Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise



Similar documents
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

How To Protect Your Data From Theft

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Securing Data in the Cloud

Managing Cloud Computing Risk

Cloud Services and Business Process Outsourcing

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Desktop Solutions SolutioWhitepaper

What you need to know about cloud backup: your guide to cost, security and flexibility.

Things You Need to Know About Cloud Backup

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Data Protection Appliance

REMOTE OFFSITE BACK-UP VIRTUALIZED DISASTER RECOVERY BUSINESS CONTINUITY SERVICE WHITE PAPER

The case for cloud-based disaster recovery

5 Critical Considerations for. Enterprise Cloud Backup

ENCRYPTION KEY MANAGEMENT SIMPLIFIED A BEGINNER S GUIDE TO ENCRYPTION KEY MANAGEMENT

WHITEPAPER. 7 Reasons Why Businesses are Shifting to Cloud Backup

Managing BitLocker Encryption

Double-Take Replication in the VMware Environment: Building DR solutions using Double-Take and VMware Infrastructure and VMware Server

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Business white paper Top 10 reasons to choose Cloud-based Archiving

Strategies for assessing cloud security

A Strategic Approach to Enterprise Key Management

Fileweave. Large File Transfer. Seamless Microsoft Outlook add-in. Simple drag and drop functionality

Why You Should Consider Cloud- Based Archiving. A whitepaper by The Radicati Group, Inc.

Encryption Key Management for Microsoft SQL Server 2008/2014

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

5 Things You Didn t Know About Cloud Backup

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer

SafeNet DataSecure vs. Native Oracle Encryption

Securing and protecting the organization s most sensitive data

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Lunch and Learn: Modernize Your Data Protection Architecture with Multiple Tiers of Storage Session 17174, 12:30pm, Cedar

John Essner, CISO Office of Information Technology State of New Jersey

Datacenter Hosting - The Best Form of Protection

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Cloud Computing: Legal Risks and Best Practices

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

The True Story of Data-At-Rest Encryption & the Cloud

WHY YOU SHOULD CONSIDER CLOUD BASED ARCHIVING.

10 easy steps to secure your retail network

Securing Cloud-Based Workflows for Premium Content:

Five keys to a more secure data environment

Best Practices for Protecting Laptop Data

POLICIES. Campus Data Security Policy. Issued: September, 2009 Responsible Official: Director of IT Responsible Office: IT Central.

Best Practices in Healthcare IT Disaster Recovery Planning

Dell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN

Right-Sizing Electronic Discovery: The Case For Managed Services. A White Paper

Log Management How to Develop the Right Strategy for Business and Compliance. Log Management

Cloud Security Keeping Data Safe in the Boundaryless World of Cloud Computing

The Cloud Hosting Revolution: Learn How to Cut Costs and Eliminate Downtime with GlowHost's Cloud Hosting Services

The Hybrid Cloud Approach: CA ARCserve D2D On Demand

Get Control of Your Data Center. Application Delivery Controllers

Private vs. Public Cloud Solutions

Why Add Data Masking to Your IBM DB2 Application Environment

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

Projectplace: A Secure Project Collaboration Solution

Vormetric Encryption Architecture Overview

Information Technology Solutions. Managed IT Services

How Data-Centric Protection Increases Security in Cloud Computing and Virtualization

Leveraging Virtualization for Disaster Recovery in Your Growing Business

Compliance in 5 Steps

BACKUP ESSENTIALS FOR PROTECTING YOUR DATA AND YOUR BUSINESS. Disasters happen. Don t wait until it s too late.

Microsoft s Compliance Framework for Online Services

Affordable Remote Data Replication

Navigating Endpoint Encryption Technologies

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Considerations of Deploying Cloud- Based Services

This white paper describes the three reasons why backup is a strategic element of your IT plan and why it is critical to your business that you plan

Four Things You Must Do Before Migrating Archive Data to the Cloud

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab

Preemptive security solutions for healthcare

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

Why SAAS makes sense: The benefits of Cloud Computing for Archiving

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Financial Services Need More than Just Backup... But they don t need to spend more! axcient.com

Secure HIPAA Compliant Cloud Computing

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

DriveLock and Windows 8

Table 1 Question Answer Explanation Next Question 1. Sensitive data?

Cloud-ready network architecture

Cloud Backup and Recovery for Endpoint Devices

Virginia Government Finance Officers Association Spring Conference May 28, Cloud Security 101

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Session 11 : (additional) Cloud Computing Advantages and Disadvantages

ORACLE DATABASE 10G ENTERPRISE EDITION

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Planning and Implementing Disaster Recovery for DICOM Medical Images

WHY CLOUD BACKUP: TOP 10 REASONS

Whitepaper: 7 Steps to Developing a Cloud Security Plan

Outsourcing Payment Security. How outsourcing security technology is changing the face of epayment acceptance practices

BANKING SECURITY and COMPLIANCE

About Dorset Connects

Transcription:

Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing sensitive personal information and account data on millions upon millions of customers. Such breaches may cause some IT admins to question the wisdom of storing data in the cloud, sensitive or not, and leave organizations wondering whether cloud data storage is worth it. Cloud computing provides an array of benefits for companies of all sizes, but it also introduces some new and unique challenges when it comes to data protection. Trusting your data to be stored in the cloud requires extra diligence to ensure it is protected and that any applicable compliance requirements are met. This white paper will discuss the benefits of data storage in the cloud, and how Zecurion Zserver Storage can help ensure that your data in the cloud is protected from exposure or compromise.

Benefits of Cloud Storage Storing data locally in your own data center has a number of limitations. Storage capacity and redundancy are limited by the server and drive space available in the data center. Increasing capacity to meet demand is costly and time-consuming. If demand falls off, you are left with wasted capacity sitting idle. In the event of a hardware failure or power outage in the data center, your data will be unavailable, and could possibly end up corrupted or permanently damaged. In the event of a catastrophe, any backup data stored locally could be wiped out along with the production data, which would be devastating for most companies. Leveraging cloud data storage addresses these issues and provides a scalable, reliable, cost- effective storage solution. Benefits vary from vendor to vendor and depend on the service level you negotiate, but here are some of the primary benefits of storing data in the cloud: Scalability. Cloud computing allows you to quickly and easily scale capacity, either increasing or decreasing available storage space to meet current demands. That means you will be able to handle unexpected spikes in capacity needs without having to over-invest in hardware that will spend most of the time idle. Redundancy. Cloud storage providers generally provide multiple sites that are geographically separate, but with mirrored copies of all data. Hardware failures, power outages, or natural disasters affecting a site will be transparent to you because your data will still be accessible from the alternate sites. Hardware Upgrades. Hardware changes so rapidly that your data center investment can be bordering on obsolescence when you have barely implemented it. A third-party vendor dedicated to providing hosted online storage will invest in hardware and infrastructure upgrades over time so you get the benefit of newer technology without having to constantly re-invest in new hardware. Disaster Recovery / Business Continuity. Storing data in the cloud also means that it is being stored offsite. In the event of a catastrophe or natural disaster impacting the local office, the data itself will still be protected and available online. Business will be able to continue almost seamlessly from alternate locations, and the data will be immediately available once normal operations resume at the primary office facility. Cost. Considering what you get, scalable, redundant storage that also doubles as a disaster recovery and business continuity solution, the cost of cloud storage is typically quite reasonable. Consider as well that, by engaging a third-party host for your data, you don t have to hire personnel to manage data storage in-house, with their associated salaries and 2 304 Park Ave South 11th floor New York, NY

benefits, and that, with the economies of scale offered by a cloud storage provider, adding additional space is a fraction of the investment that would be required for new hardware, and the power and cooling necessary to accomplish the same thing in an internal data center It s Still Your Data Regardless of where you store your data, it is still your data. Whether it is stored in a local data center, or hosted in the cloud, it is your responsibility to ensure that sensitive data is protected from unauthorized access and data breaches. With compliance mandates like SOX (Sarbanes-Oxley), HIPAA (Health Insurance Portability and Accountability Act), PCI-DSS (Payment Card Industry Data Security Standard), GLBA (Gramm-Leach- Bliley Act), and more, most organization fall under at least once requirement governing the protection of data. Personally identifiable information (PII) like employees or customers Social Security numbers, birth dates, driver s license numbers, account details, and other similar information is particularly sensitive. Confidential company details like financial projections, trade secrets, or proprietary business practices should also be protected from unauthorized access. Storing unencrypted data in the cloud is an invitation for a data breach. It would be very easy for a configuration error to expose the data, and an attacker that manages to get past the network defenses would have complete access to your sensitive information. Encrypting the data is a start, but it is also important that you encrypt your own data, and control the encryption keys. Some online data storage providers encrypt data, but maintain control of the encryption keys. That means your data may be protected from view by other parties, but there is nothing preventing data center personnel from accessing or viewing the data, and you have to trust that the provider is capable of securely managing the keys. There are many reports and anecdotal stories of sensitive or confidential data being exposed on second hand hardware. Computer systems that are sold, or thrown away often contain information that should be erased before disposal. Better yet, the sensitive data should be encrypted in the first place, in which case protecting the data is as simple as removing the encryption key. 3 304 Park Ave South 11th floor New York, NY

Protecting Your Data with Zecurion Encrypting sensitive files to prevent unauthorized access is an ideal method of protecting the data. One of the issues, organizations and IT administrators have with encryption, though, is that encryption solutions are often cumbersome to implement and maintain. IT administrators are overloaded with responsibilities as it is, and need security tools that simplify rather than complicate their duties. Ideally, cloud storage providers would offer some form of encryption or data protection tools for their customers, but they rarely do. Even in situations where a cloud storage provider does encrypt data, if the provider manages the encryption keys, the data may still be at risk, and the data protection may not meet data security compliance standards. Fortunately, you can seamlessly, and transparently encrypt and protect your own data with Zserver Suite. Zserver Storage transparently encrypts data in real-time as it is written to storage media, even in the cloud, and decrypts it when the data is read back. This allows the data to always be stored in an encrypted format ensuring that it is not accessible by unauthorized personnel and/or a system that does not hold the correct encryption key. Implemented properly, Zserver Storage can be an effective tool for encrypting sensitive corporate data stored in the cloud as well. Using Zserver Storage in the Cloud Each of the cloud-based servers used for processing sensitive data as a part of the standard environment, and normal daily operations, must have Zserver Storage installed on it. A separate, dedicated server ideally a local server not in the cloud data center, must be allocated to function as the Zserver EKMS (Enterprise Key Management Server). The Zserver EKMS stores all encryption keys which are used to encrypt and decrypt the data by the Zserver Storage software on the cloud-based servers. Each of the cloud-based servers with Zserver Storage installed must be registered within the Zserver EKMS in order to be able to connect to the EKMS and load encryption keys from it. After that, all of the cloud-based servers running Zserver Storage will be able to automatically load the necessary encryption keys from EKMS and to open encrypted disks. Only servers that are registered in EKMS by the admin are able to load the encryption keys. In addition, all traffic to and 4 304 Park Ave South 11th floor New York, NY

from EKMS is encrypted so the keys are securely transported to or from EKMS, and when they are stored on EKMS. Servers running Zserver Storage, and registered in the EKMS, automatically perform encryption of the data on specified partitions. In case the server with access to sensitive data needs to be restarted, it will automatically reconnect to the Zserver EKMS, load the necessary encryption keys, and open the encrypted partitions to people with authorized access to those servers. Access to encrypted data will not be possible by unauthorized users or applications. Even if the physical hard drive or storage media are lost or stolen, the Zecurion encryption will prevent unauthorized access to all encrypted data. Zecurion Zserver Storage server encryption is only available for Windows 2000 SP4, Windows Server 2003 SP1, and Windows Server 2008 platforms. The Zecurion encrypted servers and the Zserver EKMS must be part of the same Windows domain, or at least within domains with an established trust relationship. In the event of a server restart, whether intentional or unexpected, the Zecurion encrypted server must be able to connect to the Zserver EKMS to authenticate the encryption keys and resume access to protected data. 5 304 Park Ave South 11th floor New York, NY

Manage Encryption Keys with EKMS Encryption of data is by far the most secure way of protecting information available today. It offers unparalleled security, if implemented correctly. Until recently, this protection came with significant overhead of the encryption keys administration and management. This is because encryption keys are not easily replaced or recovered. In fact, data encrypted with a strong algorithm and a long enough key are virtually unbreakable and irrecoverable if the key is lost. On the other hand, any disclosure of the key to an unauthorized party or a system can easily result in costly data breaches. Therefore, it is imperative for an enterprise to fully understand the encryption key management life cycle before committing to a solution. Centralized Secure Encryption Key Repository Safekeeping of encryption keys is facilitated by centralized repository encrypted by a master key. A master key can be generated using encryption key quorum (recommended). This provides enhanced security of keys used to encrypt company s data. EKMS extends roll-based granular access management to both the repository and the keys themselves, allowing segregation of duties, such as generating keys, accessing key particulars, loading keys from EKMS, other administrative tasks. Encryption Key Quorum The Zserver Enterprise Key Management Server (EKMS) is built by data encryption experts with deep knowledge and understanding of the data encryption complexity and key management challenges organizations are facing today. EKMS was designed on the premise that no single entity should be granted sole possession of an encryption key. This is implemented by means of encryption key quorums. An encryption key quorum is a minimum required number of two or more key fragments to assemble the encryption key. For example, an organization can safely generate a high number of key fragments (up to 75) and set the quorum to 2 fragments. This will enable the organization to provide each system administrator with a single key fragment, requiring at least two administrators to load the encryption key. This process effectively eliminates dependence on any single staff member, while abolishing the need to reencrypt data when a key fragment is lost or an employee leaves the organization. Key fragments are stored on smart cards or other secure storage media. Auto-Loading Encryption Keys Server maintenance often requires servers to be taken offline and restarted. This causes encryption keys to offload from memory. While working with several servers may not impose significant administrative overhead, when operating with hundreds or more, manually loading the keys is much more challenging. EKMS allows streamlining these tasks by automatically loading corresponding encryption keys when servers are brought back online. EKMS ensures server integrity by validating each server s certificate prior to loading the key, avoiding any network conflicts or changes in hardware. 7 304 Park Ave South 11th floor New York, NY

Managing Cloud Security Security in the cloud is a major obstacle that prevents many organizations from employing this computing services delivery model and taking advantage of available cost savings. By outsourcing all or some parts of its IT functions (or infrastructure), an organization often relinquishes the ownership and/or control over its informational assets to a third-party provider. This is a tremendous risk for many businesses, as they struggle to assess their cost savings against potential damages from data breaches or losses. Using locally-hosted EKMS, or smartcards to store encryption keys, organizations can safely encrypt data stored in the cloud while maintaining control over the keys needed to decrypt it. Summary There are a variety of operational and financial benefits to embracing cloud data storage, but those benefits come with some unique risks as well. Using Zecurion Zserver Storage to encrypt data, and storing the encryption keys locally with EKMS or on a smartcard enables organizations to take advantage of cloud data storage while ensuring that sensitive data will not be exposed or compromised. 7 304 Park Ave South 11th floor New York, NY

About Zecurion Zecurion is a leading global provider of security protection of corporate information from internal threats, emphasizing reliable and transparent backup encryption, server storage security, email security as well as control of peripheral devices in corporate networks with clear, easy-to-use administrative interfaces and tools. Zecurion s unique forensic capabilities are unmatched, providing an additional layer of risk management through the shadowing and storage of communications transactions for future auditing. Zecurion s solutions are successfully protecting the internal assets and intellectual property for more than 10,000 companies worldwide. Zgate, Zlock, Zserver, and Zdiscovery have been recognized for technology and security protection. Zecurion is led by an executive team experienced in developing security software and deployment across the enterprise. With over a decade of experience in developing encryption-based security solutions, Zecurion allows IT departments to efficiently protect corporate information from internal threats, as well as from loss or theft of backup storage media. As organizations realize the operational and financial benefits of cloud computing and transition data storage from internal resources to cloud-based data storage services, Zecurion provides an effective, intuitive, and cost-effective solution for encrypting and protecting sensitive data no matter where it resides. 8 304 Park Ave South 11th floor New York, NY

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information