Transcript Secure Cloud and BYOD Strategies: Managing Trust and Encryption Ben Rogers January 24, 2013 © 2012 Venafi Proprietary and Confidential.

Secure Cloud and BYOD
Strategies:
Managing Trust and Encryption
Ben Rogers January 24, 2013
© 2012 Venafi Proprietary and Confidential
Who Remembers – Circa 1997
1
© 2012 Venafi Proprietary and Confidential
And Now
2
© 2012 Venafi Proprietary and Confidential
Establishing Identity & Keeping Secrets
• People to machines
– Passwords
– Usernames
– Secure tokens
– Biometrics
• Machine to machine
- IP addresses
- SSL certificates
- SSH keys
- Symmetric encryption
3
© 2012 Venafi Proprietary and Confidential
Why Such Fast SSL Cert Growth?
SSL certificates authenticate
silicon to silicon
communication and encrypt
data in motion
4
© 2012 Venafi Proprietary and Confidential
Proliferation of Certificates and Keys
in Enterprise Environments
Encrypted Communications
Data Encryption
Secure (SSH)
Administration
How are keys and
certificates managed
today?
Authentication
Secure (SSH)
Administration
Encrypt Tapes
Encrypt Database Data
Encrypted Communications
Server Authentication
Client Authentication
Authentication
Data encryption
Encrypted Communications
Server authentication
Client authentication
5
© 2012 Venafi Proprietary and Confidential
Independent Silos
Encrypted Communications
Data Encryption
Secure (SSH)
Administration
Creates many
operational and
security problems
Authentication
Secure (SSH)
Administration
Encrypt Tapes
Encrypt Database Data
Encrypted Communications
Server Authentication
Client Authentication
Authentication
Data encryption
Encrypted Communications
Server authentication
Client authentication
6
© 2012 Venafi Proprietary and Confidential
7
© 2011 Venafi. All rights reserved.
Generate
Inventory
8
© 2011 Venafi. All rights reserved.
Asset
Discovery
9
© 2011 Venafi. All rights reserved.
Establish
Policies
10
© 2011 Venafi. All rights reserved.
Manage
Assets
11
© 2011 Venafi. All rights reserved.
Automation
12
© 2011 Venafi. All rights reserved.
Automated Certificate Mgmt Life Cycle
4
2
1
Validation
Agent
Discovery
Network
Discovery
5
Reporting,
Analysis, & Mgmt
Application Owner
7
Automated
Provisioning
3
Monitoring
& Alerting
Enrollment 6
& Revocation
(to CAs)
PKI Owner
Business Owner
Internal
CA
External
CA #1
External
CA #2
13
© 2012 Venafi Proprietary and Confidential
SSH Key Manager
Discovery and Monitoring
Notify &
5 Alert
Report &
Analyze
Director
Database
4
Agent
Discovery
on SSH
Clients 3
2
Agent
Discovery
on SSH
Servers
1
Network
Discovery
to Find SSH
Servers
14
© 2011 Venafi. All rights reserved.
Trust Management
15
© 2012 Venafi Proprietary and Confidential
Unpublished Work of Venafi, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Venafi, Inc. Access to this work is restricted to Venafi
employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied,
distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Venafi, Inc. Any use or
exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Venafi, Inc. makes no
representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or
fitness for any particular purpose. Further, Venafi, Inc. reserves the right to revise this document and to make changes to its content, at any time, without
obligation to notify any person or entity of such revisions or changes. All Venafi marks referenced in this presentation are trademarks or registered
trademarks of Venafi, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
16
© 2012 Venafi Proprietary and Confidential