This is an excerpt of Vormetric’s whitepaper: Simplifying IT Operations Securing and Controlling Access to Data Across the Enterprise . http://enterprise-encryption.vormetric.com/data-security-policy-and-encryption-key-management-white-paper.html The Whitepaper outlines the challenges of enterprise key management and details ways to minimize the risk. This whitepaper from Vormetric on Key management strategy strives to provide the reader with an understanding, not only of the importance of key management, but of its evolution. Additionally, understanding that companies today require actionable information, the paper provides the reader with a set of criteria for key management as well as an understanding of the challenges that may be faced. This is followed by a review of the recent industry initiatives and compliance regulations that are shaping the future of key management strategy. Lastly, the paper describes Vormetric’s Key Management, a component of the Vormetric Data Security product family. According to the whitepaper, encryption key management should meet four primary criteria: 1. Security – In implementing a comprehensive data security strategy, organizations are well- advised to consider the security of the encryption keys. Improper key management means weak encryption, and that can translate into vulnerable data. 2. Availability – In addition to being secure, the keys must ensure that the data is available when it is needed by the system or user. Key management practices that add complexity can decrease availability or add overhead to the network. That results in damage to the over efficiency of the network. 3. Scalability and Flexibility – Growth and change are inevitable in an organization. The key management solution should be able to address heterogeneous, distributed environments so as not to hamper either growth or change. 4. Governance and Reporting – Reporting is essential to proper institutional governance. Often, third party entities (be they customers or regulatory authorities) will request, and in some cases mandate, proper governance and reporting of key management. That means implementing and enforcing things like separation of duties, authorization process and key lifecycle management.

1. www.Vormetric.com
Security Policy
and Key Management
Centrally Manage Encryption Keys -
Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing

2. Presentation Overview
Evolution of encryption
management systems
and integrated key
IT operations and
will then be examined
support challenges
Review of the future
compliance regulations
industry initiatives and
Conclude with brief
Vormetric Key Management
introduction to
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 2

3. Importance of Enterprise Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 3
Two Types of
Key Management Systems
Third PartyIntegrated
“
The final encrypted solution has two parts:
the encrypted data itself and the keys that
control the encryption and decryption
processes. Controlling and maintaining the
keys, therefore, is the most important part of
an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012

4. IT Imperative: Secure Enterprise Data
Direct access to enterprise
data has increased the risk
of misuse.
Attacks on mission critical
data are getting more
sophisticated.
Security breach results in
substantial loss of revenue
and customer trust.
Compliance regulations
(HIPAA, PCI DSS) mandates
improved controls.
1 2
3 4
What is needed is a powerful, integrated solution
that can enable IT to Ensure the
availability, security, and manageability of
encryption keys Across the enterprise.
“
A Data Breach Costs > $7.2M Per Episode
2010 Annual Study: U.S. Cost of a Data Breaches, Ponemon Institute
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 4

5. Enterprise Key Management 8 Requirements
Enterprise Key
Management
Generation
Storage
Backup
Key State
Management
Security
Auditing
Authentication
Restoration
Slide No: 5 Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.

6. Interoperability Standards
PKCS#11 EKM OASIS KMIP
Public Key Cryptographic
Standard used by
Oracle Transparent
Data Encryption (TDE)
Cryptographic APIs used
by Microsoft SQL server
to provide database
encryption and secure
key management
Single comprehensive
protocol defined by
consumers of enterprise
key management systems
! Even though vendors may agree on basic cryptographic
techniques and standards, compatibility between key
management implementation is not guaranteed.
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 6

7. Complex management: Managing a
plethora of encryption keys in millions
Security Issues: Vulnerability of keys
from outside hackers /malicious insiders
Data Availability: Ensuring data
accessibility for authorized users
Scalability: Supporting multiple
databases, applications and standards
Governance: Defining policy-
driven, access, control and protection
for data
Encryption Key Management Challenges
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 7
Disparate Systems
Different Ways
of Managing
Encryption Keys

8. Industry Regulatory Standards
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 8
Gramm Leach
Bliley Act (GLBA)
U.S. Health I.T. for
Economic
and Clinical Health
(HITECH) Act
Payment Card
Industry Data
Security Standard
(PCI DSS)
Requires encryption key
management systems with
controls and procedures for
managing key use and
performing decryption
functions.
Requires firms in
USA to publicly
acknowledge a data
breech although it
can damage their
reputation.
Includes a breach
notification clause
for which encryption
provides safe harbor
in the event of a
data breach.

9. Vormetric Key Management Benefits
Minimize Solution Costs
Stores Keys Securely Provides Audit and Reporting
Manages Heterogeneous Keys / FIPS 140-2 Compliant
VKM provides a robust, standards-based platform for
managing encryption keys. It simplifies management and
administrative challenges around key management to
ensure keys are secure.
“
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 9

10. Vormetric Key Management Capabilities
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 10
Manage
Vormetric
Encryption
Agents
Manage
3rd Party Keys
Vault
Other Keys
Create/Manage/Revoke
keys of 3rd party
encryption solutions
Provide Network HSM to
encryption solutions via
 PKCS#11 (Oracle 11gR2)
 EKM (MSSQL 2008 R2)
Provide Secure storage of
security material
Key Types:
 Symmetric: AES, 3DES, ARIA
 Asymmetric: RSA 1024, RSA
2048, RSA 4096
 Other: Unvalidated security
materials (passwords, etc.).

11. Vormetric Key Management Components
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 11
Data Security
Manager (DSM)
Report on
vaulted keys
Key Vault
Provides key management
services for:
 Oracle 11g R2 TDE
(Tablespace Encryption)
 MSSQL 2008 R2 Enterprise
TDE (Tablespace Encryption)
Licensable Option on DSM
Web based or API level
interface for import and
export of keys
Same DSM as used with all
VDS products
FIPS 140-2 Key Manager
with Separation of Duties
Supports Symmetric,
Asymmetric, and Other
Key materials
Reporting on key types

12. TDE Key Architecture before Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 12
Master Encryption keys
are stored on the local
system in a file with the
data by default.
TDE Master
Encryption Key
Local
Wallet or Table
Oracle / Microsoft TDE

13. TDE Key Architecture after Vormetric
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 13
TDE Master
Encryption Key
Vormetric DSM acts as Network HSM for
securing keys for Oracle and Microsoft TDE
Vormetric Key Agent is installed on the
database server
SSLConnection
Key Agent
Oracle / Microsoft TDE

14. VKM Architecture-Key Vault
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 14
Asymmetric
Web GUI
Command Line / API
Supported Key Types:

15. Security Policy and Key Management
Protecting the enterprise’s valuable
digital assets from accidental or
intentional misuse are key goals for
every IT team today
A centralized enterprise key
management solution is critical to
ensuring all sensitive enterprise data is
secure and available.
Vormetric Key Management is the only
solution today that can:
Minimize IT operational and support burdens for
encryption key management,
Protect data without disrupting you business
Secure and control access to data across the
enterprise and into the cloud, and
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 15

16. Vormetric Key Management is the only
solution today that can:
A centralized enterprise key management
solution is critical to ensuring all sensitive
enterprise data is secure and available.
Protecting the enterprise’s valuable digital
assets from accidental or intentional
misuse are key goals for every IT team
today
Security Policy and Key Management
Copyright 2012 Vormetric, Inc. – Proprietary and Confidential. All rights reserved.Slide No: 16
“
The final encrypted solution has two parts:
the encrypted data itself and the keys that
control the encryption and decryption
processes. Controlling and maintaining the
keys, therefore, is the most important part of
an enterprise encryption strategy.
Forrester Research, Inc., “Killing Data”, January 2012
Minimize IT operational and support burdens for
encryption key management,
Secure and control access to data across the
enterprise and into the cloud, and
Protect data without disrupting you business

17. www.Vormetric.com
Security Policy
and Key Management
Centrally Manage Encryption Keys -
Oracle TDE, SQL Server TDE and Vormetric.
Tina Stewart, Vice President of Marketing
Download Whitepaper
Click - to - tweet