The New Perimeter Information Isolate the data The road to securing Information without physical controls Russell Dietz, VP & CTO SafeNet, Inc.
What s top of mind IA Today Identity & Access Management Data Protection Data Loss Reduction Share Information! Controls vs. Security Web 2.0 & SOA Virtualization & Cloud Computing Multi-agency Single Data Center 2
Technology Evolution Security Impact Converged Network Infrastructure Cloud Computing (SaaS, S+S, etc.) Server & Storage Virtualization Service Oriented Architecture (SOA) Next Generation IT Services Client & Desktop Virtualization 3
Information Assets at risk Web 2.0 Application Shared Folders Groupware Database Offline Folders E-Mail Docs Laptop SaaS Cloud Mobile Internet WAN Extranet Branch Office Data Center Media Flashdrive Threats Mounting Sensitive data on the rise External Cyber Attacks Unauthorized User Access Disaster Recovery Sites No Physical Controls Traditional Perimeter GONE! SaaS, Cloud & Web 2.0 Apps Work-collaboration Partners Growing Mobile Devices Remote Replication 4
The Last 25 Years Security evolution missing EVOLVING THREAT EVOLVING ASSURANCE COST COMPLEXITY RISK EVOLVING TECHNOLOGY EVOLVING BUDGETS EVOLVING MISSIONS 5
Evolution - Reduce Attack Surfaces New Perimeter Lock Down Identity Standards Proofing, Credentials Privileged User Identity Authorization Multi-layer & Cross-domain - Isolation Attack remediation - Automation 6
Active Static Active Static Evolution - Information really lives Web 2.0 Application Solve Static FIRST! Active Laptop SaaS Cloud Advances required to contain Active Active Static Active Internet Static Mobile Active Static WAN Extranet Data Center Branch Office Active Static Media Flashdrive Static Static - Contained Active - Open Placed in storage devices Encapsulated in networks Encoded in Databases Exchange points to protect Evaluated & Changed in CPUs Waiting in Memories Presented in Displays Difficult to isolate & protect Remote Replication 7
Evolution - Focus on Information Protection Web 2.0 Application Encapsulate data in a protective cryptographic shell. Laptop SaaS Cloud Mobile Internet WAN Extranet Branch Office Data Center Media Flashdrive Information Approach Identities Weak Link Trusted containers Interoperable Standards Federation & Management Simplifies Security Scales across all areas of use Central, Individual & Hybrids Granular access controls Assured user authentication Remote Replication 8
Information Protection Lifecycle Identity Decision point for Information access High-value target front-door attacks Increasing end-user complexity Simplified 2 nd factor required Transaction Secure area contained & controlled Validation & Confirmation Creation on trusted material Full integrity throughout the process Data Focal point core value to protect Manage the new perimeter Encoding policy & information Files, Objects, Elements, Fields, etc. 9
Protected Lifecycle Static Information nnn n Protected Identity Validate ID w/ Challenge Release Protected Data Check Integrity Acquire Rights Open/Close Shell 1 5b 2 3 Protected Transaction Utilize ID & Rights Process 5a Track the Lifecycle 4 Every part is protected, End to end from the identity to the transaction to the data 10
Information-centric Protection Total Trust Web 2.0 Application Laptop Authentication Physical to Virtual Authorization Files & Objects Access Control DBs and Applications SaaS Cloud Internet Branch Office WAN Mobile Extranet Data Center Media Flashdrive Forever Protection Ubiquitous Controls Cryptographic Perimeter Each data-use is tracked Application & DB Data Granular access controls File-based Endpoints Assured user authentication Removable Media contained Mobile data LOCKED! Remote Replication 11
Centralized Information-centric Protection Identity Protection - Authentication ProtectApp Data & Transaction Protection DataSecure ProtectFile Server HSM ProtectFile Endpoint etokens ProtectFile Mobile MobilePass ProtectFile Server ProtectFile Server ProtectDB ProtectFile Portable Only Single Solution Centralized Protection Structured Apps & DBs Server & Endpoint Files Mobile devices & platforms Sharable Media & Storage Common Policy & Controls Single architecture All Data Transparent to Users & Apps Assured User Authentication 12
Data Protection Evolution SafeNet Solutions Inbound /outbound Perimeter data Protection esafe Authentication and access management Secure, Centralized Key Management Data-centric Policy Management Identity & Access Management Visibility via Logging, Auditing, Reporting Infrastructure Protection Identity Management Data Centric Security 13
Thank you! Russell.Dietz@safenet-inc.com SafeNet, Inc. http://www.safenet-inc.com