This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

1. Security Policy
and Key Management
Centrally Manage Encryption Keys -
Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
www.Vormetric.com

2. Presentation Overview
Evolution of encryption IT operations and
and integrated key support challenges
management systems will then be examined
Review of the future Conclude with brief
industry initiatives and introduction to
compliance regulations Vormetric Key Management
Slide No: 2 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

3. Importance of Enterprise Key Management
The final encrypted solution has two parts:
the encrypted data itself and the keys that
control the encryption and decryption
processes. Controlling and maintaining the keys, “
therefore, is the most important part of
an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
Two Types of
Key Management Systems
Integrated Third Party
Slide No: 3 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

4. IT Imperative: Secure Enterprise Data
1 Direct access to enterprise 2 Attacks on mission critical
data has increased the risk data are getting more
of misuse. sophisticated.
A Data Breach Costs > $7.2M Per Episode
2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute
3 Security breach results in 4 Compliance regulations
substantial loss of revenue (HIPAA, PCI DSS) mandates
and customer trust. improved controls.
What is needed is a powerful, integrated solution
that can enable IT to Ensure the availability, “
security, and manageability of encryption keys
Across the enterprise.
Slide No: 4 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

5. Enterprise Key Management 8 Requirements
Backup
Storage Key State
Management
Generation Enterprise Key Authentication
Management
Restoration Auditing
Security
Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

6. Interoperability Standards
PKCS#11 EKM OASIS KMIP
Public Key Cryptographic Cryptographic APIs used Single comprehensive
Standard used by by Microsoft SQL server protocol defined by
Oracle Transparent to provide database consumers of enterprise
Data Encryption (TDE) encryption and secure key management systems
key management
! Even though vendors may agree on basic cryptographic
techniques and standards, compatibility between key
management implementation is not guaranteed.
Slide No: 6 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

7. Encryption Key Management Challenges
Complex management: Managing a
plethora of encryption keys in millions
Disparate Systems
Security Issues: Vulnerability of keys
from outside hackers /malicious insiders
Data Availability: Ensuring data
accessibility for authorized users
Scalability: Supporting multiple
databases, applications and standards
Different Ways
of Managing
Governance: Defining policy-driven, Encryption Keys
access, control and protection for data
Slide No: 7 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

8. Industry Regulatory Standards
Requires encryption key
management systems with
controls and procedures for
managing key use and
performing decryption
Payment Card
Industry Data
functions.
Security Standard
(PCI DSS)
Requires firms in Includes a breach
USA to publicly notification clause
acknowledge a data for which encryption
breech although it provides safe harbor
can damage their in the event of a
reputation. data breach.
U.S. Health I.T. for
Gramm Leach
Economic
Bliley Act (GLBA)
and Clinical Health
(HITECH) Act
Slide No: 8 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

9. Vormetric Key Management Benefits
Stores Keys Securely Provides Audit and Reporting
Minimize Solution Costs
Manages Heterogeneous Keys / FIPS 140-2 Compliant
VKM provides a robust, standards-based platform for
managing encryption keys. It simplifies management and
administrative challenges around key management to
“
ensure keys are secure.
Slide No: 9 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

10. Vormetric Key Management Capabilities
Manage Manage Vault
3rd Party Keys Other Keys
Vormetric
Create/Manage/Revoke Provide Secure storage of
Encryption keys of 3rd party security material
Agents encryption solutions Key Types:
Provide Network HSM to  Symmetric: AES, 3DES, ARIA
encryption solutions via  Asymmetric: RSA 1024, RSA
 PKCS#11 (Oracle 11gR2) 2048, RSA 4096
 EKM (MSSQL 2008 R2)  Other: Unvalidated security
materials (passwords, etc.).
Slide No: 10 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

11. Vormetric Key Management Components
Data Security Report on Key Vault
Manager (DSM) vaulted keys
Same DSM as used with all Provides key management Licensable Option on DSM
VDS products services for:
Web based or API level
 Oracle 11g R2 TDE
FIPS 140-2 Key Manager interface for import and
(Tablespace Encryption)
with Separation of Duties export of keys
 MSSQL 2008 R2 Enterprise
TDE (Tablespace Encryption) Supports Symmetric,
Asymmetric, and Other
Key materials
Reporting on key types
Slide No: 11 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

12. TDE Key Architecture before Vormetric
Oracle / Microsoft TDE
Master Encryption keys
are stored on the local
system in a file with the
data by default.
TDE Master
Encryption Key
Local
Wallet or Table
Slide No: 12 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

13. TDE Key Architecture after Vormetric
Oracle / Microsoft TDE
TDE Master
SSL Connection
Encryption Key
Key Agent
Vormetric DSM acts as Network HSM for
securing keys for Oracle and Microsoft TDE
Vormetric Key Agent is installed on the
database server
Slide No: 13 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

14. VKM Architecture-Key Vault
Web GUI
Supported Key Types:
Asymmetric
Command Line / API
Slide No: 14 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

15. Security Policy and Key Management
Protecting the enterprise’s valuable
digital assets from accidental or
intentional misuse are key goals for
every IT team today
A centralized enterprise key
management solution is critical to
ensuring all sensitive enterprise data is
secure and available.
Vormetric Key Management is the only
solution today that can:
Minimize IT operational and support burdens for
encryption key management,
Secure and control access to data across the
enterprise and into the cloud, and
Protect data without disrupting you business
Slide No: 15 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

16. Security Policy and Key Management
The final encrypted solution has two parts:
the encrypted data itself and the keys that
control the encryption and decryption
processes. Controlling and maintaining the keys, “
therefore, is the most important part of
an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
Vormetric Key Management is the only
solution today that can:
Protecting the enterprise’s valuable digital A centralized enterprise key management
Minimize IT operational and support burdens for
assets from accidental or intentional solution is critical to ensuring all sensitive encryption key management,
misuse are key goals for every IT team enterprise data is secure and available.
Secure and control access to data across the
today enterprise and into the cloud, and
Protect data without disrupting you business
Slide No: 16 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

17. Security Policy
and Key Management
Centrally Manage Encryption Keys -
Oracle TDE, SQL Server TDE and Vormetric.
Download Whitepaper
Tina Stewart, Vice President of Marketing
Click - to - tweet
www.Vormetric.com