offers full audit trails on all cryptographic key activities. Secure digital shredding through the deletion of the cryptographic keys needed to decrypt sensitive assets. Fast, Flexible Deployment and Efficient Administration ProtectV offers a range of features that help security teams enjoy fast, flexible deployment and administrative and operational efficiency in the long term: Flexible deployment and integration. Whether your business applications are running in public clouds, private clouds, or virtual datacenters, ProtectV can be conveniently and effectively deployed to support your security objectives. Further, the solution offers flexible APIs that enable automation and integration with virtual server provisioning systems. In addition, the solution provides command-line interfaces for scripting and bulk operations. Fast deployment. ProtectV speeds deployment, for example enabling administrators to use pre-defined images to deploy encryption on new platforms. Intuitive administration. With ProtectV, administrators can work with an easy-to-use console or through their cloud provider s native interface. As a result, tasks such as policy updates, users and role assignments, monitoring, and event management are fast and efficient. Efficient administration. With ProtectV, administrators can centrally manage encryption of all virtual machines, across their cloud or virtual environments. ProtectV: Product Components The ProtectV solution is comprised of these components: ProtectV Client. ProtectV Clients are installed on each virtual machine that is to be encrypted. This component encrypts every bit as it s written onto disk. In addition, it offers a pre-launch authentication layer that protects the operating system from unauthorized access at the time the system first initiates. ProtectV Manager. ProtectV Manager runs on a protected and hardened virtual machine. ProtectV Manager offers a central platform for managing policies, administration, and audits. This component is designed to enable API-based automation, and it can scale to protect virtual machines. KeySecure. KeySecure is a hardware-based key management platform that enables secure, central management of cryptographic keys. Deployed on the customer s premise, KeySecure enables complete and continuous ownership of cryptographic keys across their lifecycle. ProtectV: Deployment Scenario - Virtualized Data Center KeySecure Virtualized Data Center ProtectV Manager ProtectV Client Trusted On-premise Location ProtectV Whitepaper 4

ProtectV: Deployment Scenario - Public Cloud KeySecure Public Cloud ProtectV Manager ProtectV Client Trusted On-premise Location Conclusion As the use of virtualization platforms and cloud services continues to grow more widespread, so can the associated security risks. With SafeNet ProtectV, organizations can fully leverage the business benefits of virtualization and cloud offerings, while ensuring optimal security of their sensitive data assets. With SafeNet ProtectV, organizations can fully leverage the business benefits of virtualization and cloud offerings, while ensuring optimal security of their sensitive data assets. SafeNet Data Protection Virtual and cloud security solutions, like all enterprise security, need to be managed in a layered approach to the information protection lifecycle that combines encryption, access policies, key management, content security, and authentication. These layers need to be integrated into a flexible framework that allows the organization to adapt to the risk it faces. Wherever data resides, SafeNet offers persistent, secured storage for structured and unstructured data. SafeNet provides a practical framework for delivering the trust, security, and compliance enterprises demand when moving data, applications and systems to the virtual environments and the cloud. About SafeNet Founded in 1983, SafeNet, Inc. is one of the largest information security companies in the world, and is trusted to protect the most sensitive data for market-leading organizations around the globe. SafeNet s data-centric approach focuses on the protection of high value information throughout its lifecycle, from the datacenter to the cloud. More than 25,000 customers across commercial enterprises and government agencies trust SafeNet to protect and control access to sensitive data, manage risk, ensure compliance, and secure virtual and cloud environments. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected 2012 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. WP (EN)-05.25.12 ProtectV Whitepaper 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information