RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief



Similar documents
RSA Solution Brief RSA. Data Loss. Uncover your risk, establish control. RSA. Key Manager. RSA Solution Brief

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

RSA SecurID Two-factor Authentication

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Enterprise Data Protection

White paper. Information Risk Management for Healthcare Organizations. Six Best Practices for Protecting Your Health Information

with Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief

SafeNet DataSecure vs. Native Oracle Encryption

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

White paper. 6 Best Practices for Preventing Enterprise Data Loss

White paper. Four Best Practices for Secure Web Access

Vormetric and SanDisk : Encryption-at-Rest for Active Data Sets

White paper. Five Key Considerations for Selecting a Data Loss Prevention Solution

Alliance Key Manager Solution Brief

Complying with PCI Data Security

Preemptive security solutions for healthcare

IBM Data Security Services for endpoint data protection endpoint encryption solution

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

TECHNOLOGY PARTNER CERTIFICATION BENEFITS AND PROCESS

Best Practices for Protecting Laptop Data

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Storage Media Encryption and Enterprise Key Management: The EMC Connectrix MDS and RSA Solution for Securing Data on Tape

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

EMC VMAX3 DATA AT REST ENCRYPTION

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

EMC DATA DOMAIN ENCRYPTION A Detailed Review

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Transparent Data Encryption: New Technologies and Best Practices for Database Encryption

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

BMC s Security Strategy for ITSM in the SaaS Environment

Securing the Cloud Infrastructure

Ensuring Security and Compliance of Your EMC Documentum Enterprise Content Management System: A Collaborative Effort of EMC Documentum and RSA

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Kelvin Wee CISA, CISM, CISSP Principal Consultant (DLP Specialist) Asia Pacific and Japan

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Protecting Cardholder Data Throughout Your Enterprise While Reducing the Costs of PCI Compliance

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

EMC PowerPath Family

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Proven LANDesk Solutions

RSA Executive Overview. Information Risk Management for the Financial Services Industry

Five Truths. About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK

BANKING SECURITY and COMPLIANCE

The Impact of HIPAA and HITECH

Reducing the cost and complexity of endpoint management

Securing data at rest white paper

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

Making Database Security an IT Security Priority

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

PCI Data Security Standards (DSS)

Simplifying the Scope of the PCI Audit

SecureD Technical Overview

TOP SECRETS OF CLOUD SECURITY

Navigating Endpoint Encryption Technologies

EMC Symmetrix Data at Rest Encryption

EMC CONSULTING SECURITY STANDARDS AND COMPLIANCE SERVICES

Decrypting Enterprise Storage Security

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

P Managing the Lif owerpath Encr ecycl yption wi e of th RSA Encryption Keys with RSA Key anager

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

Trend Micro Cloud Security for Citrix CloudPlatform

Encryption, Key Management, and Consolidation in Today s Data Center

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

CA Tape Encryption Key Manager

RSA Digital Certificate Solution

Application Security in the Software Development Lifecycle

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

MySQL Security: Best Practices

Vormetric Encryption Architecture Overview

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

Proactive controls to mitigate IT security risk

Sharpen your document and data security HP Security solutions for imaging and printing

Protecting Data-at-Rest with SecureZIP for DLP

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

CYBER SECURITY: NAVIGATING THE THREAT LANDSCAPE

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Information Security & Privacy Solutions Enabling Information Governance

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

A Strategic Approach to Enterprise Key Management

PCI DSS Top 10 Reports March 2011

Securing Sensitive Data

IBM Tivoli Endpoint Manager for Security and Compliance

The RSA Solution for. infrastructure security and compliance. A GRC foundation for VMware. Solution Brief

Solutions for Encrypting Data on Tape: Considerations and Best Practices

Payment Card Industry Data Security Standard

90% of data breaches are caused by software vulnerabilities.

Data-Centric Security vs. Database-Level Security

Securing and protecting the organization s most sensitive data

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Protecting personally identifiable information: What data is at risk and what you can do about it

Transcription:

RSA Encryption and Key Management Suite

The threat of experiencing a data breach has never been greater. According to the Identity Theft Resource Center, since the beginning of 2008, the personal information of over 30 million American consumers has been exposed through a data breach. And that only accounts for the breaches that have been reported. Data breaches are not just limited to the U.S., but remain a threat around the globe. No organization is immune to the risk regardless of size, location or industry. Many laws and regulations exist throughout the world, aimed at protecting privacy of individuals; however, those regulations can be interpreted in a number of ways. Many experts argue that data breaches are almost certainly a much larger problem because while the laws require organizations to provide the means to protect data, they fail to impose guidelines on organizations to acknowledge the true impact of a data breach or loss. A Shift in Enterprise Encryption and Key Management Securing sensitive data is a challenging task in order to meet the requirements associated with regulatory compliance. Any enterprise solution for protecting data especially data at rest in applications, databases, files or elsewhere must involve two core security technologies: strong encryption technology to protect sensitive data and full enterprise key management for effective administration and distribution of the keys that lock and unlock that protected data. Data encryption is quickly becoming the de facto control technology for meeting industry security standards and regulatory guidelines such as ISO 27002 and the Payment Card Industry (PCI) Data Security Standard (DSS). Effective, persistent security for your information requires encryption controls that can secure data at every layer of the IT stack and enterprise key management to reduce the cost and complexity of point encryption key management solutions. Several factors are driving the shift in the way businesses protect their sensitive information and lower their risk including: Companies are storing more sensitive data of all types The threat of data loss from insiders is on the rise There is a growing need to share more data with authorized external users Compounding this paradigm shift, traditional security technologies focused on hackers and perimeter protection do not help mitigate internal risks in a meaningful way. For example, in the 2008 Insider Threat Survey conducted by RSA, 64% of respondents noted they frequently or sometimes send work documents to their personal email address in order to access and work on them from home. A renewed focus is needed to encrypt the most sensitive data wherever it resides in an organization, thereby protecting the information rather than the infrastructure. Over time, the risk associated with unencrypted sensitive data being compromised can result in increased financial exposure, breach remediation, compliance costs, customer churn and brand erosion. RSA Encryption at a Glance Encrypt sensitive data irrespective of the location Meet regulatory and compliance requirements Mitigate risk through policy-based remediation and enforcement and avoid damage to brand equity and reputation Deploy enterprise key management for simplified operations and better security New markets are emerging for stolen data The regulatory environment continues to evolve and become more complex 2

The RSA Encryption and Key Management Suite is an integrated suite of products that provide encryption at different levels within the IT infrastructure. Before deciding where and what to encrypt and which data encryption and key management solutions to select, organizations should evaluate their options based on the following three rules: Data that moves physically or virtually should be encrypted. Data, whether at rest, in motion, or in use, needs to be encrypted. For backup tapes, emails that exchange confidential information or USB drives, encryption can prevent unauthorized access to data due to physical loss or online virtual interception of that information. Separation of duty. Encrypting based on duty or privilege also provides a level of access control to sensitive data. For example, if sensitive personnel records were encrypted, HR would likely be the only users with the key to access that data.administrators may be able to get in to the system to perform standard maintenance, however, would not be able to access the employee data. Mandated encryption. Depending on the industry, many organizations are mandated by law to encrypt sensitive data. RSA Solutions for Encryption and Key Management As part of RSA s Data Security System strategy, the RSA Encryption and Key Management Suite can help minimize the risks associated with data breaches of sensitive data, intellectual property and business strategy/operations data. The solution also meets regulatory requirements for encrypting data at rest and data in transit. Sensitive data stored in file systems on servers and end points is also protected. The RSA Encryption and Key Management Suite is an integrated suite of products that provide encryption at different levels within the IT infrastructure. The RSA Encryption Suite is comprised of encryption solutions designed to protect sensitive information stored in file systems on servers and endpoints. The RSA Key Manager solution securely stores, distributes and manages encryption keys throughout their lifecycle. Secure applications can be designed without increased costs or timelines, and additional data center encryption policies, such as tape and disk, can be deployed easier than with standalone key management. RSA s encryption solutions address the need for encryption at different levels within the enterprise infrastructure. Key advantages of the RSA Encryption and Key Management Suite are: Minimizes risk associated with data breaches of sensitive data, intellectual property and business strategy/operations data Meets regulatory requirements for data at rest and data in transit Protects sensitive information stored in file systems on servers and endpoints 3

The Real Costs of a Data Breach Headlines of data breaches affecting tens of thousands of individuals are reported each day, but what are the real costs that are not often considered? When examining the costs of a data breach, most consider the cost of having to compensate customers if their personal information is stolen and sold for the purpose of identity theft. But the real costs go far beyond that. The first cost often overlooked is that of breach notification. Consider a recent case where a backup tape was lost that contained the records of 4.5 million individuals. The odds of that information ending up in the wrong hands and being sold on the black market is probably low. The real cost comes into play now that the organization has to initiate a plan to notify their customers of a potential data breach and bear the associated costs. According to the Ponemon Institute, the cost of notifying an individual of a data breach is almost $200. Now consider the case in which 4.5 million individuals were potentially exposed and would require notification. The financial burden could be overwhelming. The second cost is for compliance efforts. While failure to comply with regulations may induce hefty fines, the flip side of creating and monitoring compliance programs creates an enormous amount of overhead. A study published in CIO Magazine contends that at least 20% of an IT organization s time is spent on compliance issues. That s one day a week per employee. Depending on the size of the IT organization, this can amount to exorbitant costs. Securely stores, distributes and manages encryption keys throughout their lifecycle Allows for secure application design without increased costs or timelines The RSA Encryption and Key Management suite includes: RSA Key Manager with Application Encryption RSA Key Manager for the Datacenter Native tape SAN/Disk Fabric-based (Connectrix ) Database RSA BSAFE encryption RSA Key Manager for the Datacenter RSA Key Manager for the Datacenter is an easy-to-use, centrally administered enterprise key management system that can manage encryption keys for a variety of encryption solutions like native tape backup, disk storage and fabricbased encryption. It is designed to simplify the deployment and ongoing use of encryption throughout the enterprise. RSA Key Manager for the Datacenter also works well with application encryption technology from RSA, which provides encryption and key management to secure sensitive data at the application layer. This allows customers to maintain a single comprehensive enterprise key management strategy. RSA Key Manager is an enforcement mechanism that scales across multiple encryption technologies in the enterprise with support from RSA, EMC and third parties. It provides key vaulting to ensure that keys are not compromised and will be available when data needs to be decrypted for future use. In addition, RSA Key Manager has built-in clustering for disaster recovery and business continuity, ensuring that critical keys that provide access to encrypted data are not lost. 4

RSA Key Manager for the Datacenter scales across the enterprise with centralized key management for encryption on the host, SAN switch, file system, tape drive and database. EMC PowerPath encryption EMC Connectrix encryption Tape backup File encryption Database encryption Sharing of encrypted data between different applications is facilitated by establishing centralized policies for key lifecycle management. Security risks are reduced by ensuring that the management of encrypted data and the management of encryption keys are maintained as two separate functions within the organization. RSA Key Manager for the Datacenter Solutions RSA Key Manager for the Datacenter solutions consists of the RSA Key Manager Server (pre-configured hardware server or appliance) plus modules for: Native Tape enables integration with native tape library encryption an excellent way to secure tape drives while in transit PowerPath enables EMC PowerPath encryption with RSA a server-resident solution for protection of sensitive data at rest before it moves to a storage array. Connectrix SME enables EMC Connectrix Storage Media Encryption (SME) with RSA a SAN switch-based solution for encryption to tape or virtual tape to achieve regulatory compliance and physical protection of data on tape media. Oracle enables the Transparent Data Encryption feature in Oracle Advanced Security for Oracle Database 11g for protecting sensitive data in databases. RSA Key Manager Server appliance a hardware form factor, pre-configured for central management of encryption keys throughout the enterprise. Organizations can leverage the same appliances across multiple storage encryption solutions. RSA Key Manager with Application Encryption RSA Key Manager with Application Encryption helps achieve compliance with regulations related to PCI and personally identifiable information (PII) by quickly embedding the encryption of sensitive data into enterprise applications. It also helps prevent the loss of sensitive data at the point of creation, ensuring that data stays encrypted, even as it is transmitted and stored. With built-in integration with the RSA Key Manager Server (available in both software and hardware), it simplifies provisioning, distribution and management of keys and speeds up the deployment and administration of encryption-enabled applications. 5

Nearly one-third of consumers notified of a security breach terminate their relationship with the company. Ponemon Institute RSA Key Manager with Application Encryption is designed to address the needs of security teams and application owners. It has been used in many diverse, business-critical applications including point-of-sale, business intelligence, transaction processing and web applications to meet regulatory compliance and internal security policy requirements. RSA Key Manager with Application Encryption offers the following features: Easy to use interface that works within existing development infrastructure Use simple encrypt and decrypt calls to shorten the learning curve for developers since no in-depth encryption knowledge is required. Support for popular development languages and platforms such as C,.NET, Java, COBOL and CICS ensure quick integration into the workflow of existing development tools and infrastructure. Support for common cryptographic operations and FIPS certified Use industry standard algorithms such as Advanced Encryption Standards (AES), 3DES and HMAC either for strong encryption key generation or for operations such as MAC verify and cipher header integrity check. RSA Key Manager with Application Encryption is also FIPS-140 certified. Built-in integration with the RSA Key Manager Server Encryption keys can be automatically provisioned and distributed securely with the RSA Key Manager Server via mutually authenticated SSL, saving developers from the complex task of managing keys. Key caching support for uninterrupted operations A unique configurable key cache ensures that cryptographic operations can continue without interruption in the event of a connectivity failure. Comprehensive platform support Broad platform support across Linux, mainframe, UNIX and Windows simplifies the integration with existing applications. RSA BSAFE Encryption RSA BSAFE encryption provides the security functionality necessary to allow developers to meet the stringent FIPS 140 and Suite B requirements for offering products to U.S. government agencies. RSA s solutions are relied upon by the U.S. Department of Defense and many other government agencies because of their reputation for quality, reliability and adherence to FIPS 140 and Suite B cryptographic standards. Many leading companies including Adobe, Oracle, Hypercom, Skyworks, Sony and Nintendo rely on RSA BSAFE encryption to provide the foundational security functionality required by their respective software and device applications. RSA BSAFE encryption, privacy and signature solutions device developers are designed to help meet security requirements on the most constrained devices. 6

RSA BSAFE security tools for C/C++ software developers provide the secure foundation needed to support data privacy, network authentication and secure network communication in commercial software applications. RSA BSAFE security tools for Java extend the security capabilities of the Java platform and fully support Java security standards including Java Cryptography Extensions (JCE). RSA s Java tools also provide one of the first FIPS 140 validated JCE-compliant cryptography providers on the market. Designing applications using RSA BSAFE security software allows organizations to achieve a solid, secure application design without significantly increasing development times or costs. And unlike alternatives such as open source security software, RSA s technology is enhanced regularly to address the latest vulnerabilities and advancements in cryptographic technology and are built on open and proven industry standards, many of which have been developed and championed by RSA. RSA s solutions offer interoperability and ease of integration into existing software and device systems. About RSA s Data Security System Strategy The RSA Data Security System provides a comprehensive approach to securing data. The vision for the Data Security System is to enable centralized policy management that is business risk driven by discovering and classifying sensitive information, deploying appropriate enforcement controls (such as encryption), and reporting and auditing security events. The RSA Data Security System embraces a holistic approach that integrates security policy management, data discovery, data security enforcement and audit capabilities into a framework to enable complete data security. The cost of a sensitive data breach will increase 20 percent per year through 2009. Gartner Research 7

RSA is your trusted partner RSA, the Security Division of EMC, is the premier provider of security solutions for business acceleration, helping the world s leading organizations succeed by solving their most complex and sensitive security challenges. RSA s information-centric approach to security guards the integrity and confidentiality of information throughout its lifecycle no matter where it moves, who accesses it or how it is used. RSA offers industry-leading solutions in identity assurance & access control, data loss prevention, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.rsa.com and www.emc.com. 2008 RSA Security Inc. All Rights Reserved. RSA, RSA Security and the RSA logo are either registered trademarks or trademarks of RSA Security Inc. in the United States and/or other countries. EMC, PowerPath and Symmetrix are registered trademarks of EMC Corporation. Windows is a registered trademark of Microsoft Corporation. All other products and services mentioned are trademarks of their respective companies. RKMGRS SB 0109

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information