Encrypt Your Cloud. Davi Ottenheimer flyingpenguin. Session Classification: Advanced

Similar documents
Securing the Cloud - Using Encryption and Key Management to Solve Today's Cloud Security Challenges

Key Management Issues in the Cloud Infrastructure

Key Management Best Practices

Applying Cryptography as a Service to Mobile Applications

Key Management Interoperability Protocol (KMIP)

Cryptographic Key Management

Crittografia e Enterprise Key Management una sfida possibile da affrontare

Top 10 encryption myths

CRYPTOGRAPHY AS A SERVICE

Key Management Interoperability Protocol (KMIP)

Alliance Key Manager Solution Brief

Volume 3, Issue 2, February 2015 International Journal of Advance Research in Computer Science and Management Studies

This Working Paper provides an introduction to the web services security standards.

National Security Agency Perspective on Key Management

Assessing Risks in the Cloud

SECURITY MODELS FOR CLOUD Kurtis E. Minder, CISSP

Securing Data on Microsoft SQL Server 2012

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

EMC DATA DOMAIN ENCRYPTION A Detailed Review

MS-55096: Securing Data on Microsoft SQL Server 2012

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Lightweight Security using Identity-Based Encryption Guido Appenzeller

September 2009 Cloud Storage for Cloud Computing

Network Security Essentials Chapter 5

WebSphere DataPower Release FIPS and NIST SP a support.

NIST Big Data Public Working Group

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai Siemens AG 2001, ICN M NT

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Authentication requirement Authentication function MAC Hash function Security of

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

PLATFORM ENCRYPTlON ARCHlTECTURE. How to protect sensitive data without locking up business functionality.

Cloud Security Framework (CSF): Gap Analysis & Roadmap

Securing The Cloud. Russ Fellows, Managing Partner - Evaluator Group Inc.

National Cybersecurity Challenges and NIST. Donna F. Dodson Chief Cybersecurity Advisor ITL Associate Director for Cybersecurity

The Archival Upheaval Petabyte Pandemonium Developing Your Game Plan Fred Moore President

Data Protection: From PKI to Virtualization & Cloud

Securing Data at Rest: Database Encryption Solution using Empress Embedded Database

MySQL Security: Best Practices

CloudBerry Dedup Server

Secure Socket Layer/ Transport Layer Security (SSL/TLS)

UNDERSTANDING PKI: CONCEPTS, STANDARDS, AND DEPLOYMENT CONSIDERATIONS, 2ND EDITION

Network Security Protocols

Monitoring Data Integrity while using TPA in Cloud Environment

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

Communication Security for Applications

Securing Your Sensitive Data with EKM & TDE. on SQL Server 2008/2012

Top 10 Cloud Risks That Will Keep You Awake at Night

6 Cloud computing overview

Lecture 9: Application of Cryptography

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Can We Reconstruct How Identity is Managed on the Internet?

Cryptography and Key Management Basics

CompTIA Cloud+ 9318; 5 Days, Instructor-led

OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES

Chapter 10. Network Security

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

CompTIA Cloud+ Course Content. Length: 5 Days. Who Should Attend:

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

05.0 Application Development

Healthcare Compliance Solutions

CyberSource Payment Security. with PCI DSS Tokenization Guidelines

Managing and Securing Computer Networks. Guy Leduc. Chapter 4: Securing TCP. connections. connections. Chapter goals: security in practice:

Auditing Data Access Without Bringing Your Database To Its Knees

FileCloud Security FAQ

An Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation

Cloud Security Framework (CSF): Gap Analysis & Roadmap

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Secure Cross Border File Protection & Sharing for Enterprise Product Brief CRYPTOMILL INC

Benefits of Cloud Backup and Recovery (BUR)

Introduction to Key Management Services Managing keys in the data center

Information Security

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

<Insert Picture Here> Oracle Security Developer Tools (OSDT) August 2008

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Kerberos-Based Authentication for OpenStack Cloud Infrastructure as a Service

Making Data Security The Foundation Of Your Virtualization Infrastructure

Restoration Technologies. Mike Fishman / EMC Corp.

Chapter 7: Network security

Cloud Computing ISO Security and Privacy Standards: 27017, 27018, Mike Edwards (Chair UK Cloud Standards Committee)

CIT 668: System Architecture

Networking. Cloud and Virtual. Data Storage. Greg Schulz. Your journey. effective information services. to efficient and.

CSCE 465 Computer & Network Security

SecureDoc Disk Encryption Cryptographic Engine

Cloud Computing Standards: Overview and ITU-T positioning

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Transcription:

Encrypt Your Cloud Davi Ottenheimer flyingpenguin Session ID: DAS-210 Session Classification: Advanced

AGENDA Introduction Cryptography Keys in Clouds Examples

Introduction 3

FLYINGPENGUIN flying \fly"ing\, a. [From fly, v. i.] moving with, or as with, wings; moving lightly or rapidly; intended for rapid movement penguin \pen"guin\, n. short-legged flightless birds of cold southern especially Antarctic regions having webbed feet and wings modified for water 4

Cloud The web s household names got where they are today by mining the information that their users generate and turning it into business advantage. The Harsh Light of Data Presentation, O Reilly Strata Jumpstart 2011 conference The top issue overall was a perceived lack of security and service level agreements (SLAs), with 45% of respondents referring to it. http://www.interxion.com/cloud-insight/index.html 5

Cloud Software Platform 6

Cloud Access Monitor Segment Store Delete 7

Cloud 8

CIOs Worry About Outsourced Responsibilities Due-diligence Reasonable Photo 2012 Davi Ottenheimer 9

CIOs Need Cloud Security Controls Want Need 1 Data Deletion Secure Wipe (Key Deletion) 2 Boundary Definition Segmentation (Encryption) 3 Data Access (Apps) Input Validation 4 Access Monitoring Log Management 5 Data Storage Encryption (Key Management) "Key management is the hardest part of cryptography and often the Achilles' heel of an otherwise secure system." Bruce Schneier, Preface to Applied Cryptography, Second Edition 10

Crypto Terminology Encryption: reversible operation, cryptographically turns input into illegible cipher text Hashing: non-reversible operation, cryptographically transforms input to illegible message Tokenization: reversible operation, substitutes input with data that has no inherent value Key management: life-cycle of a secret including creation, distribution, use and deletion 11

Crypto Considerations Encryption: reversible operation, cryptographically turns input into illegible cipher text Hashing: non-reversible operation, cryptographically transforms input to illegible message Tokenization: reversible operation, substitutes input with data that has no inherent value Key management: life-cycle of a secret including creation, distribution, use and deletion 12

Cryptography in Clouds 13

Crypto Considerations Human/Social element People Process Policy Location element Border restrictions Standards (U.S. NIST) SP 800-57 SP 800-131A SP 800-130 Create Store Distribute Use Archive Destroy 14

Crypto Considerations Diffie-Hellman key exchange Alice a, g, p Bob b g a mod p = A B a mod p = S g, p, A B g b mod p = B A b mod p = S 15

Cloud Crypto Considerations Human/Social element People Process Policy Location element Border restrictions Standards (U.S. NIST) SP 800-57 SP 800-131A SP 800-130 Architecture Trusted Service Provider Interoperability Who has your keys? Large / Global Presence 16

Cloud Crypto Considerations Portable device technology (MA 201 CMR 17) Multi-tenant Open interfaces Consumer Management Partner Development / Application Multi-jurisdiction Who/when Where 17

Encryption as a Service Key management Generation Protection (key encryption key) Expiration and Rotation Deletion Key architecture Management integration Interoperability Meta-data Standards: ANSI X9.24 ISO 11568 ISO 11770 NIST SP 800-57 IETF Keyprov IEEE P1619.3 W3C XKMS OASIS EKMI OASIS KMIP 18

Encryption as a Service Key Management Interoperability Protocol (KMIP) Enterprise Key Manager Response Header Symmetric Key Unique ID Key Value Request Header Locate Name Get ID Placeholder Name: Davi Ottenheimer Government ID: 123456 Birthdate: October 9, 2012 ASDF#RGASVAWVA SASDFASTQWQV$# QWFASDFQWQWSF Encrypted Data Unencrypted Data http://xml.coverpages.org/kmip/kmip-whitepaper.pdf 19

Encryption as a Service Enterprise Key Management Infrastructure (EKMI) https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=ekmi 20

Examples 21

Example #1 Generation Distribution Encryption Key Rotation Templates Snapshots Offline Key Persistence Templates Snapshots Reboot SAN Backup Archive 22

Example #2 1. Encrypt Data 2. Manage Data? Analysis Reports Compression De-duplication DeDup Encrypt Store Zip 23

Example #3 Segmentation Default Sensitive un-regulated (e.g. non- material ) Sensitive regulated (e.g. PII, CCN, material ) Data Level 3 Clear Treatment 2 Token or Encrypted 1 Token, Hashed or Encrypted 24

Example #3: Token SSN Name Encrypted DB Token Name Key App Marketing DB 3 4 5 SSN Token Token Web App Private Environment SSN 2 Name 1 25

Example #3: Encryption File Key App 8 Key Crypto App File 10 Token Data Analysis DB Token 9 2 PII 3 Token Data 7 Web App Private Environment 4 Token 6 Data PII 1 5 Token Data 26

Apply Next 3 months Classify data for segmentation Setup key management policy and procedures Select standards for interoperability Next 6 months Configure apps for key and crypto management Select a key app and crypto app solution Plan and initiate a project to protect data in cloud 27

Encrypt Your Cloud Davi Ottenheimer flyingpenguin Session ID: DAS-210 Session Classification: Advanced

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information