• No results found

Case Studies: Protecting Sensitive Data in

N/A
N/A
Protected

Academic year: 2021

Share "Case Studies: Protecting Sensitive Data in"

Copied!
15
0
0

Loading.... (view fulltext now)

Full text

(1)

Case Studies:

Protecting Sensitive Data in

C.J. Radford

Vice President, Cloud

September 18, 2014

Contact: @cjrad; cradford@vormetric.com

Copyright 2014 Vormetric, Inc. All rights reserved.

(2)

Agenda

Data Security Challenges

Top Considerations for Data

Centric Security

Use Case Discussion

Rackspace

FireHost

Amazon Web Services

Microsoft Azure

Q&A

Copyright 2014 Vormetric, Inc. All rights reserved.

(3)

Data is Increasingly More Difficult to Protect

Data Centers

Physical Virtual

Outsourced

Big Data

Sources Nodes Results

Clouds

Private, Public, Hybrid Multiple vendors

Physical Servers

Local offices and retail locations Labs

Trial

Analysis Research PHI Credit

Cards Customer Plans

Stats Contracts Call Records Finance

Files Source

Code Customer

Records Files HR

Copyright 2014 Vormetric, Inc. All rights reserved.

(4)

Slide No: 4 Copyright 2014 Vormetric, Inc. All rights reserved.

37% Security biggest pain point

March 2014

73% considered security to be

extremely important

Cloud Security Pain Points

(5)

Who is Responsible for Security?

Security You ~

Security Them ~

ROLE CLARITY

IaaS

PaaS

SaaS

Infrastructure as a Service

Platform as a Service

Software as a Service

APIs

Core Connectivity &

Delivery

Abstraction Hardware Facilities

APIs

Core Connectivity &

Delivery

Abstraction Hardware Facilities

Integration Middleware

APIs

Core Connectivity &

Delivery

Abstraction Hardware Facilities

Integration Middleware Presentation

Modality Presentation Platform APIs

Applications

Data Metadata Content

Infrastructure as a Service (Iaas) Platform as a Service (PaaS)

Infrastructure as a Service (Iaas)

Source: Cloud Security Alliance, 2013. Copyright 2014 Vormetric, Inc. All rights reserved.

(6)

Considerations For Data Centric Security

Across Cloud, Hybrid and On-Premise

Key custodianship with

flexible key management

• BYOK

• Know when subpoenaed

• Standards support e.g., KMIP

• Data remanence shredding

Data Access Controls • Privileged user access policies

• Data residency controls

Security Intelligence • Know who, what, where, how

data is accessed

Consolidate key management

and policy for lowest TCO

• Single data protection solution

for multiple platforms/use cases

On-premise and off-premise

Multi-IaaS cloud support

File and Application Level

Copyright 2014 Vormetric, Inc. All rights reserved.

(7)

Enterprise Data Center Environment

Policies &

Logs

Vormetric Data Security Manager (virtual or physical) Keys

Virtual or Physical Servers

Virtual or Physical Servers Automation

Considerations For Data Centric Security (cont’d):

Key & Data Access Policy On-Premise

Data Security Manager (Key & Policy

Manager) on-premise managed by End User

End User manages Keys and Access Control

Policies

(multi-cloud support …)

Copyright 2014 Vormetric, Inc. All rights reserved.

(8)

Vormetric Data Security Manager (virtual or physical)

Virtual or Physical Servers

Automation Policies &

Logs Keys

Enterprise #1

Enterprise #2

Enterprise #3

Enterprise Data Center

Data Security Manager (Key & Policy

Manager) off-premise managed by End User

End User manages Keys and Access Control

Policies

Considerations For Data Centric Security (cont’d):

Key & Data Access Policy Off-Premise

Copyright 2014 Vormetric, Inc. All rights reserved.

(9)

Use Case/Driver

Protect Forensic data that includes customer PII

Ensure that RAX Infrastructure and Server Administrators will not have access to their customer PII

Environment/Deployment Model

Forensic Application Storing PII information in SQL and Isilon File shares

Data Security Manager will be deployed in COMPANY Data Center(s)

COMPANY Infosec will manage keys and policies, controlling access to data

Why Rackspace/Vormetric

Single solution to protect both structured and unstructured data

Transparent to Application, SQL DB and RAX hosting infrastructure

Eliminate CSP Admin risk to data without impacting any IT operations (backup, replication, monitoring etc.)

Use Case: Private Top 10 Global Accounting Firm

Copyright 2014 Vormetric, Inc. All rights reserved.

(10)

Use Case: $4.4B Global ISV Targeting Legal, Tax,

Accounting, Audit, Healthcare Markets

Use Case/Driver

Executive/Legal Mandate to protect customer PII

Environment/Deployment Model

Many Oracle DBs and millions of scanned images with PII

Data Security Manager deployed in RAX environment

Why Rackspace/Vormetric

Single platform for protecting structure and unstructured data types

COMPANY maintains custodianship of keys and data access policies

RAX manages infrastructure including the Data Security Managers

Solution integrates seamlessly with hosted backup and other services delivered by RAX

Copyright 2014 Vormetric, Inc. All rights reserved.

(11)

Use Case: Private Healthcare App Service Provider ->

Streamlining Life Cycle of Major Surgeries

Use Case/Driver

HIPAA-HITECH data that needs protecting

Environment/Deployment Model

MySQL servers running on CentOS with ePHI data

Data Security Manager hosted within FireHost environment

COMPANY will manage keys and policies, controlling access to data

Why FireHost/Vormetric

All-in-cloud solution delivered as part of a broader set of cloud and infrastructure services – single solution provider

Small fast growing COMPANY – needed cost-effective and easy to manage solution

Transparent to MySQL/CentOS servers – no application changes needed

Maintain custodianship of keys and data access policies

Copyright 2014 Vormetric, Inc. All rights reserved.

(12)

Use Case: PegaSystems

Leading CRM/BPM Software Provider

Use Case/Driver

Enable healthcare CRM/BPM management workloads for AWS

More than 40 customers migrating workloads into the PegaCloud

Compliance (HIPAA) and contractual obligation to protect customer data

Data-across-boarder issues with EU

e.g., ensure access is controlled to ‘in country’ company personnel

Environment/Deployment Model

~250 instances – mostly Oracle running on CentOS platform

Data Security Managers deployed on-site in USA, Ireland and Norway and managed by the Pegasystems IT team

Why AWS/Vormetric

AWS scalability and ease of integration e.g., availability of APIs

Encryption is transparent to Application/DB and EC2 infrastructure e.g., no changes to application or EC2

Maintain custodianship of keys and data access policies

Copyright 2014 Vormetric, Inc. All rights reserved.

(13)

Vormetric Confidential Slide No: 13

(14)

Vormetric Confidential Slide No: 14

(15)

Thank you! Questions?

Contact Information:

C.J. Radford

cradford@Vormetric.com

@cjrad

Copyright 2014 Vormetric, Inc. –All rights reserved.

References

Related documents

In addition, this method offers several advantages: RNA can be isolated from tissues that are frozen immediately thereby avoiding alterations in cell differentiation state and

In general, Islamic banking, by definition of the International Association of Islamic Banks (IAJB), is a banking system which was established to utilize fund in

First and second screens of Rantei Kyokusui zu [The Winding Water of the Orchid Pavilion] by Kano Sansetsu, Early Tokugawa period the seventeenth century, ink, color, and gold leaf

While the large risk landscape is not made specific for any particular industry (see Figure 102: WEF Global Risk Landscape 2013), every single entity - regardless of its industry

The results indicated that the convolutional neural network is able to recognize the type of manual distraction task based on the right wrist motion with 87.0% accuracy and

Slope & Deflection Calculator for Uniform Load partially applied on right side of simply supported beam.

Immediately before the House of Representatives general election in 1991, a group led by Ozawa Ichiro -later called themselves Shinseito , or the Japan Renewal Party, broke away