SlideShare ist ein Scribd-Unternehmen logo

Sklm webinar

Luigi Perrone
Luigi Perrone

This is the presentation used during the webinar on SKLM for customers

Software
1 von 49
Downloaden Sie, um offline zu lesen
2020 z Security Webinars Series Luigi Perrone IBM Security Thought Leader Security & Audit for zSystem & enterprise Security Intelligence solution luigi_perrone@it.ibm.com https://www.linkedin.com/in/luigiperrone/
A quick view of the security evolution Bolt-on security for IT projects SECURITY INTELLIGENCE APPS MOBILE ENDPOINT THREAT INTEL NETWORK ADVANCED FRAUD IDENTITY & ACCESS DATA Security intelligence across the enterprise Connected security for all, at the “speed of cloud” AI, quantum, blockchain and IoT security
IBM Security / © 2019 IBM Corporation 3 CISOs: “data security is a critical priority” 1. Get ahead of compliance demands 2. Protect against data breaches 3. Secure data across multiple clouds 4. Uncover business risk related to data GDPR NY-DFS2 China Privacy Australian Act HIPAA IaaS (Containers) PaaS (DBaaS) SaaS (O365)
IBM Security / © 2019 IBM Corporation 4 The famous IBM pyramid Coverage Complexity&SecurityControl App Encryption hyper-sensitive data Database Encryption Provide protection for very sensitive in- use (DB level), in-flight & at-rest data File or Dataset Level Encryption Provide broad coverage for sensitive data using encryption tied to access control for in-flight & at-rest data protection Full Disk and Tape Encryption Provide 100% coverage for at-rest data with zero host CPU cost Protection against intrusion, tamper or removal of physical infrastructure Broad protection & privacy managed by OS… ability to eliminate storage admins from compliance scope Granular protection & privacy managed by database… selective encryption & granular key management control of sensitive data Data protection & privacy provided and managed by the application… encryption of sensitive data when lower levels of encryption not available or suitable Multiple layers of encryption
Why Should All Data at Rest be Encrypted? Keeps sensitive information confidential - Insider threat - Lost/stolen tape or disk - Disk being repaired (Solid-state disks fail in a read-only state) • Addresses Regulations and Standards - Privacy breach disclosure laws - Protection of financial and healthcare data • Simplifies end-of-life-of-media/data scenarios - Destroy the key and the data is unusable - Cryptographic Erasure (NIST SP800-88) - Reducing media disposal costs
IBM Security / © 2019 IBM Corporation 6 Storage devices encryption capable
IBM Security / © 2019 IBM Corporation 7 The role of Key Server Self-Encrypting Storage (encrypts, Database (DB2), applications and VMWare (encrypts data) Key Request (IPP or KMIP) Key Response (IPP or KMIP) Applications SKLM Server (key management)
SKLM Data at RestVMWare, Apps, and IOT Align with PCI & NIST Guidance Manage Encryption Keys Transparent Encryption and Key Management Automatic Key Rotation Manage IBM and non-IBM products via KMIP Broadening Footprint (IPP, KMIP, & REST-compatible) Tape Storage Disk Storage Cloud and Elastic Storage Lenovo ServersIOT Network Storage Flash Storage Multi- Cloud Apps DB VMware vSAN & vCenter IBM Security Key Lifecycle Manager Enforce Separation of Duties IBM’s centralized key management solution for all data-at-rest encryption solutions
This standardization makes it easier for servers to support the growing number of encryption clients who are supporting KMIP The importance of KMIP support • Key Management Interoperability Protocol (KMIP) • Protocol for key management to encryption client • Enables key lifecycle management (generation, submission, retrieval, and deletion)
IBM Security / © 2019 IBM Corporation 10 Who uses SKLM ? 29,000+ Installations across these enterprises 100+ Countries where SKLM is deployed 870+ Installations in Healthcare Enterprises (Globally) 6,000+ Installations in Banking Enterprises (Globally) 11,000+ Installations in Insurance Enterprises (Globally) 4,200+ Enterprises have deployed SKLM
IBM Security / © 2019 IBM Corporation 11 What integrates with SKLM? Any IPP- or KMIP-compatible device or application Databases and Applications Tape Storage Solutions Servers Disk Storage Solutions Client DLP Applications Flash and Hybrid Storage Elastic Storage Solutions Cloud-based Encryption Solutions SKLM is pursuing 100% KMIP-compatibility by offering interop testing with SKLM on SoftLayer!
IBM Security / © 2019 IBM Corporation 12 SKLM Supported Devices List available http://ibm.biz/sklmdevicelist Now published as a Technote Link (updated regularly).
IBM Security / © 2019 IBM Corporation 13 SKLM: main features
IBM Security / © 2019 IBM Corporation 14 Which platform ? Which OS ? Which version? SKLM V4.0 for distributed platforms SKLM for z/OS V1.1 1. Server Platform: • SKLM (distributed) servers can run on Windows, RHEL, Linux on z, and AIX • SKLM for z/OS’s server is hosted on z/OS 2. Supported devices: • SKLM (distributed) – Greater device support 3. KMIP Support: • SKLM (distributed) – KMIP & IPP Support • SKLM for z/OS – IPP Only 4. Hardware Key Storage/Protection: • SKLM (distributed) optionally integrates with external HSMs (PKCS#11) • SKLM for z/OS can leverage Z-HW (ICSF, RACF) 5. User Interface: • SKLM (distributed) provides a graphical user interface. • SKLM for z/OS is operator console command line based. Main differences
IBM Security / © 2019 IBM Corporation 15 SKLM: Main Components Software package consists of SKLM application, WebSphere and DB2
IBM Security / © 2019 IBM Corporation 16 SKLM Management 1. Setting up the master and clone systems for replication 2. Administering the groups, users, and roles 3. Administering devices, KMIP objects, and HSM 4. Running operational tasks such as data backup, data restore, and export/import of device groups 5. Other miscellaneous administrative tasks Administrative Tasks
IBM Security / © 2019 IBM Corporation 17 SKLM data redundancy to determine the architecture BACKUP RESTORE MASTER CLONES MULTI MASTER Three methods to achive data redundancy
IBM Security / © 2019 IBM Corporation 18 Backup & Restore COMMAND: tklmBackupRun SKLM With manual Backup/Restore you can back up cryptographic objects, configuration files, and other critical information on the SKLM server and then restore them to create an exact copy of the SKLM server
IBM Security / © 2019 IBM Corporation 19 Master-Clone Deployment Architecture Tape Libraries Disk Storage Elastic Storage Apps and DBs SKLM VMs CloneMaster Primary Data Center Secondary Data Center LAN/WAN Synchronized Servers … … SKLM VMs CloneClone Cloud Storage SKLMEncryptionKeyManagement Self-EncryptingDevices
IBM Security / © 2019 IBM Corporation 20 SKLM Multi-Master for hyper-redundancy SKLM NJ Clients SKLM NY Clients SKLM UK Clients SKLM DE Clients SKLM JP Clients … SKLM Site 21 Clients Up to 21 sites of synchronized SKLM key servers
IBM Security / © 2019 IBM Corporation 21 Multi-Master Deployment Architecture (also with HSM) SKLM VMs MasterMaster Primary Data Center Additional Data Centers LAN/WANSynchronized Servers … … SKLM VMs MasterMaster SKLMEncryptionKeyManagement Self-EncryptingClients KMIP/IPP/REST Tape Libraries Disk Storage SDS Software Defined Storage Apps and DBs Cloud Storage VMware vSAN & vCenter HSM Network
IBM Security / © 2019 IBM Corporation 22 Multi-Master architecture in depth
IBM Security / © 2019 IBM Corporation 23 Keystore & Truststore • The SKLM Truststore stores the trusted certificates and the device root certificates that are used for secure communication between SKLM and the client devices • The standard installation of SKLM creates the truststore file tklmTrustore.jceks  <WAS_HOME>productssklmkeystore • Generated keys and the metadata for the keys are stored in a key table in the Keystore. The key materials are protected by using a Master key. SKLM can store symmetric keys, public keys, private keys, their associated certificate chains, and trusted certificates. KEYSTORE
IBM Security / © 2019 IBM Corporation 24 Managing the Master-Key • The Master Key (AES 256-bit) is generated by default in the SKLM server • Key materials stored in the database are protected by Master Key • Each Device Group can have its own Master Key
IBM Security / © 2019 IBM Corporation 25 Using an external HSM https://www.ibm.com/support/pages/node/296957 The commonly supported cryptographic cards are : • IBM 4765 PCIe Cryptographic Coprocessor • Gemalto/SafeNet Luna SA • Thales nShield Connect
IBM Security / © 2019 IBM Corporation 26 Security Key Lifecycle Manager (SKLM) with HSM Integration
IBM Security / © 2019 IBM Corporation 27 SKLM certificate management • SKLM manages server and client certificates, and they are used for SSL and KMIP communication
IBM Security / © 2019 IBM Corporation 28 Administering Group, Users, Role • For specific drive (such as LTOtape drive it is possible to limit the range of activities for administrator • Administration of Users, Group and Role is done by WAS administrator
IBM Security / © 2019 IBM Corporation 29 LDAP Integration • SKLM supports LDAP repositories, such as IBM Directory Server or Microsoft Active Directory. • Adding and configuring LDAP user repository to the federated repository of WAS using the WAS GUI.
IBM Security / © 2019 IBM Corporation 30 SKLM Audit and Debug Audit.handler.file.name property > SKLM_DATA/config/SKLMConfig.properties • Depending on the need, you can change the default setting that SKLM uses to collect audit information • Configuring and generating the audit records in syslog format
IBM Security / © 2019 IBM Corporation 31 Managing Device Groups • CREATE GROUP • CREATE ROLE • VIEW GROUP • EXPORT GROUP • IMPORT GROUP • MOVE DEVICE BETWEEN GROUP
SKLM v4 enhancements
IBM Security / © 2019 IBM Corporation • Manage and serve keys using REST APIs • GUI refinements for local file management • Improved Multi-Master cluster failover use cases Capability enhancements • Run SKLM services as a non-root user • SKLM containers on Docker (BETA release) Deployment enhancements • Incremental replication • Optimize SSL/TLS handshake for faster connectivity Performance improvements • Key Archiving to reduce replication time for large key databases • Display replication errors on GUI • Swagger UI for easy-to-use REST interface Customer RFEs SKLM v4.0 – Enhancements
IBM Security / © 2019 IBM Corporation 34 SKLM v4 enhancements: Installation, upgrade, migration Administrator / RootSKLM • SKLM processes run with no-admin or no-root credentials
IBM Security / © 2019 IBM Corporation 35 SKLM v4 enhancements: new REST-based key management SKLM
IBM Security / © 2019 IBM Corporation 36 Symmetric Key Key Pair Client 1 KMIP Client Certificate Secret Data Opaque Object KMIP REST REST Client For more information on. SKLM REST API capabilities, please go to: https://www.ibm.com/support/knowledgecenter/SSWPVP_4.0.0/com.ibm.sklm.doc/refer ence/ref/ref_ic_rest_rbks_clientmgmt.html REST-based key serving: Overview
IBM Security / © 2019 IBM Corporation 37 Client Management APIs • Create client • Get client details • List all clients • Update client name • Assign client certificate • Assign users to client • Remove users from client • Delete client • Create/Register symmetric key • Create/Register key pair • Create/Register secret data • Register certificate • Register opaque data • Get object • Delete object • List all objects Cryptographic Object Management APIs REST-based key serving: API list https://www.ibm.com/support/knowledgecenter/SSWPVP_4.0 .0/com.ibm.sklm.doc/reference/ref/ref_ic_rest_rbks_objmgmt. html https://www.ibm.com/support/knowledgece nter/SSWPVP_4.0.0/com.ibm.sklm.doc/ref erence/ref/ref_ic_rest_rbks_clientmgmt.ht ml
IBM Security / © 2019 IBM Corporation 38 SKLM v4 enhancements: improved replication performance SKLM CLONE SKLM CLONE SKLM MASTER
IBM Security / © 2019 IBM Corporation 39 SKLM v4 enhancements: Enhanced support for storage systems SKLM • DS8K-TCT • PeerToPeer New device groups for DS8K Transparent Cloud Tiering and Peer to Peer for FC Endpoint Security
IBM Security / © 2019 IBM Corporation 40 SKLM v4 enhancements to the Multi-Master feature • You can start, stop, and restart a Multi-Master cluster by using the graphical user interface, REST interface, or scripts
IBM Security / © 2019 IBM Corporation 41 SKLM v4 enhancements: graphical user interface (GUI) • From the Administration menu you can change: user password, WAS password, Database password • Upload/download files from GUI • From the Replication page you can display the replication status • Clients and Groups option is reneamed as «Clients» • Support to archive served key data
IBM Security / © 2019 IBM Corporation 42 SKLM v4 enhancements: interactive & easy REST API console • Swagger UI is now integrated with IBM Security Key Lifecycle Manager, to allow the use with any REST API.
IBM Security / © 2019 IBM Corporation 43 SKLM v4 enhancements: enhanced support for KMIP v.2.0 • IBM Security Key Lifecycle Manager now includes enhanced support for Key Management Interoperability Protocol (KMIP) 2.0 profile. SKLM MASTER 2.0
SKLM Container Edition : what is ? • SKLM Container Edition will be formally GA’d 2H2020 ( v.4.1 Beta1) • Beta use of SKLM C.E. requires an active entitlement to SKLM Basic Edition
SKLM C.E. components DB2 Version 11.5 WASLiberty Base Postgres SQL Version 12.2 You can also deploy SKLM containers on Kubernetes cluster using Helm charts (v.2.0) https://kubernetes.io/docs/setup/ https://helm.sh/docs/intro/install/
SKLM Container DB2 Container Base ImagesUbuntu IBM DB2 Docker Volumes Docker Engine SKLM C.E. - High Level View Admin REST Interface Admin GUI Interface Rest Based Key Serving IPP Server DB2 Database Files SKLM Data and Artifacts SKLM App and User DB Environment Variables KMIP Server *CLI is not supported in container
• CLI commands. Alternatively, use REST APIs. • Multi-Master cluster • Replication • LDAP • HSM • Password change from the user interface • Server restart is not supported. (you must restart the application container) • After user management changes, you must restart the application container. SKLM C.E. : restrictions
SKLM CE : conclusions More information for deploying SKLM Container Edition can be found here: • DockerHub link to SKLM Container Edition: https://hub.docker.com/r/ibmcom/sklm • System Requirements: https://www.ibm.com/support/pages/deploying-ibm-security-key-lifecycle-manager-containerized- environment-beta-release • A License Activation File is required. It can be obtained from PPA or from Software Sellers Link. More information can be found at: https://www.ibm.com/support/pages/deploying-ibm-security-key-lifecycle-manager-containerized- environment-beta-release This is a BETA Release of SKLM C.E, not designed or hardened for production use.
ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. THANK YOU ibm.com/security/community

Empfohlen

How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestSandeep Patil
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSandeep Patil
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsSandeep Patil
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of TwoKellyn Pot'Vin-Gorman
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 

Empfohlen

How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)How to Protect Your Mainframe from Hackers (v1.0)
How to Protect Your Mainframe from Hackers (v1.0)Rui Miguel Feio
 
IBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestIBM Spectrum Scale Secure- Secure Data in Motion and Rest
IBM Spectrum Scale Secure- Secure Data in Motion and RestSandeep Patil
 
Spectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSpectrum Scale Best Practices by Olaf Weiser
Spectrum Scale Best Practices by Olaf WeiserSandeep Patil
 
IBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsIBM Spectrum Scale Authentication for Protocols
IBM Spectrum Scale Authentication for ProtocolsSandeep Patil
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of TwoKellyn Pot'Vin-Gorman
 
IBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewIBM InfoSphere Guardium overview
IBM InfoSphere Guardium overviewnazeer325
 
Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...Presentation ibm info sphere guardium enterprise-wide database protection a...
Presentation ibm info sphere guardium enterprise-wide database protection a...solarisyougood
 
RACF - The Basics (v1.2)
RACF - The Basics (v1.2)RACF - The Basics (v1.2)
RACF - The Basics (v1.2)Rui Miguel Feio
 
System Z operating system
System Z operating systemSystem Z operating system
System Z operating systemArpana shree
 
Upgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planningUpgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planningMarna Walle
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageTony Pearson
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere零壹科技股份有限公司
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalManageEngine EventLog Analyzer
 
Active directory backup
Active directory backupActive directory backup
Active directory backupAhmad sohail Kakar
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event ManagemenS Periyakaruppan CISM,ISO31000,C-EH,ITILF
 
Mainframe Architecture & Product Overview
Mainframe Architecture & Product OverviewMainframe Architecture & Product Overview
Mainframe Architecture & Product Overviewabhi1112
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database VaultMarco Alamanni
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)zOSCommserver
 
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive Smita Raut
 
Less05 asm instance
Less05 asm instanceLess05 asm instance
Less05 asm instanceAmit Bhalla
 
Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)Mike Smith
 
Upgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actionsUpgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actionsMarna Walle
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadarVirginia Fernandez
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 

Weitere ähnliche Inhalte

Was ist angesagt?

System Z operating system
System Z operating systemSystem Z operating system
System Z operating systemArpana shree
 
Upgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planningUpgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planningMarna Walle
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageTony Pearson
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsGokhan Atil
 
Mainframe Architecture & Product Overview
Mainframe Architecture & Product OverviewMainframe Architecture & Product Overview
Mainframe Architecture & Product Overviewabhi1112
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorCamilo Fandiño Gómez
 
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)zOSCommserver
 
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive Smita Raut
 
Less05 asm instance
Less05 asm instanceLess05 asm instance
Less05 asm instanceAmit Bhalla
 
Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)Mike Smith
 
Upgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actionsUpgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actionsMarna Walle
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Was ist angesagt? (20)

System Z operating system
System Z operating systemSystem Z operating system
System Z operating system
 
Upgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planningUpgrade to IBM z/OS V2.4 planning
Upgrade to IBM z/OS V2.4 planning
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
IBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object StorageIBM Spectrum Scale for File and Object Storage
IBM Spectrum Scale for File and Object Storage
 
VMware vSphere
VMware vSphereVMware vSphere
VMware vSphere
 
Oracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAsOracle Enterprise Manager Cloud Control 13c for DBAs
Oracle Enterprise Manager Cloud Control 13c for DBAs
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
Active directory backup
Active directory backupActive directory backup
Active directory backup
 
Security Information and Event Managemen
Security Information and Event ManagemenSecurity Information and Event Managemen
Security Information and Event Managemen
 
Mainframe Architecture & Product Overview
Mainframe Architecture & Product OverviewMainframe Architecture & Product Overview
Mainframe Architecture & Product Overview
 
Oracle Database Vault
Oracle Database VaultOracle Database Vault
Oracle Database Vault
 
Whitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity MonitorWhitepaper IBM Guardium Data Activity Monitor
Whitepaper IBM Guardium Data Activity Monitor
 
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
IBM z/OS Communications Server z/OS Encryption Readiness Technology (zERT)
 
IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive IBM Spectrum Scale Authentication For Object - Deep Dive
IBM Spectrum Scale Authentication For Object - Deep Dive
 
Less05 asm instance
Less05 asm instanceLess05 asm instance
Less05 asm instance
 
Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)Systemz Security Overview (for non-Mainframe folks)
Systemz Security Overview (for non-Mainframe folks)
 
Upgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actionsUpgrade to IBM z/OS V2.5 technical actions
Upgrade to IBM z/OS V2.5 technical actions
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
IBM Security QRadar
IBM Security QRadar IBM Security QRadar
IBM Security QRadar
 

Ähnlich wie Sklm webinar

Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
IBM Cloud Paris Meetup - 20180628 - IBM Cloud Private
IBM Cloud Paris Meetup - 20180628 - IBM Cloud PrivateIBM Cloud Paris Meetup - 20180628 - IBM Cloud Private
IBM Cloud Paris Meetup - 20180628 - IBM Cloud PrivateIBM France Lab
 
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointSpeed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointDominopoint - Italian Lotus User Group
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cTony Pearson
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aTony Pearson
 
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollo
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco MolloIBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollo
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollojoemolls
 
S ss0884 sds-what-why-how-edge2015-v7
S ss0884 sds-what-why-how-edge2015-v7S ss0884 sds-what-why-how-edge2015-v7
S ss0884 sds-what-why-how-edge2015-v7Tony Pearson
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directionsxKinAnx
 
S100298 pendulum-swings-orlando-v1804a
S100298 pendulum-swings-orlando-v1804aS100298 pendulum-swings-orlando-v1804a
S100298 pendulum-swings-orlando-v1804aTony Pearson
 
Future of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexFuture of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexIBM Danmark
 
S014065 cloud-storage-orlando-v1705a
S014065 cloud-storage-orlando-v1705aS014065 cloud-storage-orlando-v1705a
S014065 cloud-storage-orlando-v1705aTony Pearson
 
Ibm spectrum storage protecion
Ibm spectrum storage protecion Ibm spectrum storage protecion
Ibm spectrum storage protecion Coenraad Smith
 
S cv0879 cloud-storage-options-edge2015-v4
S cv0879 cloud-storage-options-edge2015-v4S cv0879 cloud-storage-options-edge2015-v4
S cv0879 cloud-storage-options-edge2015-v4Tony Pearson
 
Cloud for the Military - Projects, Promise
Cloud for the Military - Projects, PromiseCloud for the Military - Projects, Promise
Cloud for the Military - Projects, PromiseJohn Palfreyman
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17LennartF
 
IBM Storage for Hybrid Cloud (4Q 2016)
IBM Storage for Hybrid Cloud (4Q 2016)IBM Storage for Hybrid Cloud (4Q 2016)
IBM Storage for Hybrid Cloud (4Q 2016)Elan Freedberg
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?HelpSystems
 
A brief look at ibm mainframe history
A brief look at ibm mainframe historyA brief look at ibm mainframe history
A brief look at ibm mainframe historysivaprasanth rentala
 

Ähnlich wie Sklm webinar (20)

Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
IBM Cloud Paris Meetup - 20180628 - IBM Cloud Private
IBM Cloud Paris Meetup - 20180628 - IBM Cloud PrivateIBM Cloud Paris Meetup - 20180628 - IBM Cloud Private
IBM Cloud Paris Meetup - 20180628 - IBM Cloud Private
 
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopointSpeed up the cloud adoption with SoftLayer Cloud Services - dominopoint
Speed up the cloud adoption with SoftLayer Cloud Services - dominopoint
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollo
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco MolloIBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollo
IBM Cloud Infrastructure as a Service (IaaS)- Feb 2019 by Gianfranco Mollo
 
S ss0884 sds-what-why-how-edge2015-v7
S ss0884 sds-what-why-how-edge2015-v7S ss0884 sds-what-why-how-edge2015-v7
S ss0884 sds-what-why-how-edge2015-v7
 
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions04 empalis -ibm_spectrum_protect_-_strategy_and_directions
04 empalis -ibm_spectrum_protect_-_strategy_and_directions
 
S100298 pendulum-swings-orlando-v1804a
S100298 pendulum-swings-orlando-v1804aS100298 pendulum-swings-orlando-v1804a
S100298 pendulum-swings-orlando-v1804a
 
Future of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik RexFuture of Power: PureFlex and IBM i - Erik Rex
Future of Power: PureFlex and IBM i - Erik Rex
 
S014065 cloud-storage-orlando-v1705a
S014065 cloud-storage-orlando-v1705aS014065 cloud-storage-orlando-v1705a
S014065 cloud-storage-orlando-v1705a
 
Ibm spectrum storage protecion
Ibm spectrum storage protecion Ibm spectrum storage protecion
Ibm spectrum storage protecion
 
S cv0879 cloud-storage-options-edge2015-v4
S cv0879 cloud-storage-options-edge2015-v4S cv0879 cloud-storage-options-edge2015-v4
S cv0879 cloud-storage-options-edge2015-v4
 
Cloud for the Military - Projects, Promise
Cloud for the Military - Projects, PromiseCloud for the Military - Projects, Promise
Cloud for the Military - Projects, Promise
 
Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17Confidential compute with hyperledger fabric .v17
Confidential compute with hyperledger fabric .v17
 
IBM Storage for Hybrid Cloud (4Q 2016)
IBM Storage for Hybrid Cloud (4Q 2016)IBM Storage for Hybrid Cloud (4Q 2016)
IBM Storage for Hybrid Cloud (4Q 2016)
 
What's New in Security for IBM i?
What's New in Security for IBM i?What's New in Security for IBM i?
What's New in Security for IBM i?
 
A brief look at ibm mainframe history
A brief look at ibm mainframe historyA brief look at ibm mainframe history
A brief look at ibm mainframe history
 

Mehr von Luigi Perrone

EKMF solution overview
EKMF solution overviewEKMF solution overview
EKMF solution overviewLuigi Perrone
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code ScannerLuigi Perrone
 
Pervasive Encryption for DB2
Pervasive Encryption for DB2Pervasive Encryption for DB2
Pervasive Encryption for DB2Luigi Perrone
 
z/OS Pervasive Encryption
z/OS Pervasive Encryptionz/OS Pervasive Encryption
z/OS Pervasive EncryptionLuigi Perrone
 
Come integrare il mainframe con QRadar
Come integrare il mainframe con QRadarCome integrare il mainframe con QRadar
Come integrare il mainframe con QRadarLuigi Perrone
 
Fare sicurezza con zSecure
Fare sicurezza con zSecureFare sicurezza con zSecure
Fare sicurezza con zSecureLuigi Perrone
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancementLuigi Perrone
 

Mehr von Luigi Perrone (11)

EKMF solution overview
EKMF solution overviewEKMF solution overview
EKMF solution overview
 
z/OS Authorized Code Scanner
z/OS Authorized Code Scannerz/OS Authorized Code Scanner
z/OS Authorized Code Scanner
 
Mfa.intro
Mfa.introMfa.intro
Mfa.intro
 
Pervasive Encryption for DB2
Pervasive Encryption for DB2Pervasive Encryption for DB2
Pervasive Encryption for DB2
 
Key management
Key managementKey management
Key management
 
z/OS Pervasive Encryption
z/OS Pervasive Encryptionz/OS Pervasive Encryption
z/OS Pervasive Encryption
 
2017 racf 2.3 news
2017 racf 2.3 news2017 racf 2.3 news
2017 racf 2.3 news
 
IBM Qradar-Advisor
IBM Qradar-AdvisorIBM Qradar-Advisor
IBM Qradar-Advisor
 
Come integrare il mainframe con QRadar
Come integrare il mainframe con QRadarCome integrare il mainframe con QRadar
Come integrare il mainframe con QRadar
 
Fare sicurezza con zSecure
Fare sicurezza con zSecureFare sicurezza con zSecure
Fare sicurezza con zSecure
 
Racf psw enhancement
Racf psw enhancementRacf psw enhancement
Racf psw enhancement
 

Kürzlich hochgeladen

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdfPearlKirahMaeRagusta1
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfVishalKumarJha10
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesVictorSzoltysek
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024Mind IT Systems
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 

Kürzlich hochgeladen (20)

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM TechniquesAI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
AI Mastery 201: Elevating Your Workflow with Advanced LLM Techniques
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
10 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 202410 Trends Likely to Shape Enterprise Technology in 2024
10 Trends Likely to Shape Enterprise Technology in 2024
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 

Sklm webinar

  • 1. 2020 z Security Webinars Series Luigi Perrone IBM Security Thought Leader Security & Audit for zSystem & enterprise Security Intelligence solution luigi_perrone@it.ibm.com https://www.linkedin.com/in/luigiperrone/
  • 2. A quick view of the security evolution Bolt-on security for IT projects SECURITY INTELLIGENCE APPS MOBILE ENDPOINT THREAT INTEL NETWORK ADVANCED FRAUD IDENTITY & ACCESS DATA Security intelligence across the enterprise Connected security for all, at the “speed of cloud” AI, quantum, blockchain and IoT security
  • 3. IBM Security / © 2019 IBM Corporation 3 CISOs: “data security is a critical priority” 1. Get ahead of compliance demands 2. Protect against data breaches 3. Secure data across multiple clouds 4. Uncover business risk related to data GDPR NY-DFS2 China Privacy Australian Act HIPAA IaaS (Containers) PaaS (DBaaS) SaaS (O365)
  • 4. IBM Security / © 2019 IBM Corporation 4 The famous IBM pyramid Coverage Complexity&SecurityControl App Encryption hyper-sensitive data Database Encryption Provide protection for very sensitive in- use (DB level), in-flight & at-rest data File or Dataset Level Encryption Provide broad coverage for sensitive data using encryption tied to access control for in-flight & at-rest data protection Full Disk and Tape Encryption Provide 100% coverage for at-rest data with zero host CPU cost Protection against intrusion, tamper or removal of physical infrastructure Broad protection & privacy managed by OS… ability to eliminate storage admins from compliance scope Granular protection & privacy managed by database… selective encryption & granular key management control of sensitive data Data protection & privacy provided and managed by the application… encryption of sensitive data when lower levels of encryption not available or suitable Multiple layers of encryption
  • 5. Why Should All Data at Rest be Encrypted? Keeps sensitive information confidential - Insider threat - Lost/stolen tape or disk - Disk being repaired (Solid-state disks fail in a read-only state) • Addresses Regulations and Standards - Privacy breach disclosure laws - Protection of financial and healthcare data • Simplifies end-of-life-of-media/data scenarios - Destroy the key and the data is unusable - Cryptographic Erasure (NIST SP800-88) - Reducing media disposal costs
  • 6. IBM Security / © 2019 IBM Corporation 6 Storage devices encryption capable
  • 7. IBM Security / © 2019 IBM Corporation 7 The role of Key Server Self-Encrypting Storage (encrypts, Database (DB2), applications and VMWare (encrypts data) Key Request (IPP or KMIP) Key Response (IPP or KMIP) Applications SKLM Server (key management)
  • 8. SKLM Data at RestVMWare, Apps, and IOT Align with PCI & NIST Guidance Manage Encryption Keys Transparent Encryption and Key Management Automatic Key Rotation Manage IBM and non-IBM products via KMIP Broadening Footprint (IPP, KMIP, & REST-compatible) Tape Storage Disk Storage Cloud and Elastic Storage Lenovo ServersIOT Network Storage Flash Storage Multi- Cloud Apps DB VMware vSAN & vCenter IBM Security Key Lifecycle Manager Enforce Separation of Duties IBM’s centralized key management solution for all data-at-rest encryption solutions
  • 9. This standardization makes it easier for servers to support the growing number of encryption clients who are supporting KMIP The importance of KMIP support • Key Management Interoperability Protocol (KMIP) • Protocol for key management to encryption client • Enables key lifecycle management (generation, submission, retrieval, and deletion)
  • 10. IBM Security / © 2019 IBM Corporation 10 Who uses SKLM ? 29,000+ Installations across these enterprises 100+ Countries where SKLM is deployed 870+ Installations in Healthcare Enterprises (Globally) 6,000+ Installations in Banking Enterprises (Globally) 11,000+ Installations in Insurance Enterprises (Globally) 4,200+ Enterprises have deployed SKLM
  • 11. IBM Security / © 2019 IBM Corporation 11 What integrates with SKLM? Any IPP- or KMIP-compatible device or application Databases and Applications Tape Storage Solutions Servers Disk Storage Solutions Client DLP Applications Flash and Hybrid Storage Elastic Storage Solutions Cloud-based Encryption Solutions SKLM is pursuing 100% KMIP-compatibility by offering interop testing with SKLM on SoftLayer!
  • 12. IBM Security / © 2019 IBM Corporation 12 SKLM Supported Devices List available http://ibm.biz/sklmdevicelist Now published as a Technote Link (updated regularly).
  • 13. IBM Security / © 2019 IBM Corporation 13 SKLM: main features
  • 14. IBM Security / © 2019 IBM Corporation 14 Which platform ? Which OS ? Which version? SKLM V4.0 for distributed platforms SKLM for z/OS V1.1 1. Server Platform: • SKLM (distributed) servers can run on Windows, RHEL, Linux on z, and AIX • SKLM for z/OS’s server is hosted on z/OS 2. Supported devices: • SKLM (distributed) – Greater device support 3. KMIP Support: • SKLM (distributed) – KMIP & IPP Support • SKLM for z/OS – IPP Only 4. Hardware Key Storage/Protection: • SKLM (distributed) optionally integrates with external HSMs (PKCS#11) • SKLM for z/OS can leverage Z-HW (ICSF, RACF) 5. User Interface: • SKLM (distributed) provides a graphical user interface. • SKLM for z/OS is operator console command line based. Main differences
  • 15. IBM Security / © 2019 IBM Corporation 15 SKLM: Main Components Software package consists of SKLM application, WebSphere and DB2
  • 16. IBM Security / © 2019 IBM Corporation 16 SKLM Management 1. Setting up the master and clone systems for replication 2. Administering the groups, users, and roles 3. Administering devices, KMIP objects, and HSM 4. Running operational tasks such as data backup, data restore, and export/import of device groups 5. Other miscellaneous administrative tasks Administrative Tasks
  • 17. IBM Security / © 2019 IBM Corporation 17 SKLM data redundancy to determine the architecture BACKUP RESTORE MASTER CLONES MULTI MASTER Three methods to achive data redundancy
  • 18. IBM Security / © 2019 IBM Corporation 18 Backup & Restore COMMAND: tklmBackupRun SKLM With manual Backup/Restore you can back up cryptographic objects, configuration files, and other critical information on the SKLM server and then restore them to create an exact copy of the SKLM server
  • 19. IBM Security / © 2019 IBM Corporation 19 Master-Clone Deployment Architecture Tape Libraries Disk Storage Elastic Storage Apps and DBs SKLM VMs CloneMaster Primary Data Center Secondary Data Center LAN/WAN Synchronized Servers … … SKLM VMs CloneClone Cloud Storage SKLMEncryptionKeyManagement Self-EncryptingDevices
  • 20. IBM Security / © 2019 IBM Corporation 20 SKLM Multi-Master for hyper-redundancy SKLM NJ Clients SKLM NY Clients SKLM UK Clients SKLM DE Clients SKLM JP Clients … SKLM Site 21 Clients Up to 21 sites of synchronized SKLM key servers
  • 21. IBM Security / © 2019 IBM Corporation 21 Multi-Master Deployment Architecture (also with HSM) SKLM VMs MasterMaster Primary Data Center Additional Data Centers LAN/WANSynchronized Servers … … SKLM VMs MasterMaster SKLMEncryptionKeyManagement Self-EncryptingClients KMIP/IPP/REST Tape Libraries Disk Storage SDS Software Defined Storage Apps and DBs Cloud Storage VMware vSAN & vCenter HSM Network
  • 22. IBM Security / © 2019 IBM Corporation 22 Multi-Master architecture in depth
  • 23. IBM Security / © 2019 IBM Corporation 23 Keystore & Truststore • The SKLM Truststore stores the trusted certificates and the device root certificates that are used for secure communication between SKLM and the client devices • The standard installation of SKLM creates the truststore file tklmTrustore.jceks  <WAS_HOME>productssklmkeystore • Generated keys and the metadata for the keys are stored in a key table in the Keystore. The key materials are protected by using a Master key. SKLM can store symmetric keys, public keys, private keys, their associated certificate chains, and trusted certificates. KEYSTORE
  • 24. IBM Security / © 2019 IBM Corporation 24 Managing the Master-Key • The Master Key (AES 256-bit) is generated by default in the SKLM server • Key materials stored in the database are protected by Master Key • Each Device Group can have its own Master Key
  • 25. IBM Security / © 2019 IBM Corporation 25 Using an external HSM https://www.ibm.com/support/pages/node/296957 The commonly supported cryptographic cards are : • IBM 4765 PCIe Cryptographic Coprocessor • Gemalto/SafeNet Luna SA • Thales nShield Connect
  • 26. IBM Security / © 2019 IBM Corporation 26 Security Key Lifecycle Manager (SKLM) with HSM Integration
  • 27. IBM Security / © 2019 IBM Corporation 27 SKLM certificate management • SKLM manages server and client certificates, and they are used for SSL and KMIP communication
  • 28. IBM Security / © 2019 IBM Corporation 28 Administering Group, Users, Role • For specific drive (such as LTOtape drive it is possible to limit the range of activities for administrator • Administration of Users, Group and Role is done by WAS administrator
  • 29. IBM Security / © 2019 IBM Corporation 29 LDAP Integration • SKLM supports LDAP repositories, such as IBM Directory Server or Microsoft Active Directory. • Adding and configuring LDAP user repository to the federated repository of WAS using the WAS GUI.
  • 30. IBM Security / © 2019 IBM Corporation 30 SKLM Audit and Debug Audit.handler.file.name property > SKLM_DATA/config/SKLMConfig.properties • Depending on the need, you can change the default setting that SKLM uses to collect audit information • Configuring and generating the audit records in syslog format
  • 31. IBM Security / © 2019 IBM Corporation 31 Managing Device Groups • CREATE GROUP • CREATE ROLE • VIEW GROUP • EXPORT GROUP • IMPORT GROUP • MOVE DEVICE BETWEEN GROUP
  • 33. IBM Security / © 2019 IBM Corporation • Manage and serve keys using REST APIs • GUI refinements for local file management • Improved Multi-Master cluster failover use cases Capability enhancements • Run SKLM services as a non-root user • SKLM containers on Docker (BETA release) Deployment enhancements • Incremental replication • Optimize SSL/TLS handshake for faster connectivity Performance improvements • Key Archiving to reduce replication time for large key databases • Display replication errors on GUI • Swagger UI for easy-to-use REST interface Customer RFEs SKLM v4.0 – Enhancements
  • 34. IBM Security / © 2019 IBM Corporation 34 SKLM v4 enhancements: Installation, upgrade, migration Administrator / RootSKLM • SKLM processes run with no-admin or no-root credentials
  • 35. IBM Security / © 2019 IBM Corporation 35 SKLM v4 enhancements: new REST-based key management SKLM
  • 36. IBM Security / © 2019 IBM Corporation 36 Symmetric Key Key Pair Client 1 KMIP Client Certificate Secret Data Opaque Object KMIP REST REST Client For more information on. SKLM REST API capabilities, please go to: https://www.ibm.com/support/knowledgecenter/SSWPVP_4.0.0/com.ibm.sklm.doc/refer ence/ref/ref_ic_rest_rbks_clientmgmt.html REST-based key serving: Overview
  • 37. IBM Security / © 2019 IBM Corporation 37 Client Management APIs • Create client • Get client details • List all clients • Update client name • Assign client certificate • Assign users to client • Remove users from client • Delete client • Create/Register symmetric key • Create/Register key pair • Create/Register secret data • Register certificate • Register opaque data • Get object • Delete object • List all objects Cryptographic Object Management APIs REST-based key serving: API list https://www.ibm.com/support/knowledgecenter/SSWPVP_4.0 .0/com.ibm.sklm.doc/reference/ref/ref_ic_rest_rbks_objmgmt. html https://www.ibm.com/support/knowledgece nter/SSWPVP_4.0.0/com.ibm.sklm.doc/ref erence/ref/ref_ic_rest_rbks_clientmgmt.ht ml
  • 38. IBM Security / © 2019 IBM Corporation 38 SKLM v4 enhancements: improved replication performance SKLM CLONE SKLM CLONE SKLM MASTER
  • 39. IBM Security / © 2019 IBM Corporation 39 SKLM v4 enhancements: Enhanced support for storage systems SKLM • DS8K-TCT • PeerToPeer New device groups for DS8K Transparent Cloud Tiering and Peer to Peer for FC Endpoint Security
  • 40. IBM Security / © 2019 IBM Corporation 40 SKLM v4 enhancements to the Multi-Master feature • You can start, stop, and restart a Multi-Master cluster by using the graphical user interface, REST interface, or scripts
  • 41. IBM Security / © 2019 IBM Corporation 41 SKLM v4 enhancements: graphical user interface (GUI) • From the Administration menu you can change: user password, WAS password, Database password • Upload/download files from GUI • From the Replication page you can display the replication status • Clients and Groups option is reneamed as «Clients» • Support to archive served key data
  • 42. IBM Security / © 2019 IBM Corporation 42 SKLM v4 enhancements: interactive & easy REST API console • Swagger UI is now integrated with IBM Security Key Lifecycle Manager, to allow the use with any REST API.
  • 43. IBM Security / © 2019 IBM Corporation 43 SKLM v4 enhancements: enhanced support for KMIP v.2.0 • IBM Security Key Lifecycle Manager now includes enhanced support for Key Management Interoperability Protocol (KMIP) 2.0 profile. SKLM MASTER 2.0
  • 44. SKLM Container Edition : what is ? • SKLM Container Edition will be formally GA’d 2H2020 ( v.4.1 Beta1) • Beta use of SKLM C.E. requires an active entitlement to SKLM Basic Edition
  • 45. SKLM C.E. components DB2 Version 11.5 WASLiberty Base Postgres SQL Version 12.2 You can also deploy SKLM containers on Kubernetes cluster using Helm charts (v.2.0) https://kubernetes.io/docs/setup/ https://helm.sh/docs/intro/install/
  • 46. SKLM Container DB2 Container Base ImagesUbuntu IBM DB2 Docker Volumes Docker Engine SKLM C.E. - High Level View Admin REST Interface Admin GUI Interface Rest Based Key Serving IPP Server DB2 Database Files SKLM Data and Artifacts SKLM App and User DB Environment Variables KMIP Server *CLI is not supported in container
  • 47. • CLI commands. Alternatively, use REST APIs. • Multi-Master cluster • Replication • LDAP • HSM • Password change from the user interface • Server restart is not supported. (you must restart the application container) • After user management changes, you must restart the application container. SKLM C.E. : restrictions
  • 48. SKLM CE : conclusions More information for deploying SKLM Container Edition can be found here: • DockerHub link to SKLM Container Edition: https://hub.docker.com/r/ibmcom/sklm • System Requirements: https://www.ibm.com/support/pages/deploying-ibm-security-key-lifecycle-manager-containerized- environment-beta-release • A License Activation File is required. It can be obtained from PPA or from Software Sellers Link. More information can be found at: https://www.ibm.com/support/pages/deploying-ibm-security-key-lifecycle-manager-containerized- environment-beta-release This is a BETA Release of SKLM C.E, not designed or hardened for production use.
  • 49. ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions © Copyright IBM Corporation 2019. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party. THANK YOU ibm.com/security/community