Understand the importance of a long term enterprise encryption and key management strategy over the short term fix of an ad hoc encryption to address any data security concerns.
This presentation is based on the whitepaper - Enterprise Encryption from Vormetric and ESG.
Register to download the whitepaper: http://enterprise-encryption.vormetric.com/EMAILPTNRESGWhitepaper.html .
CISOs and their peers realize that ad hoc encryption is no longer adequate: It leads to higher costs and increased risk. So, what's needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization.
More than Just Lines on a Map: Best Practices for U.S Bike Routes
Enterprise Encryption and Key Management Strategy from Vormetric and ESG
1. Enterprise Encryption and Key
Management Strategy
THE TIME IS NOW
Vormetric Contact:
Name: Tina Stewart
Email: Tina-Stewart@vormetric.com
Download ESG Whitepaper
White Paper: Enterprise Encryption
and Key Management Strategy 1
2. Overview
““
“
“
Large organizations need an enterprise encryption strategy. This should
include central command and control, distributed policy enforcement, tiered
administration, and an enterprise-class key management service.
Vormetric is the leader In this presentation This ESG white paper
in enterprise encryption we share key insights from was commissioned by
and key management. EGS’s whitepaper on: Vormetric, Inc.
Our Data Security solution Enterprise Encryption and and is distributed under
encrypts any file, Key Management Strategy license from ESG.
any database, The Time Is Now,
any application, anywhere. By Jon Oltsik
White Paper: Enterprise Encryption
and Key Management Strategy 2
3. The Time is Now
• Your Business Data is Everywhere and Accessed by Everyone
• Ad hoc Data Security = increased risk and business exposure
• Large organizations need an enterprise encryption strategy
– Central Command and Control
– Distributed Policy Enforcement
– Tiered Administration
– Enterprise-class key management service
White Paper: Enterprise Encryption
and Key Management Strategy 3
4. Drivers of Enterprise-Class Data Security Solutions
Regulatory Compliance
State, industry and international
privacy regulations require or
recommend encryption for
data security.
Intellectual Property Protection Publically Disclosed Breaches
Advanced Persistent Threats (APTs) 126 breaches and 1.5Million personal
resulting in IP theft are forcing records reported in 2012 alone. Including
enterprises to aggressively respond with well known names – Arizona State
data encryption technologies. University and Zappos.com.
White Paper: Enterprise Encryption
and Key Management Strategy 4
5. Top Investment: Data Encryption
Which of the following security technology products/solutions has your organization purchased in
response to APTs? (Percent of respondents, N=95, multiple responses accepted)
Data encryption technologies 54%
Web gateway for blocking suspicious URLs and web
based content
49%
Application firewalls 44%
Specific technology defenses designed to detect and 44%
prevent APT attacks
Database security technologies 43%
Managed security services 39%
DLP (data loss prevention) technologies 35%
New types of user authentication/access controls 31%
Endpoint white-list/black-list enforcement
technologies 24%
Third-party penetration testing service from specialty 21%
firm
Source: Enterprise Strategy Group,2012 0% 10% 20% 30% 40% 50% 60%
White Paper: Enterprise Encryption
and Key Management Strategy 5
6. Data Security Growing Pains
Each tool has its own administration
! and key management
Source: enterprise Strategy Group, 2012
White Paper: Enterprise Encryption
and Key Management Strategy 6
7. Data Security Growing Pains
Issue Cost Risk
Redundancy- processes, tools, High risk of data loss or a security
Lack of standards
licenses, training breach.
No central view for risk
Redundancy- processes, tools,
No central command and control management or measurement of
licenses, training
KPIs. Increased security risk.
Multiple key management Redundancy- processes, Encryption keys
systems training exposure.
Additional/ unfamiliar tasks for Human intervention increases
Organizational misalignment
functional IT staff security risks.
! All of these issues create operational overhead and increased risk.
White Paper: Enterprise Encryption
and Key Management Strategy 7
8. Considerations for Enterprise Strategy
Transparent
Encryption must fit into existing
infrastructure and processes without
altering or affecting existing systems
and application.
Provides Executive Visibility Owned by the security team
CISO’s should be able to assess risk across Key Management responsibilities must
the enterprise at all times and keep reside with specific, trained staff
executive management informed. dedicated to this function.
White Paper: Enterprise Encryption
and Key Management Strategy 8
9. Key Enterprise Architectural Features
1
1 Central Command & 2 Distributed Policy
2
Control Enforcement
3 Tiered
3 4 Enterprise-class Key
4
Administration Management
White Paper: Enterprise Encryption
and Key Management Strategy 9
10. The Bigger Truth – The Time is Now.
“
“ “
One of your most valuable assets, sensitive data, faces an increasing level of risk
… ESG highly recommends that CISOs develop an enterprise encryption strategy
as soon as possible.
1 2
2 3 4
DEFINE ASSESS IDENTIFY AUGMENT
the ideal encryption what you have in gaps in your current current ad hoc
solution for your needs place today implementations solutions
White Paper: Enterprise Encryption
and Key Management Strategy 10
11. Enterprise Encryption and Key
Management Strategy
THE TIME IS NOW
Download ESG Whitepaper @Vormetric
Vormetric Contact:
Tina Stewart
Tina-Stewart@vormetric.com
Click - to - tweet
White Paper: Enterprise Encryption
and Key Management Strategy 11
Notas del editor
In this presentation we share key insights from EGS’s whitepaper on:Enterprise Encryption and Key Management Strategy -- The Time Is Now.This white paper was commissioned by Vormetric,and is distributed under license from ESG.
Your Business Data Is Everywhere and being accessed by everyone. And with all this unprotected data floating around, the bad guys are targeting companies for profit at alarming rates. Making the wrong decision to protect your data – big or small - can result in high costs, increased risk and executive exposure. Large organizations need an enterprise encryption strategy, and Security leaders need to assess their encryption and policies that are unique to the business.This should include central command and control, distributed policy enforcement, tiered administration, and an enterprise-class key management service. The overall goal should be transparent encryption service owned by the security team but designed to support business needs without disrupting business or IT operations.
Most large organizations have progressively increased adoption of data encryption technologies. Encryption usage is growing due to several factors, including:Increased Regulatory ComplianceIntellectual Property Protection ProtectionThe depth and breadth of Publically Disclosed Breaches
CEOs have been dragged into data security due to the rise of Advanced Persistent Threats (APTs) at organizations like Lockheed Martin, RSA Security, and Sandia National Labs. Unlike past security exploits, APTs are targeted attacks with a concrete objective: stealing your intellectual property. This is why Large Organizations Are Purchasing Data Encryption Technologies at such a significant rate.
Like many other initiatives, the use of data encryption has grown organically. Functional storage, database, applications, and server groups have unknowingly implemented data encryption technologies within their individual domains across disparate heterogeneous technologies on an ad hoc basis.
Multiple point products in an enterprise do a good job of protecting private data in isolated areas, but they don’t provide a comprehensive solution to data privacy issues across the enterprise. Additionally, ad hoc encryption and key management creates a number of increasingly troubling issues, costs and risks.
An ad hoc encryption and key management solution is no longer adequate: And most know it leads to higher costs and increased risk. So, what’s needed? An enterprise encryption and key management strategy that can extend across all sensitive data, in all formats, across the entire organization. From an organizational perspective, an enterprise encryption strategy will only work if it: • Remains transparent. • Is owned by the security team. • Provides executive-level visibility into risk management At a more fundamental level, an enterprise data security strategy must counteract the growing issues around ad hoc encryption. In other words, an enterprise encryption strategy must be designed around three objectives: streamlining operations, reducing costs, and decreasing the risk of an accidental or malicious data breach.
A true enterprise encryption architecture addresses each of the shortcomings associated with ad hoc encryption described above. it includes: Central Command & Controlwith All management policy, configuration, reporting and auditing from one central locationDistributed Policy Enforcementwith Central encryption and key management policies enforced on heterogeneous systems distributed across enterpriseTiered AdministrationwhereEnterprise and departmental level policies are implemented by security administrators and not functional IT staff.Enterprise-class Key ManagementwithCentral key management including creation, storage, rotation and revocation, designed for fault tolerance and services systems across the enterprise.
Note to large organizations: One of your most valuable assets, sensitive data, faces an increasing level of risk. Yes, you are addressing sophisticated malware threats and complying with regulations, but when it comes to data encryption, you are doing so while increasing costs and complicating IT/security operations. ESG highly recommends that CISOs develop an enterprise encryption strategy as soon as possible. To accomplish this, some simple guidelines may help: 1. Define encryption nirvana. Start with a clean slate and create an effective encryption and key management strategy for your company. 2. Assess what you have. Find out what types of encryption technologies are in place, who owns them, and how they are managed on a day-to-day basis. 3. Find gaps. Compare what you have to your ideal solution in order to identify and prioritize the holes. 4. Begin replacing or augmenting ad hoc solutions based upon data value. Select a solution that adheres to the architecture defined above.