Top 10 Encryption Myths



Similar documents
Top 10 encryption myths

Top 10 Reasons You Need Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Top 10 encryption benefits

IOS110. Virtualization 5/27/2014 1

Simplifying Storage Operations By David Strom (published 3.15 by VMware) Introduction

Securing the Cloud - Using Encryption and Key Management to Solve Today's Cloud Security Challenges

CA Cloud Overview Benefits of the Hyper-V Cloud

Virtualization Changes Everything. WOC 2.0: The Era of Virtual WAN Optimization Controllers

Hyper-V R2: What's New?

HRG Assessment: Stratus everrun Enterprise

Evaluation of Multi-Hypervisor Management with HotLink SuperVISOR

RED HAT ENTERPRISE VIRTUALIZATION

Enterprise Storage Solution for Hyper-V Private Cloud and VDI Deployments using Sanbolic s Melio Cloud Software Suite April 2011

Virtualization: What does it mean for SAS? Karl Fisher and Clarke Thacher, SAS Institute Inc., Cary, NC

Breaking the Storage Array Lifecycle with Cloud Storage

HP Data Protector software Zero Downtime Backup and Instant Recovery. Data sheet

MaxDeploy Ready. Hyper- Converged Virtualization Solution. With SanDisk Fusion iomemory products

Getting More Performance and Efficiency in the Application Delivery Network

On Demand Satellite Image Processing

This presentation covers virtual application shared services supplied with IBM Workload Deployer version 3.1.

Alliance Key Manager Solution Brief

Virtualization Technologies and Blackboard: The Future of Blackboard Software on Multi-Core Technologies

Developing a dynamic, real-time IT infrastructure with Red Hat integrated virtualization

AVLOR SERVER CLOUD RECOVERY

2) Xen Hypervisor 3) UEC

Alliance Key Manager Cloud HSM Frequently Asked Questions

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Unitrends Virtual Backup Installation Guide Version 8.0

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Zadara Storage Cloud A

HP Data Protector software. Assuring Business Continuity in Virtualised Environments

Making Data Security The Foundation Of Your Virtualization Infrastructure

BridgeWays Management Pack for VMware ESX

Data Centers and Cloud Computing

SolarWinds Virtualization Manager

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

Introduction 1 Performance on Hosted Server 1. Benchmarks 2. System Requirements 7 Load Balancing 7

Cloud Server. Parallels. Key Features and Benefits. White Paper.

Data Protection Appliance

SimpliVity OmniStack with the HyTrust Platform

Learn the essentials of virtualization security

Enabling Technologies for Distributed and Cloud Computing

Virtualization of the MS Exchange Server Environment

StACC: St Andrews Cloud Computing Co laboratory. A Performance Comparison of Clouds. Amazon EC2 and Ubuntu Enterprise Cloud

Deployment Options for Microsoft Hyper-V Server

NETAPP WHITE PAPER USING A NETWORK APPLIANCE SAN WITH VMWARE INFRASTRUCTURE 3 TO FACILITATE SERVER AND STORAGE CONSOLIDATION

How To Create A Cloud Based System For Aaas (Networking)

BDR TM V3.0 DEPLOYMENT AND FEATURES

Top 5 reasons to virtualize Exchange

Comparing Free Virtualization Products

Welcome to the IBM Education Assistant module for Tivoli Storage Manager version 6.2 Hyper-V backups. hyper_v_backups.ppt.

Building Blocks of the Private Cloud

Best Practices for Optimizing Your Linux VPS and Cloud Server Infrastructure

Moving Virtual Storage to the Cloud

Lecture 2 Cloud Computing & Virtualization. Cloud Application Development (SE808, School of Software, Sun Yat-Sen University) Yabo (Arber) Xu

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

Simplified Private Cloud Management

How Customers Are Cutting Costs and Building Value with Microsoft Virtualization

SAS Data Set Encryption Options

Moving Virtual Storage to the Cloud. Guidelines for Hosters Who Want to Enhance Their Cloud Offerings with Cloud Storage

PHD Virtual Backup for Hyper-V

Technology Insight Series

Control your corner of the cloud.

Virtualization. Dr. Yingwu Zhu

Red Hat Satellite Management and automation of your Red Hat Enterprise Linux environment

Red Hat Network Satellite Management and automation of your Red Hat Enterprise Linux environment

Operating Systems Virtualization mechanisms


Citrix XenServer Backups with Xen & Now by SEP

Windows Server 2008 R2 Hyper-V Live Migration

Step by Step Guide To vstorage Backup Server (Proxy) Sizing

Cloud Sure - Virtual Machines

SolarWinds Virtualization Manager

Full and Para Virtualization

Citrix XenDesktop Backups with Xen & Now by SEP

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Monitoring Databases on VMware

Intro to Virtualization

Citrix XenServer Backups with Xen & Now by SEP

VMware ESXi in a Cloud-based Lab David Davis, VCP, VCAP, and vexpert

SafeNet DataSecure vs. Native Oracle Encryption

I/O Virtualization Using Mellanox InfiniBand And Channel I/O Virtualization (CIOV) Technology

SQL Server Virtualization

Security & Cloud Services IAN KAYNE

Learn the Essentials of Virtualization Security

Drobo How-To Guide. Cloud Storage Using Amazon Storage Gateway with Drobo iscsi SAN

An introduction to Hosted SQL database applications

Mark Bennett. Search and the Virtual Machine

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

Achieving a High-Performance Virtual Network Infrastructure with PLUMgrid IO Visor & Mellanox ConnectX -3 Pro

Hosted SharePoint. OneDrive for Business. OneDrive for Business with Hosted SharePoint. Secure UK Cloud Document Management from Your Office Anywhere

Rethinking Backup in a Virtualized World

SharePoint Unlimited... or how to deal with the explosive growth of unstructured data in SharePoint in a secure and transparent manner.

Enabling Technologies for Distributed Computing

Introduction. Setup of Exchange in a VM. VMware Infrastructure

Rally Installation Guide

Top 5 Reasons to choose Microsoft Windows Server 2008 R2 SP1 Hyper-V over VMware vsphere 5

Service-Oriented Cloud Automation. White Paper

Transcription:

Top 10 Encryption Myths Executive Summary When you talk about encryption especially to someone who isn t a security specialist you often get a variety of interpretations. In general, encryption is most often perceived as some dark alchemy only used by government agencies with three- letter acronyms a complex, scary beast that can only be tamed by brilliant mathematicians. More commercial applications like SSL have come a long way in helping to modernize this perception, but we still have a way to go. As with any technology, poor implementation can result in poor perception, and encryption has definitely suffered from this in the past. In reality, if deployed correctly, encryption does not need to be a headache. Instead, encryption can be an enabler to achieve the flexibility, compliance and data privacy that is required in today s business environments. In a world that s increasingly built around virtualization and cloud, the need for encryption is even more important, and the need for organizations to retain control over data, particularly in cloud environments, is paramount. In this paper, we explore 10 of the common myths around encryption and show you how HyTrust DataControl uniquely removes the barriers to adopting an encryption solution. 1. Encryption Will Degrade My System Performance It is true that encryption has a cost, but there are many factors that affect total system performance. This is why most servers are not run at capacity to ensure that spikes in activity don t cripple the applications that run on them. In fact, applications such as databases and all the major operating systems have been tuned for decades to provide optimal performance by minimizing the amount of time spent going to disk. As long as encryption is implemented correctly, the overhead can be minimal. Most hardware is now built to help specifically with encryption processing. Most mid and high-end Intel and AMD processors on the market today support AES- NI (AES New Instructions), running AES encryption in hardware to improve performance 8-10 times over encryption done in software. Fortunately the presence of AES- NI has now become the norm in x86 style processors. This also has the added benefit of offloading encryption away from the general CPU processing, freeing up even more Cloud Under Control hytrust.com 650.681.8100 844.681.8100

CPU capability for applications. Even if AES- NI is not present, as we continue to deploy virtualization on systems with ever- faster commodity processors, the cost of extra CPU, especially in the cloud, is minor and can easily and cost- effectively improve encryption performance. At HyTrust, not only do we automatically detect and use AES- NI for encryption at hardware speeds, we also optimize encryption by performing that processing at precisely the place where the system s normal I/O and memory operations are already happening. In our experience, encryption overhead is minimal and often undetectable because of these benefits. Other throughput constraints in the network or non- optimal storage system configuration are most often the cause of any delays. These are where external bottlenecks typically appear and are not as a result of encryption overhead. This is especially true in virtualized environments. 2. Encryption Terminology Is Too Hard To Understand AES, Blowfish, Symmetric key, 3DES, NIST key states, KMIP... there are a lot of buzzwords around encryption and key management. The mathematics around encryption algorithms are difficult to understand, not to mention learning attack vectors like man in the middle, spoofing, and many others. Poor encryption solutions can leave you exposed if they require your staff to understand too many mechanics. Wouldn t it be nice if you could make simple choices such as: I want these new VMs encrypted and at the end of the year, I don t want them to run anymore. I want to encrypt my data in Amazon, Savvis and Rackspace. I want to be able to decommission them securely when I choose. With HyTrust, you can make these choices. We ve engineered HyTrust DataControl to defend against the various types of attacks, so you can be confident your data is safe. And there s no need to be a key management guru. You never see any encryption keys and the only choices you need to make are simple policy decisions on what you want encrypted and when you want the keys to expire. We only support AES, the strong encryption algorithm recommended by NIST. 3. Managing All Those Encryption Keys Is A Nightmare There are many encryption solutions in use today and many of them simply do not address key management effectively. Using password protection for a key that encrypts data on a mobile device, notebook or desktop is fine. However, this does not scale well when dealing with tens, hundreds or thousands of encrypted devices. It is also not a good solution when one or two administrators are the only people who have access to the passwords or the keys. What happens if they leave the company? Do you know where all your keys are? Can you get them back? Cloud Under Control hytrust.com 650.681.8100 844.681.8100 2

To summarize the problem as seen by many, cryptography export Bruce Schneier wrote in the preface to his book Practical Cryptography : Key management is the hardest part of cryptography and often the Achilles heel of an otherwise secure system. At HyTrust, we layered the system so that you never have to deal with encryption keys, yet we ensure they are kept safe and secure. All you need to do is make sure your KeyControl server is occasionally backed up, just like you would any other data. And, HyTrust KeyControl functions as a virtual appliance deployable as a highly- available, active- active cluster, the gold standard of high- availability. Failure of any physical host or key server will not result in loss of access to keys. 4. It s Easy To Lose My Encryption Keys With encryption, if you lose your encryption keys, you lose access to your data. It is also very important that no single person has control of the keys, both for security reasons, as well as because simple human error can result in a very painful situation. As Robert Hanlon said Never attribute to malice that which can be adequately explained by incompetence. This is why a layered, highly- available key management system is so critical. HyTrust KeyControl was built by the same team that brought you the VERITAS filesystem and volume manager and have been building encryption and key management solutions for many years. High availability and zero downtime is in our genes. With our highly- available key management cluster, you can have any number of key servers in any physical location. Our key server backup images are encrypted, and we even provide you with a simple policy option should you want to ensure no single administrator can restore from backup. Further, if you have encrypted VMs in Amazon, Savvis, or another provider and your keys are stored in your data center, there is no way that the provider can gain access to the keys. 5. Encryption Is Hard To Deploy One of the most successful and widely used deployments of encryption is SSL. We all use SSL on a daily basis as we shop on the web, access on- line banking and other sites where sensitive data resides. We don t typically hear complaints about the complexity of web access or poor performance. We need our credit card data protected and the networks have been built to accommodate this. At HyTrust, we strive to make the deployment of encryption as simple as possible. Do you have some VMs you want to encrypt? If so, first install HyTrust KeyControl. Point your browser there and just use Cloud Under Control hytrust.com 650.681.8100 844.681.8100 3

the default policy or customize with your own policy choices. It only takes minutes. Next install the HyTrust DataControl module on any VM you wish to protect. You can now run that VM in any private data center or public cloud. Your data automatically becomes encrypted. It s that simple. 6. Encryption Only Secures the Application We often hear concerns about securing the snapshot and suspend files that are supported by virtualization platforms, because any data that is in the VM s memory is available to VM administrators in clear- text by simply snapshotting the VM. With HyTrust, you can selectively encrypt all or part of the VM, without making any changes to the VM or applications. And, we work with all the major hypervisor vendors. Imagine a situation where a PCI auditor demands that you encrypt the snapshot and suspend files. For this we have HyTrust DataControl Virtual Storage Edition. It s acts like a proxy between your storage and the hypervisor. It will encrypt snapshots, suspend files, and other VM image files on the fly and all under the same HyTrust KeyControl policy. 7. Rotating Encryption Keys Means Application Downtime Key rotation is one of the biggest problems with traditional encryption systems today. Many regulations require periodic key rotation or that you rotate keys if administrators leave the organization. Security best practices also often mandate key rotation. To rotate keys, you need to decrypt the data with key A and then re- encrypt the data with key B. Key A will then no longer be used. Vendors who do support key rotation require that you take your applications offline to rekey. With databases reaching the hundreds of gigabytes or even terabytes, this process can take many hours, if not days. HyTrust DataControl is the only encryption solution that performs key rotation while your applications are still running. When you set your policy, you simply state how frequently you want key rotation to take place. Key rotation starts automatically and when it finishes, a completion message is generated. It is hands free and is done with no application downtime. It s that simple. 8. Enterprise- Grade Encryption Is Expensive Basic open- source encryption software like TrueCrypt have downloads in the tens of millions, which certainly speaks to the need for encryption solutions. Enterprise- grade solutions traditionally require hardware- based key management systems, which can cost you tens of thousands of dollars before you secure your first server. As you add servers, costs can skyrocket. As organizations move to virtualization and the cloud to get better scalability and cost savings, they don t want to break the bank just to ensure this data is secure. Cloud Under Control hytrust.com 650.681.8100 844.681.8100 4

HyTrust changes this model. We let you implement enterprise- grade security with ease, and we let you get started for free. Simply visit HyTrust.com and download fully- featured trial software. HyTrust DataControl is priced on an annual subscription basis where you pay per/vm. So download, spend a few minutes on installation and get started! 9. Encryption in the Cloud isn t Secure If your Cloud Service Provider is encrypting your data, but they also hold the encryption keys, does that protect you? Having sensitive data encrypted in the public cloud is certainly better than no encryption at all, but many organizations want to hold the keys themselves. Would you give the keys to your house to someone you didn t know? HyTrust DataControl has a range of options, depending on your security requirements. You encrypt your data in the private, hybrid or public cloud and maintain your own key server. And at all times, you stay in control. Decommissioning from the cloud or switching providers is simple: click a button and you can ensure that any data left behind is fully encrypted and will never be accessible. 10. Encryption Solutions Don t Work Across All Platforms Most organizations use hardware and operating systems from multiple vendors. Encryption vendors have typically faced challenges supporting this myriad of platforms. This is even more true for virtualized environments, especially if your organization leverages public cloud, where you have limited control over infrastructure. Because of its architecture, HyTrust DataControl supports the dominant virtualization platforms. We support all hypervisor platforms (VMware, Xen, KVM, Hyper- V) and support encryption within the guest operating system (Windows and Linux) or at the storage layer, offering consistent security and key management as you make the move from private to hybrid to public cloud. Summary Good security practice shouldn t happen just because someone tells you to. With a rock solid, enterprise- grade encryption and key management system, security can become an enabler. You can virtualize your mission critical applications. You can move to the public cloud. If you d like to learn more about encryption, we recommend you start by visiting www.hytrust.com. Cloud Under Control hytrust.com 650.681.8100 844.681.8100 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information