Transcript SafeNet Theatre Presentation
Dell Compellent and SafeNet KeySecure
2
SafeNet: What We Do
Trusted to protect the world’s most sensitive data for the world’s most trusted brands.
We protect the most money that moves in the world, $1 trillion daily.
We protect the most digital identities in the world.
We protect the most classified information in the world.
FOUNDED
1983
REVENUE
340m
EMPLOYEES
1,500+
In 25 countries OWNERSHIP
Private
GLOBAL FOOTPRINT
25,000+
Customers in 100 countries ACCREDITED Products certified to the highest security standard 2
3
Why Data at Rest Encryption?
Secures data wherever it resides
• Data remains secured both in and out of the data center • Secures data in event of drive, array or Storage Center system theft • Protect intellectual property and digital assets from unauthorized access
Full data control
• Only authorized users with appropriate keys have access. • • • Key loss or deletion renders data permanently unreadable. Keys never appear in the clear on outside networks Log and audit user access to IP
Compliance
• • • PCI-DSS, HIPAA, Basel II, 46+ State Laws, European Union requirements Regulatory violations bring financial and legal penalties Proactive security and reputation preservation have compelling ROI
4
Dell Compellent Self-encrypting Drives (SED)
•
Secures data against
– lost, transported or stolen drives – theft of entire array – theft an entire Storage Center system •
100% unrecoverable keys
– Key loss means data loss. No back door to access data on stolen drives •
Removed or stolen drives are automatically locked
– – Even if platters are placed on a spin stand, data is secure Keys are secure and never passed in the clear on outside networks •
Robust encryption and security
– Secured using 256-bit AES encryption – Option to operate in non-SED mode without system impact – FIPS 140-2 Level 2 security •
Instant cryptographic erase
– Delete keys to decommissioned drives to render data unreadable – Cryptographically erase data on individual drive basis 4
5
SafeNet KeySecure
Enterprise Key Management • • • •
Each SED contains its own encryption key. How do you effectively manage an entire datacenter?
Centralized key management
– – – – Store, manage, generate, distribute, rotate, back up, activate, deactivate, and destroy keys Up to 1 million keys per cluster High assurance level Geographically dispersed operations
Standard-based approach: OASIS KMIP
– – – Manage keys for: Dell Full Disk Encryption Other supported 3rd party KMIP-based solutions Supports key management for cloud solutions
Hardware encryption key storage
– Maintain encryption keys in SafeNet Luna SA (HSM) and PCI Card
World Class Support Services
– 7x24x365 Support offerings available
k150
25,000 max keys 100 max concurrent clients FIPS 140-2 Level 1
k460
1,000,000 max keys 1,000 max concurrent clients FIPS 140-2 Level 3 5
6
KeySecure manages keys for many vendors
Key Benefits
7 •
Centralize Encryption Key Management
– Unify key management (e.g. key generation, escrow, recovery) for all Compellent self-encrypting drives and other KMIP compatible solutions in SafeNet’s partner ecosystem behind an intuitive graphical user interface.
•
Multi-Tenant Data Isolation
– Share storage resources while securing data by business policy to segregate data for multiple departments, business units, or customers.
•
High Availability Configurations
– Cluster appliances to maintain encrypted data availability in geographically dispersed data centers.
•
Separation of duties.
– Segment key ownership and management based on individuals or by group owners to protect sensitive material against unauthorized access from staff.
•
Auditing and Logging
– Detailed logs can be used by SIEM reporting tools such as IBM QRadar, Splunk and others for improved day-to-day operations management and easier compliance reporting .
8
KeySecure Summary
Security Performance Flexibility Manageability
• Hardware-based, centralized key and policy management • FIPS/CC certified solution • Authentication and authorization • Low and high performance models (k460, k250, k150, k150v) • Models matched to performance requirements • Efficient backup/restore capabilities, local encryption option • Support for heterogeneous environments (app, db, file) • Support for open standards and APIs and stress KMIP • Range of enterprise deployment models • Intuitive, easy-to-use administration • Separation of duties • Centralized policy management
Availability
• Enterprise clustering and replication • Load balancing, health checking, and failover • Geographically distributed redundancy
9
Questions?
Blair Semple
Director Business Development [email protected]
For more information visit: http://www.safenet-inc.com/partners/dell