SlideShare ist ein Scribd-Unternehmen logo

Encryption and Key Management for Data Security in the Cloud

Khazret Sapenov
Khazret Sapenov
1 von 22
Brave New World – Encryption and the Cloud Ashvin Kamaraju – VP of Product Development www.Vormetric.com
Agenda Cloud Market Overview Security for the Cloud Encryption & Key Management Q&A 2
Cloud Market Overview
Data Centers Are Evolving Cloud Virtual Physical 4
Enterprises Are Moving to the Cloud
There Are Different Types of Public Clouds Fully functional applications provided such as SaaS CRM, ERP, email, Project Management, Software s a Travel Services, etc. Service PaaS Operating environments included such as Platform as a Service Windows/.NET, Linux/J2EE, applications of choice deployed Virtual Data Centers IaaS Infrastructure Virtual platform on which required operating Cloud Centers as a Service environment and application are deployed. Also includes storage as a service offerings Data Centers 6
Market Landscape Gartner September 2012 Public cloud services market is forecast to grow 19.6 percent in 2012 to $109 billion Business process as a service (BPaaS) represents 77 percent of the total market Infrastructure as a service (IaaS) is forecast to be $6.2 billion in 2012 and growing at a rate of 45.4 percent The total public cloud services market is forecast to grow to $206.6 billion in 2016 7
Security for the Cloud
Barriers to Cloud Adoption Performance Security
Cloud Adoption  Need for Data Security Data = Cash • Reputation, Compliance, Penalties Layers of Network Security Applied Today • Next Gen Firewalls, VPNs, IPS, SIEM, DAM/DAP, Move to Include Data Security • Encryption, Key and Policy Management
Security of cloud infrastructure - Survey Results What data types would you place in the cloud infrastructure environment? Regulated data (such as credit cards, health data, SSN, driver’s license number Employee data Non-regulated confidential business data (such as intellectual property, business plans, financial records) Non-regulated customer data (such as purchase history, email address list, shipping information) 0 10 20 30 40 50 60 70 80 Responses (%) Encrypted Not Encrypted Source: Ponemon Institute survey of 1000 U.S IT and Compliance practioners (600 IT; 400 Compliance) – November 2011 11 Copyright © 2011 Vormetric, Inc. - Proprietary and Confidential. All Rights Reserved.
Why does encryption make data secure in the cloud? Cloud is inherently multi-tenant All infrastructure i.e. compute and storage are shared among different customers (serially) In the event there is a physical theft at the service provider facilities unprotected data is left vulnerable In the event there is unauthorized access (malicious or inadvertent) unprotected data ends up in the wrong hands Sensitive data must be protected to meet regulatory requirements Payment Card Industry (PCI) Data Security Standard (DSS) HIPAA HITECH Safe Harbor Enable governance for hybrid clouds Seamlessly manage private and public clouds by complying with the corporate regulatory and security standards
Two Different Perspectives Cloud Service Provider • Want to provide assurances to their customers that the service is secure • This is a competitive differentiator Cloud Service Provider Customer • Some will trust that their data is being properly secured • Some will demand that they maintain complete control of their data
Encryption and Key Management
3 Components of Data Security in the Cloud Policy Management Key Management Encryption
Encryption, Policy and Key Management Policy and key management are extremely important aspects of encryption Keys are used to encrypt/decrypt data Policies, which are tied to business need, define how keys are distributed and authorized for use Enterprises typically have several encryption solutions and keys are not centrally managed Centralized policy and key management is essential to meet the business needs, governance and regulatory requirements
Centralized Key Management Benefits Central repository for secure storage of keys Key life cycle management (creation, deletion, expiry notification, reporting) Policies (define how keys will be used) Separation of duties Secure backup Compliance with standards such as FIPS 140-2 Manage encryption solutions using industry standards e.g. PKCS #11, KMIP
Centralized Key Management Key Management: As a service or On Premise? Approach Tradeoffs Custodianship Risk Cost Separation of Multi- duties Tenancy On-Premise solution High (can be Low Lines of Customer amortized across Yes (customized) business large deployment) Key Management Yes. But only if data is as a Service Depends on not managed by key Multiple Service Provider Low the SLA management service customers provider
Understanding Data Security with Software as a Service (SaaS) Doing your research: Data security due diligence Customer does not control how information is handled but can effect it The risk: data security threats Data exposure By SaaS provider By IaaS partner By customer through application controls SaaS touch points: SaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Solutions Data encryption used by SaaS providers to fulfill customer requirements Tokenization by on-premise network appliances (Cloud Gateways)
Understanding Data Security for Infrastructure as a Service (IaaS) Doing your research: data security due diligence Customer does not control how infrastructure security is handled Customer responsible for data security The risk: data security threats Data exposure By IaaS provider By customer through application controls IaaS touch points: IaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Encryption/Key Management for data protection Solutions Customer encrypts data; Customer is custodian of keys Customer encrypts data; Different service provider for key management
Summary Cloud computing is a pervasive trend with compelling economics Ensuring data security and privacy is necessary to embracing cloud computing Encryption protects data and makes it safer to migrate to cloud Policies, separation of duties and key management are the underpinnings of encryption Tradeoffs in risk, costs and compliance to regulations must be considered in choosing a solution
Thank you! www.Vormetric.com

Empfohlen

2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudIntel - API Security & Tokenization
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesWhitmeyerTuffin
 
NewStar NIMS Profile
NewStar NIMS ProfileNewStar NIMS Profile
NewStar NIMS ProfilePraveen_Annubhukta
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
Phoenix Claims Insurance Software Platform
Phoenix Claims Insurance Software PlatformPhoenix Claims Insurance Software Platform
Phoenix Claims Insurance Software Platformdavidhzsl
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1aalwayson
 

Empfohlen

2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity Roadmap2012-01 How to Secure a Cloud Identity Roadmap
2012-01 How to Secure a Cloud Identity RoadmapRaleigh ISSA
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudIntel - API Security & Tokenization
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesWhitmeyerTuffin
 
NewStar NIMS Profile
NewStar NIMS ProfileNewStar NIMS Profile
NewStar NIMS ProfilePraveen_Annubhukta
 
Overview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineOverview of Identity and Access Management Product Line
Overview of Identity and Access Management Product LineNovell
 
Secure Enterprise Cloud
Secure Enterprise CloudSecure Enterprise Cloud
Secure Enterprise CloudIndu Kodukula
 
Phoenix Claims Insurance Software Platform
Phoenix Claims Insurance Software PlatformPhoenix Claims Insurance Software Platform
Phoenix Claims Insurance Software Platformdavidhzsl
 
2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1a2p Mta Data Sheet V1.7 X1a
2p Mta Data Sheet V1.7 X1aalwayson
 
451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]ISS
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011IBM Sverige
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudHassan EL ALLOUSSI
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)Prof. Jacques Folon (Ph.D)
 
Benefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing SoftwareBenefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing SoftwareSteven M Richard
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Sira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsSira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsCary Sholer
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityJason Proctor
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtimeAFCOM
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Blue Turtle-Overview Introduction
Blue Turtle-Overview IntroductionBlue Turtle-Overview Introduction
Blue Turtle-Overview IntroductionAdetutu Adebukola
 
Protecting against modern ddos threats
Protecting against modern ddos threatsProtecting against modern ddos threats
Protecting against modern ddos threatsPedro Espinosa
 
FFI PPT
FFI PPT FFI PPT
FFI PPT Benedict Gnaniah
 
5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloudTyrone Systems
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 

Weitere ähnliche Inhalte

Was ist angesagt?

451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10stavvmc
 
Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]ISS
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureDarren Cunningham
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011Satish Hemachandran
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011IBM Sverige
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security PlaybookIntel IT Center
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudHassan EL ALLOUSSI
 
Benefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing SoftwareBenefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing SoftwareSteven M Richard
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Finalrjt01
 
Sira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsSira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsCary Sholer
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityJason Proctor
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtimeAFCOM
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACARamsés Gallego
 
Blue Turtle-Overview Introduction
Blue Turtle-Overview IntroductionBlue Turtle-Overview Introduction
Blue Turtle-Overview IntroductionAdetutu Adebukola
 
Protecting against modern ddos threats
Protecting against modern ddos threatsProtecting against modern ddos threats
Protecting against modern ddos threatsPedro Espinosa
 

Was ist angesagt? (20)

451 Research Client Event Nov 10
451 Research Client Event Nov 10451 Research Client Event Nov 10
451 Research Client Event Nov 10
 
Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]Software Plus Services Customer Deck[1]
Software Plus Services Customer Deck[1]
 
Building and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and InfrastructureBuilding and Managing Cloud Applications and Infrastructure
Building and Managing Cloud Applications and Infrastructure
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011SunGard Enterprise Cloud Services @ Cloud Connect 2011
SunGard Enterprise Cloud Services @ Cloud Connect 2011
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
En arkitektonisk vy av en ledande och dynamisk IT-säkerhetsportfölj - PCTY 2011
 
Intel SaaS Security Playbook
Intel SaaS Security PlaybookIntel SaaS Security Playbook
Intel SaaS Security Playbook
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloud
 
Identity Access Management (IAM)
Identity Access Management (IAM)Identity Access Management (IAM)
Identity Access Management (IAM)
 
Benefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing SoftwareBenefits and Functionality of Claims Processing Software
Benefits and Functionality of Claims Processing Software
 
Hdcs Overview Final
Hdcs Overview FinalHdcs Overview Final
Hdcs Overview Final
 
Sira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessmentsSira insights from cloud vendor risk assessments
Sira insights from cloud vendor risk assessments
 
Windstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud SecurityWindstream Hosted Solutions: Public Cloud Security
Windstream Hosted Solutions: Public Cloud Security
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtime
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACA
 
Blue Turtle-Overview Introduction
Blue Turtle-Overview IntroductionBlue Turtle-Overview Introduction
Blue Turtle-Overview Introduction
 
Protecting against modern ddos threats
Protecting against modern ddos threatsProtecting against modern ddos threats
Protecting against modern ddos threats
 
FFI PPT
FFI PPT FFI PPT
FFI PPT
 

Andere mochten auch

5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloudTyrone Systems
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud
 
Homomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalHomomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalSantanu Das Saan
 
Data encryption, Description, DES
Data encryption, Description, DESData encryption, Description, DES
Data encryption, Description, DESHuawei Technologies
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challengesDheeraj Negi
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing BasicsSagar Sane
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computingPrince Chandu
 
Seminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaSeminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaPrashant Gupta
 
DIstinguish between Parametric vs nonparametric test
DIstinguish between Parametric vs nonparametric test DIstinguish between Parametric vs nonparametric test
DIstinguish between Parametric vs nonparametric testsai prakash
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computingRkrishna Mishra
 

Andere mochten auch (12)

5 pillars of private cloud
5 pillars of private cloud5 pillars of private cloud
5 pillars of private cloud
 
CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101CipherCloud Webinar - Cloud Encryption & Tokenization 101
CipherCloud Webinar - Cloud Encryption & Tokenization 101
 
Homomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing finalHomomorphic encryption in cloud computing final
Homomorphic encryption in cloud computing final
 
Ppt 1
Ppt 1Ppt 1
Ppt 1
 
Data encryption, Description, DES
Data encryption, Description, DESData encryption, Description, DES
Data encryption, Description, DES
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Cloud computing Basics
Cloud computing BasicsCloud computing Basics
Cloud computing Basics
 
Data security in cloud computing
Data security in cloud computingData security in cloud computing
Data security in cloud computing
 
Seminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant GuptaSeminar on cloud computing by Prashant Gupta
Seminar on cloud computing by Prashant Gupta
 
DIstinguish between Parametric vs nonparametric test
DIstinguish between Parametric vs nonparametric test DIstinguish between Parametric vs nonparametric test
DIstinguish between Parametric vs nonparametric test
 
Introduction of Cloud computing
Introduction of Cloud computingIntroduction of Cloud computing
Introduction of Cloud computing
 

Ähnlich wie Encryption and Key Management for Data Security in the Cloud

How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityNovell
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAmazon Web Services
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2jeffirby
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudStanton Jones
 
Midlands Data Center | Saas Whitepaper
Midlands Data Center | Saas WhitepaperMidlands Data Center | Saas Whitepaper
Midlands Data Center | Saas WhitepaperTop10 SEO
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summaryBrandon Dunlap
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Amazon Web Services
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsIJERA Editor
 
Cloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon RefaeliCloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon Refaelirefaeli
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012gaborvodics
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloudAjay Rathi
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...EuroCloud
 
Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud Club Alliances
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Cyrus Sorab
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalMauricio Godoy
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsKannan Subbiah
 

Ähnlich wie Encryption and Key Management for Data Security in the Cloud (20)

How Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & SecurityHow Cloud Providers' Business Needs Drive Enterprise Identity & Security
How Cloud Providers' Business Needs Drive Enterprise Identity & Security
 
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
 
Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2Accelerated Saa S Exec Briefing V2
Accelerated Saa S Exec Briefing V2
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Perfect Storm: HR in the Cloud
Perfect Storm: HR in the CloudPerfect Storm: HR in the Cloud
Perfect Storm: HR in the Cloud
 
Midlands Data Center | Saas Whitepaper
Midlands Data Center | Saas WhitepaperMidlands Data Center | Saas Whitepaper
Midlands Data Center | Saas Whitepaper
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
 
Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012Security and Privacy in the AWS Cloud - AWS India Summit 2012
Security and Privacy in the AWS Cloud - AWS India Summit 2012
 
Cloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patternsCloud Computing: A study of cloud architecture and its patterns
Cloud Computing: A study of cloud architecture and its patterns
 
Practical Security for the Cloud
Practical Security for the CloudPractical Security for the Cloud
Practical Security for the Cloud
 
Cloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon RefaeliCloud Computing Security Needs & Problems Alon Refaeli
Cloud Computing Security Needs & Problems Alon Refaeli
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012Data Power For Pci Webinar Aug 2012
Data Power For Pci Webinar Aug 2012
 
security and compliance in the cloud
security and compliance in the cloudsecurity and compliance in the cloud
security and compliance in the cloud
 
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
Virgílio Vargas Presentations / CloudViews.Org - Cloud Computing Conference 2...
 
Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud Les DSI face au Tsunami Cloud
Les DSI face au Tsunami Cloud
 
Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...Unlocking the value of the cloud - The benefits of deploying asset and facili...
Unlocking the value of the cloud - The benefits of deploying asset and facili...
 
null Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Securitynull Bangalore meet - Cloud Computing and Security
null Bangalore meet - Cloud Computing and Security
 
Ibm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_finalIbm cloud forum managing heterogenousclouds_final
Ibm cloud forum managing heterogenousclouds_final
 
SaaS Challenges & Security Concerns
SaaS Challenges & Security ConcernsSaaS Challenges & Security Concerns
SaaS Challenges & Security Concerns
 

Mehr von Khazret Sapenov

V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012Khazret Sapenov
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudKhazret Sapenov
 
Up2012edit daniel chalef
Up2012edit daniel chalefUp2012edit daniel chalef
Up2012edit daniel chalefKhazret Sapenov
 
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbUp2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbKhazret Sapenov
 
Up 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalUp 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalKhazret Sapenov
 
Up 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalUp 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalKhazret Sapenov
 
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Khazret Sapenov
 
Transverse up cloud 2012 - final
Transverse up cloud 2012 - finalTransverse up cloud 2012 - final
Transverse up cloud 2012 - finalKhazret Sapenov
 
Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Khazret Sapenov
 
The elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudThe elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudKhazret Sapenov
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Khazret Sapenov
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Khazret Sapenov
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Khazret Sapenov
 
Memsql product overview_2013
Memsql product overview_2013Memsql product overview_2013
Memsql product overview_2013Khazret Sapenov
 
Managing application performance for cloud apps bmc
Managing application performance for cloud apps bmcManaging application performance for cloud apps bmc
Managing application performance for cloud apps bmcKhazret Sapenov
 
Glenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxGlenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxKhazret Sapenov
 
Future of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonFuture of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonKhazret Sapenov
 
Efrat ip up con 2012 presentation
Efrat ip up con 2012 presentationEfrat ip up con 2012 presentation
Efrat ip up con 2012 presentationKhazret Sapenov
 

Mehr von Khazret Sapenov (20)

V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012V mware evolutionary cloud 12 2012
V mware evolutionary cloud 12 2012
 
Virtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloudVirtual sharp cloud aware bc dr up 2012 cloud
Virtual sharp cloud aware bc dr up 2012 cloud
 
Up2012edit daniel chalef
Up2012edit daniel chalefUp2012edit daniel chalef
Up2012edit daniel chalef
 
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledbUp2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
Up2012 scaling my sql in the cloud by moshe shadmon, founder, cto scaledb
 
Up 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_finalUp 2012 smart cloud presentation_final
Up 2012 smart cloud presentation_final
 
Up 2012 wally mac dermid - final
Up 2012 wally mac dermid - finalUp 2012 wally mac dermid - final
Up 2012 wally mac dermid - final
 
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
Up 2012 dave jilk - multi-tenancy in paa s (distribution version)
 
Transverse up cloud 2012 - final
Transverse up cloud 2012 - finalTransverse up cloud 2012 - final
Transverse up cloud 2012 - final
 
Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...Transforming cloud infrastructure to support big data storage and workflows b...
Transforming cloud infrastructure to support big data storage and workflows b...
 
The elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloudThe elephantintheroom bigdataanalyticsinthecloud
The elephantintheroom bigdataanalyticsinthecloud
 
Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...Taking control of bring your own device byod with desktops as a service (daa ...
Taking control of bring your own device byod with desktops as a service (daa ...
 
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
Rethink cloud security to get ahead of the risk curve by kurt johnson, vice p...
 
Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...Regulatory compliant cloud computing rethinking web application architectures...
Regulatory compliant cloud computing rethinking web application architectures...
 
Memsql product overview_2013
Memsql product overview_2013Memsql product overview_2013
Memsql product overview_2013
 
Managing application performance for cloud apps bmc
Managing application performance for cloud apps bmcManaging application performance for cloud apps bmc
Managing application performance for cloud apps bmc
 
Making case up
Making case upMaking case up
Making case up
 
Green qloud up-con
Green qloud up-conGreen qloud up-con
Green qloud up-con
 
Glenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptxGlenn solomon up presso d 3.pptx
Glenn solomon up presso d 3.pptx
 
Future of cloud up presentation m_dawson
Future of cloud up presentation m_dawsonFuture of cloud up presentation m_dawson
Future of cloud up presentation m_dawson
 
Efrat ip up con 2012 presentation
Efrat ip up con 2012 presentationEfrat ip up con 2012 presentation
Efrat ip up con 2012 presentation
 

Encryption and Key Management for Data Security in the Cloud

  • 1. Brave New World – Encryption and the Cloud Ashvin Kamaraju – VP of Product Development www.Vormetric.com
  • 2. Agenda Cloud Market Overview Security for the Cloud Encryption & Key Management Q&A 2
  • 4. Data Centers Are Evolving Cloud Virtual Physical 4
  • 5. Enterprises Are Moving to the Cloud
  • 6. There Are Different Types of Public Clouds Fully functional applications provided such as SaaS CRM, ERP, email, Project Management, Software s a Travel Services, etc. Service PaaS Operating environments included such as Platform as a Service Windows/.NET, Linux/J2EE, applications of choice deployed Virtual Data Centers IaaS Infrastructure Virtual platform on which required operating Cloud Centers as a Service environment and application are deployed. Also includes storage as a service offerings Data Centers 6
  • 7. Market Landscape Gartner September 2012 Public cloud services market is forecast to grow 19.6 percent in 2012 to $109 billion Business process as a service (BPaaS) represents 77 percent of the total market Infrastructure as a service (IaaS) is forecast to be $6.2 billion in 2012 and growing at a rate of 45.4 percent The total public cloud services market is forecast to grow to $206.6 billion in 2016 7
  • 9. Barriers to Cloud Adoption Performance Security
  • 10. Cloud Adoption  Need for Data Security Data = Cash • Reputation, Compliance, Penalties Layers of Network Security Applied Today • Next Gen Firewalls, VPNs, IPS, SIEM, DAM/DAP, Move to Include Data Security • Encryption, Key and Policy Management
  • 11. Security of cloud infrastructure - Survey Results What data types would you place in the cloud infrastructure environment? Regulated data (such as credit cards, health data, SSN, driver’s license number Employee data Non-regulated confidential business data (such as intellectual property, business plans, financial records) Non-regulated customer data (such as purchase history, email address list, shipping information) 0 10 20 30 40 50 60 70 80 Responses (%) Encrypted Not Encrypted Source: Ponemon Institute survey of 1000 U.S IT and Compliance practioners (600 IT; 400 Compliance) – November 2011 11 Copyright © 2011 Vormetric, Inc. - Proprietary and Confidential. All Rights Reserved.
  • 12. Why does encryption make data secure in the cloud? Cloud is inherently multi-tenant All infrastructure i.e. compute and storage are shared among different customers (serially) In the event there is a physical theft at the service provider facilities unprotected data is left vulnerable In the event there is unauthorized access (malicious or inadvertent) unprotected data ends up in the wrong hands Sensitive data must be protected to meet regulatory requirements Payment Card Industry (PCI) Data Security Standard (DSS) HIPAA HITECH Safe Harbor Enable governance for hybrid clouds Seamlessly manage private and public clouds by complying with the corporate regulatory and security standards
  • 13. Two Different Perspectives Cloud Service Provider • Want to provide assurances to their customers that the service is secure • This is a competitive differentiator Cloud Service Provider Customer • Some will trust that their data is being properly secured • Some will demand that they maintain complete control of their data
  • 14. Encryption and Key Management
  • 15. 3 Components of Data Security in the Cloud Policy Management Key Management Encryption
  • 16. Encryption, Policy and Key Management Policy and key management are extremely important aspects of encryption Keys are used to encrypt/decrypt data Policies, which are tied to business need, define how keys are distributed and authorized for use Enterprises typically have several encryption solutions and keys are not centrally managed Centralized policy and key management is essential to meet the business needs, governance and regulatory requirements
  • 17. Centralized Key Management Benefits Central repository for secure storage of keys Key life cycle management (creation, deletion, expiry notification, reporting) Policies (define how keys will be used) Separation of duties Secure backup Compliance with standards such as FIPS 140-2 Manage encryption solutions using industry standards e.g. PKCS #11, KMIP
  • 18. Centralized Key Management Key Management: As a service or On Premise? Approach Tradeoffs Custodianship Risk Cost Separation of Multi- duties Tenancy On-Premise solution High (can be Low Lines of Customer amortized across Yes (customized) business large deployment) Key Management Yes. But only if data is as a Service Depends on not managed by key Multiple Service Provider Low the SLA management service customers provider
  • 19. Understanding Data Security with Software as a Service (SaaS) Doing your research: Data security due diligence Customer does not control how information is handled but can effect it The risk: data security threats Data exposure By SaaS provider By IaaS partner By customer through application controls SaaS touch points: SaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Solutions Data encryption used by SaaS providers to fulfill customer requirements Tokenization by on-premise network appliances (Cloud Gateways)
  • 20. Understanding Data Security for Infrastructure as a Service (IaaS) Doing your research: data security due diligence Customer does not control how infrastructure security is handled Customer responsible for data security The risk: data security threats Data exposure By IaaS provider By customer through application controls IaaS touch points: IaaS controls that customer can effect Data handling and protection agreements in contractual negotiations Security administration for access controls Encryption/Key Management for data protection Solutions Customer encrypts data; Customer is custodian of keys Customer encrypts data; Different service provider for key management
  • 21. Summary Cloud computing is a pervasive trend with compelling economics Ensuring data security and privacy is necessary to embracing cloud computing Encryption protects data and makes it safer to migrate to cloud Policies, separation of duties and key management are the underpinnings of encryption Tradeoffs in risk, costs and compliance to regulations must be considered in choosing a solution