Secure Data Sharing in OpenShift Environments

2. About the presenters Tim brings more than 25 years of successful public and private experience in the high-tech industry filling key operational roles within product line business units and venture capital funded companies through all stages of growth. During his time at Zettaset, the company has successfully grown its software-defined encryption portfolio to provide a comprehensive data protection solution across all physical, virtual and cloud environments. Prior to joining Zettaset, Tim took on a variety of roles at companies including Trapeze Networks,, Nicira, netVmg, and WorldxChange. He has a BS in Accounting from the University of Southern California and currently resides in the San Francisco Bay Area. Maksim has over 20 years of experience delivering and managing enterprise encryption and database software across all the major high tech industries. During his tenure at Zettaset, he has been responsible for the engineering team that delivered the entire XCrypt product portfolio. He has also filed patents related to distributed and high-performance encryption. Prior to Zettaset, Maksim worked at Ingrian Networks and held various roles related to distributed database systems at Siemens Medical Solutions, Ross Stores and Adobe Systems. Tim Reilly – CEO Maksim Yankovskiy – VP Engineering

3. © 2020 Zettaset, Inc. | Proprietary and Confidential The eternal pursuit to protect treasure • Built in 1078 by William the Conqueror • Country Mint for 500 years • Second wall added in 1350 • $32 billion worth of treasure • Star of Africa diamond • Imperial Crown • 2,868 diamonds • 273 pearls • 28 sapphires/emeralds • Considered impenetrable, but… • 1671 – Captain Blood • 2012 – Intruder breaks in/steals keys • 2019 – Intruder walking the grounds

4. The new highly coveted treasure….data 0 20 40 60 80 100 120 140 160 180 200 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 Size of global datasphere Zettabytes  Sensitive data is generated, disbursed, and stored everywhere • Sensors and devices • Social media • VoIP • Enterprise data  More data sources means more attack vectors IDC & Seagate Data Age 2025 – www.Seagate.com/gb/en/our-story/data-age-2025/ Data Age 2025, sponsored by Seagate with data from IDC Global DataSphere, Nov 2018 175 Zettabytes

5. Digital transformation is driving data growth 49% of all worldwide data will reside in public cloud environments by 2025. 30% of the world’s data will need real-time processing by 2025 as the role of the edge continues to grow. 90% of data has been created in the last two years due to explosion in IoT devices. © 2020 Zettaset, Inc. | Proprietary and Confidential

6. The speed of digital transformation is putting sensitive data at risk  Digital transformation creates new cyberattack vectors  Aggressive, fast-paced digital transformation has the highest rates of breaches 2019 Thales Data Threat Report Speed of digital transformation 8% 15% 22% 27% 28% Percentriskofdatabreach Risk to data increases as digital transformation accelerates BASIC AD-HOC NEAR-TERM AGILE VISION AGRESSIVE © 2020 Zettaset, Inc. | Proprietary and Confidential

7. Trust is earned through data protection “The services don’t trust the validity of the data provided by other services; nor do they trust their sister services to properly protect any data they themselves share. “At the end of the day, information sharing has a currency: trust” - Gen. Charles Brown, USAF Chief of Staff

8. How do we overcome? TRUST & RISK • Citizen care and protection • State security • Enhanced customer experience • Smart and connected cities • Profitability through asset optimization • AI/ML value extraction for decision making Control the environment within which the data can be operated on Value and benefits touch all sectors © 2020 Zettaset, Inc. | Proprietary and Confidential

9. Experts agree on the best ways to protect data TOP THREE Data protection methods universally recommended by security experts Encrypt data throughout the process of collection, viewing, and manipulation – preferably at the source. 1 2 3 Store keys in different location from the data. Encrypt any sensitive data that is stored or "at rest“. Log all access and manipulation of data. © 2020 Zettaset, Inc. | Proprietary and Confidential

10. Encryption is a critical solution to the problem 33% or less of respondents are using encryption within digital transformation technologies 92% of respondents will use sensitive data with digital transformation technologies Transformative technologies Cloud IoT Big data Containers © 2020 Zettaset, Inc. | Proprietary and Confidential

11. Engineer with security in mind 1. Security as an afterthought is bad idea! 2. Identify primary drives for your security initiatives 3. Balance security and regulatory compliance 4. Identifying security solutions 5. Secrets and passwords protect processes, not data “Zettaset delivers on the promise of container data security in the same way that Red Hat OpenShift delivers the stable, consistent, and supported base that organizations need to get applications out the door.” - Tim Reilly, CEO Zettaset

12. Challenges with securing data in the cloud & containers 58% of respondents transfer sensitive data to the cloud whether-or-not it is encrypted3 55% of respondents said encryption is a key driver for increased adoption of containers2 1 Red Hat Security Report 2019 2 2019 Thales Data Threat Report 3 Ponemon 2020 Global Encryption Trend Study Migrating from legacy in-house deployments to hybrid-cloud installations opens new attack surfaces1 Think holistically about your security controls; have layered or overlapping protections1 Know where critical data/systems are; focus security efforts there1 © 2020 Zettaset, Inc. | Proprietary and Confidential

13. Six factors impeding broad adoption of encryption 0 20 40 60 80 100 System performance and latency Policy enforcement Support cloud/on-premise development System scalability Key managements Integration with other security tools 78% 72% 71% 68% 64% 68% Zettaset Addressed the Global Encryption Trends Study 2020, Ponemon Institute TOP SIXHURDLES Top six hurdles have remained constant for past three years © 2020 Zettaset, Inc. | Proprietary and Confidential

14. Zettaset XCrypt: Delivers the value of software-defined encryption  Deploys on commodity hardware  Turnkey  Compatible with major key mgmt and HSM solutions  Automated key and policy management  Operator-driven encryption  Point and encrypt  Transparent to developers  Near zero performance impact  Encrypts all or selected data  Key-per-volume approach  On demand flexibility in physical, virtual or cloud  Scales infinitely  Protects data-at-rest and data-in-motion  Provides regulatory and corporate compliance  Simplifies reporting LOW TOTAL COST OF OWNERSHIP (TCO) EASE OF USE HIGH PERFORMANCE INFINITE SCALABILITY COMPREHENSIVE COMPLIANCE COVERAGE © 2020 Zettaset, Inc. | Proprietary and Confidential

15. The right approach to data encryption  Minimal performance impact  Complete transparency  Automated key policy and administration  Unique key per partition  Secure removal of compromised nodes  Protects data-in-place FULL DISK ENCRYPTION SOFTWARE  Significant performance impact  Potential key exposure  Requires application changes  Compatibility issues with OS/drives FILE/FOLDER ENCRYPTION  Default mode: one key for entire drive; partition-level keys hard to manage  Lacks centralized policy management; not scalable  Lacks key management  Lacks data-in-motion encryption SELF-ENCRYPTING DRIVES © 2020 Zettaset, Inc. | Proprietary and Confidential

16. Red Hat OpenShift + Zettaset XCrypt Accelerates your transition from DevOps to DevSecOps Leading hybrid cloud, enterprise Kubernetes application platform Helps application developers build with speed, agility, confidence, and choice Leading software-defined encryption solution Transparent, high performance encryption for Red Hat OpenShift environments © 2020 Zettaset, Inc. | Proprietary and Confidential

17. XCrypt works across physical, virtual & cloud environments EDGE ON-PREM HYBRID MULTI-CLOUD OpenShift 00101001101100010010100100110110101100101 10100110110001001010010011011010110010100CONTAINER DATA VM VM VM VM © 2020 Zettaset, Inc. | Proprietary and Confidential

18. Where XCrypt fits in the infrastructure XCrypt Deployment Encrypted Storage Manager Encrypted Volume Manager OpenShift Kubernetes Container Certificate Authority Key Manager Volume Driver © 2020 Zettaset, Inc. | Proprietary and Confidential

19. Limitations of data security with Kubernetes CNCF Survey 2019 Focus on vulnerabilities and integrity of containers CURRENT SECURITY SOLUTIONS Data within containers is unprotected when a breach occurs WHAT’S MISSING Data security to the infrastructure is a bad idea DELEGATING © 2020 Zettaset, Inc. | Proprietary and Confidential

20. Zettaset + Kubernetes ensures data security Real-time protection for data within containers ZETTASET XCRYPT Last-line of defense for data in containers WHAT’S ADDED Data security is transparent to developers and operators SEPARATION OF DUTIES CNCF Survey 2019 © 2020 Zettaset, Inc. | Proprietary and Confidential

21.  Automated to simplify data security in OpenShift environments  Transparent, high performance encryption  Unique encryption key per container volume  Protects container data across on- premises, hybrid, and multi-cloud environments  Protects data stored and used in multi-tenant container environments XCrypt OpenShift Encryption © 2020 Zettaset, Inc. | Proprietary and Confidential

22. Legacy Solution Zettaset encrypts the Kubernetes data layer HYBRID STORAGE VOLUME DEPLOYMENT vSphere Volume Elastic Block StorageCeph Storage  Protects individual persistent volumes in any environment  Supports multi- storage vendor support for hybrid and multi-cloud  Unifies administration and management  Automates provisioning of persistent volumes Tools focused on everything but the data Storage Volume Encryption Persistent Volume EncryptionK8S Solution Kubernetes Master Kubernetes Worker Node 1 Pod Containers Containers Container Tools

23. Data share: How it works © 2020 Zettaset, Inc. | Proprietary and Confidential Sensitive data Persistent volume Containerized apps Data request Encrypted data Transparent, high performance Real-time encryption Remote data availability controls Scheduled or time limit access Persistent volume Auto-provision and encrypt Request to obtain encryption key Data owner Data requester

24. Summary: Simplify shared data protection in OpenShift Organizations can flexibly protect container data across any on-premises, cloud, or hybrid deployment with fast, transparent encryption enabling them to: • Confidently focus on driving innovation • Dramatically reduce the risk of security breaches and data theft • Ensure developers are no longer required to make security decisions • Create a smooth plan for the transition to DevSecOps © 2020 Zettaset, Inc. | Proprietary and Confidential https://marketplace.redhat.com/en-us/products/zettaset-encryption-for-kubernetes-containers-rhm

Secure Data Sharing in OpenShift Environments

Du liest eine Vorschau.

Hier ansehen

Secure Data Sharing in OpenShift Environments

Weitere Verwandte Inhalte

Diashows für Sie (20)

Ähnlich wie Secure Data Sharing in OpenShift Environments (20)

Weitere von DevOps.com (20)

Aktuellste (20)