SafeNet is a private company founded in 1983 that focuses on protecting high-value information assets through all stages of their lifecycle. It provides a unified data protection platform that persistently secures data across networks and devices using centralized policy management and key controls. The platform aims to help organizations securely adapt to changing cloud environments and compliance needs.
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
Achieving Data Privacy in the Enterprise with a Holistic Strategy
1. Achieving Data Privacy in the Enterprise SafeNet Derek Tumulak, VP Product Management REV 0.1
2. SafeNet Data Protection Protecting the Information Lifecycle REV 0.1 From idea to action, SafeNet smartly protects information as it moves through its lifecycle.
3.
4. Online Fraud is on the Rise Source: Anti-Phishing Working Group, March 2009 The number of crimeware‐spreading sites infecting PCs with password‐stealing crimeware reached an all time high of 31,173 in December, an 827 percent increase from January of 2008. Phishing: $3.2 Billion lost in 2007 in the US alone Gartner Dec. 2007
5. What Are the Threats? Source: Ponemon Institute, 2009
6.
7.
8.
9. Worldwide Compliance REV 0.1 Electronic Ledger Storage Law (Japan) 11MEDIS-DC (Japan) Canadian Electronic Evidence Act PCI Data Security Standard (WW) CA SB1386 et al FDA 21 CFR Part 11 Sarbanes-Oxley Act (USA) AIPA (Italy) GDPdU and GoBS (Germany) EU Data Protection Directive UK Data Protection Act NF Z 42-013 (France) Financial Services Authority (UK) Basel II Capital Accord GLB Act Japan PIP Act PCI (WW) Note: International companies must adhere to regulations in each country of operation HIPAA (USA)
17. SafeNet Data Protection SafeNet persistently protects information throughout its lifecycle, empowering customers to efficiently adapt to change and act on opportunity.
18.
19.
20.
Hinweis der Redaktion
So What: >25 years focus on information security >Size matters >Private, Profitable, and Proud of it >Certifications are important >Customers count on SafeNet
We can’t be complacent, even when the numbers are steady, there is always a spike pending
Traditional enterprise boundaries evolve - data is hosted, outsourced, moved to the cloud or accessed by partners, 3 rd party vendors and the mobile workforce Cyber Security – in an increasingly interconnected world, the ability to protect information and access online - cybersecurity - has shifted from science fiction to a glaring necessity for governments, businesses and everyday people Insider Threats – Malicious or unintentional access to sensitive data by trusted insiders places businesses and their customers at risk Compliance and Regulations - intense pressure to demonstrate compliance with internal governance guidelines and external regulations Information and Identity Protection - a key business enabler – from online banking to eCommerce to collaborations networks, more business initiatives and ability to compete is now dependent on the ability to persistently protected information
Since the PCI mandate was introduced in 2005, you will notice that the cost per breached record has increased 47%. Several elements go into this figure: litigation costs associated with the breach, pr costs, cost for notifications, consulting and repairs, and campaigns for brand repair. What can not be measured, is the lost opportunity costs and revenues from people turning away from your organization.
The market is changing…DP 1.0 technologies are no longer adequate for today’s enterprise organization. 1.0 is where many organizations are at today, this is where many companies are stuck. 2.0 is where the data protection market is headed. Let’s take a look at each one of these…(go through each row) SafeNet’s Approach: Data-centric Protection What's Changing Data-conscious vs. perimeter/network-centric Proactive protection vs. passive protection Why Is It Happening Data was born to be free. Passive protection techniques of trying to constrain data movement based on ‘source/destination’ or ‘all or nothing’ protection are not enough anymore What To Do Data-conscious security infrastructure, providing persistent data protection as data is created, used, stored, moved What You Gain Proactive data protection: Protect once, comply many Protected infrastructure What To Look At Scalable and extensible infrastructure with integrated policy, key and ID management platform
After data and discovery phase, you can establish what your threat model is Example, CSR who pages through screens of customer data and writes down CC#s or takes pictures using their cell phone (rate limiting would help and/or masking data) Business need to know
Centralized Key and Policy Management Security administrators control data protection policy Keys created and stored in a single location Dual Administrative Control Separation of Duties Logging, Auditing and Alerts FIPS & Common Criteria Certified Solution FIPS 140-2 Level 2 & CC EAL2 Certified Keys stored separately from sensitive data Authentication & Authorization Multi-factor system-to-system authentication and access control Granular, key-based, cryptographic policy Support for LDAP Encryption Offload Optimized, high-performance hardware Frees up database and application servers Latency less than 300 micro seconds per request Local Encryption Option Configurable for hardware offload or local encryption Batch Processing Perform batch encrypts/decrypts for high performance More than 100k TPS Batch tools include: Transform Utility ICAPI Easy integration into existing applications Heterogeneous Environments Comprehensive enterprise solution Web, Application, Database, Mainframe or File Server Data Center or Distributed Environments Open Standards-based APIs, cryptographic protocols Scalability Models with capacity from 2,500 TPS to 100,000 TPS Clustering further increases capacity and redundancy Licensing structure enables cost-effective build-out Clustering Keys and policy are shared/replicated among DataSecures in a global cluster Load Balancing Connector software can load balance across a group of appliances Multi-tier load balancing enables transparent fail over to alternate appliance(s)