SlideShare uma empresa Scribd logo

IBM Cloud Data Encryption Services

Isabel Sanz
Isabel Sanz

Los ataques ocurren, cada dia. Es un factor que no podemos controlar, lo que sí está en nuestras manos es intentar tener nuestro entorno en la nube, protegido en todos los niveles posibles.

Tecnologia
1 de 16
Baixar para ler offline
© IBM Corporation 1 Presented by: IBM Cloud Data Encryption Services Software-defined data protection with built-in fault tolerance Isabel Sanz Isabel.sanz@ie.ibm.com
© IBM Corporation 2 text The number of hacks and data breaches are growing every year. Over 2 million the number of records compromised in cyber attacks daily1 205 the number of days before a breach is detected4 49 the percentage of data breaches that occur due to criminal attacks3 429 the number of cyber breaches that happen every week5 12014 Data Breach Trends, Risk Based Security Open Security Foundation, February 2015 2,32015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2015 4 M-Trends 2015: A View from the Front Lines, Mandiant 2015 5 2014 Global Report on the Cost of Cyber Crime, Ponemon Institute, October 2014 More than 3.8 million USD the cost to recover from a cyber breach2
© IBM Corporation 3 © IBM Corporation 3 Security remains the primary barrier to cloud adoption.1 Nearly 50% think security is a barrier to cloud adoption, while 41% feel the related issues of data loss and leakage risks are impediments.2 1, 3Cloud Adoption Practices & Priorities Survey Report, Cloud Security Alliance, January 2015 2 The LinkedIn Cloud Security Spotlight report, 2015 61% of companies think that security of data in the cloud is an executive or board-level concern.3
© IBM Corporation 4 text How do we prepare ourselves: Key questions… – Are you worried about failing to meet Compliance requirement for data security? – Are you struggling to keep up with scaling your IT infrastructure in house? – Are you worried about the wrong people gaining access to your data? – Do you think any of your data has even been stolen/hacked? – Have you ever lost access to your data?
© IBM Corporation 5 text How do we prepare ourselves… IBM Cloud Data Encryption Services (ICDES) is data protection that goes well beyond traditional security products to safeguard your data even when your network protection fails IBM Cloud Data Encryption Services Software defined data protection
© IBM Corporation 6 text Addressing main pillars of the data protection with ICDES ICDES PRIVACY AND INTEGRITY
© IBM Corporation 7 text What’s Inside ICDES – SPx™ Cryptographic Splitting “M of N” Resiliency for Fault Tolerance 10010101110 01000011010 01010100001 101011 000110 101000 AES-256-GCM Encryption & Integrity Checks f8^w#DATA IN IDA Random Cryptographic Splitting (f8^w#) is 100010100 101101010 101011 000110 101000 Share 1 Share 2 Share 3 Server Key Write Cryptographically Split Data and Keys to Shares Workgroup Key Encryption & Integrity Checks Cryptographic Splitting
© IBM Corporation 8 text Server Key – Created at initial configuration of ICDES on server • Stored on separate server or in external keystore with config file • Must be present at time of boot (key location in config) and is stored in RAM • Server Key used to encrypt / decrypt / split Workgroup Key Workgroup Key – Each top level directory is protected by the software automatically, and gets its own key • Workgroup Key is stored in the internal ICDES File System Keystore. • Workgroup Key is used to encrypt internally generated file keys every time a file is written. File Keys – A File Key is created when the data is encrypted (AES-256-GCM) and another for IDA Randomization IDAAES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Encrypted AES File Key Encrypted IDA File Key Encrypted File Keys are split and wrapped with data by Workgroup Key DATA # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @ # # # ! # # & # # # $ # # # #! # # @ # # # # ? # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Workgroup Key is encrypted and split using Perfect Secret Sharing Cryptographically split data shares and keys sent to Storage Simplified Key Manager
© IBM Corporation 9 text IBM Cloud Data Encryption Services: 3 different models
© IBM Corporation 10 text IBM Cloud Data Encryption Services: 3 different models – Secure provides you with: • Encryption and cryptographic splitting Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds
© IBM Corporation 11 text IBM Cloud Data Encryption Services: 3 different models – Advanced secure provides you with: • Encryption and cryptographic splitting • Resiliency for fault tolerance • High availability – “always on” Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds M<N
© IBM Corporation 12 text IBM Cloud Data Encryption Services: 3 different models – Advanced multisite provides you with: • Encryption and cryptographic splitting • Resiliency for fault tolerance • High availability – “always on” • Multisite resiliency (disaster recovery) Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds
© IBM Corporation 13 text ICDES Pricing $20 / month per core (based in usage) $50 / month per core (based in usage) $35 / month per core (based in usage) Try for 30 Days Try for 30 Days Try for 30 Days Install it everywhere:
© IBM Corporation 14 text IBM Cloud Data Encryption Services is designed to be easy to install and use. PURCHASE ICDES Advanced Secure DOWNLOAD IBMCLOUD Marketplace 2 of 4 /share1 /share2 /share3 /share4 CONFIGURE START PROTECTING DATA DATA PROTECTED DIRECTORY Share 1 Share 2 Share 3 Share 4 Step 1 Step 2 Step 3Install and begin protecting your data in three simple steps.
© IBM Corporation 15 text Why IBM Cloud Data Encryption Services delivers robust data protection – Ground-breaking data security technology • Designed to provide data-centric, file-level protection • Helps safeguard data even when network protection fails • Combines security-rich data encryption and cryptographic splitting – Easier management of regulatory requirements • Helps manage compliance for HIPAA, HITECH, FISMA, Sarbanes-Oxley and PCI DSS more effectively1 • FIPS 140-2 certified2 – Data resiliency added at server edge • Allows for simplified architecture • Supports a reduced-cost high availability and disaster recovery (HA and DR) architecture – Helps reduce overall storage costs • Helps reduce copies of data needed for HA and DR • Helps eliminate need for expensive bulk key storage 1Health Insurance Portability and Accountability Act of 1996 (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Federal Information Security Management Act of 2002 (FISMA); Payment Card Industry Data Security Standard (PCI DSS) 2Federal Information Processing Standard (FIPS)
© IBM Corporation 16 text ICDES Support – ICDES Support details: • If additional information is needed, please contact: Isabel Sanz Isabel.sanz@ie.ibm.com Skype: Isabel_sanz_garces

Recomendados

ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXSamsung Biz Mobile
 
Samsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung Biz Mobile
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Marco Dal Pino
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec UbiquitySymantec
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
 
Anti theft file protection
Anti theft file protectionAnti theft file protection
Anti theft file protectionDaniel Aparicio
 

Recomendados

ESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET is introducing its brand new product ESET Secure Authentication
ESET is introducing its brand new product ESET Secure AuthenticationESET
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXSamsung Biz Mobile
 
Samsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung KNOX - The Most Secure Android Solution
Samsung KNOX - The Most Secure Android SolutionSamsung Biz Mobile
 
Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Build an azure connected io t device in 45 minutes (or less)
Build an azure connected io t device in 45 minutes (or less)Marco Dal Pino
 
ESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET: Delivering Benefits to Enterprises
ESET: Delivering Benefits to EnterprisesESET
 
Symantec Ubiquity
Symantec UbiquitySymantec Ubiquity
Symantec UbiquitySymantec
 
ESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET: #DoMore With Our Comprehensive Range of Business Products
ESET: #DoMore With Our Comprehensive Range of Business ProductsESET
 
Anti theft file protection
Anti theft file protectionAnti theft file protection
Anti theft file protectionDaniel Aparicio
 
Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intuneManishKumar959920
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6Knowledge & Experience
 
iTwin Technology
iTwin TechnologyiTwin Technology
iTwin TechnologyIRJET Journal
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Mirco Vanini
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationAriel Martin Beliera
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Symantec
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
14 572
14 57214 572
14 572Chaitanya Ram
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung at Work
 
Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aTony Pearson
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 

Mais conteúdo relacionado

Mais procurados

Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608aljapaco
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesDr. Rajesh P Barnwal
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancementsNarenda Wicaksono
 
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6Knowledge & Experience
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Mirco Vanini
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationAriel Martin Beliera
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKirill Kertsenbaum
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereMirco Vanini
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMSkycure
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Symantec
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONGS CHO
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochureSherief Razzaque
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Skycure
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung at Work
 

Mais procurados (20)

Is Security Optional20100608
Is Security Optional20100608Is Security Optional20100608
Is Security Optional20100608
 
Symantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility StrategySymantec Advances Enterprise Mobility Strategy
Symantec Advances Enterprise Mobility Strategy
 
Cloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research ChallengesCloud security: Industry Trends and Research Challenges
Cloud security: Industry Trends and Research Challenges
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
 
Windows 7 security enhancements
Windows 7 security enhancementsWindows 7 security enhancements
Windows 7 security enhancements
 
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
Microsot Azure IoT Security for IoT ALGYAN Tech Seminar 2020/2/6
 
iTwin Technology
iTwin TechnologyiTwin Technology
iTwin Technology
 
Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?Are you ready for Microsoft Azure Sphere?
Are you ready for Microsoft Azure Sphere?
 
Introducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for VirtualizationIntroducing Kaspersky Security for Virtualization
Introducing Kaspersky Security for Virtualization
 
Kaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISHKaspersky Endpoint Security and Control - ENGLISH
Kaspersky Endpoint Security and Control - ENGLISH
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012Symantec Virtualization Launch VMworld 2012
Symantec Virtualization Launch VMworld 2012
 
IoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure SphereIoT Day - Introducing Azure Sphere
IoT Day - Introducing Azure Sphere
 
How to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMMHow to Add Advanced Threat Defense to Your EMM
How to Add Advanced Threat Defense to Your EMM
 
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
Simplifying Security for SMBs: Introducing Symantec Endpoint Protection Small...
 
KASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATIONKASPERSKY SECURITY CENTER IMPLEMENTATION
KASPERSKY SECURITY CENTER IMPLEMENTATION
 
14 572
14 57214 572
14 572
 
Samsung and Android Security brochure
Samsung and Android Security brochureSamsung and Android Security brochure
Samsung and Android Security brochure
 
Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability Accessibility Clickjacking, Devastating Android Vulnerability
Accessibility Clickjacking, Devastating Android Vulnerability
 
Samsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise MobilitySamsung KNOX: The Game Changer for Enterprise Mobility
Samsung KNOX: The Game Changer for Enterprise Mobility
 

Semelhante a IBM Cloud Data Encryption Services

Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aTony Pearson
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Tony Pearson
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cTony Pearson
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewSteven Russo
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMLuigi Perrone
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco ITSitio.com
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityInternap
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overviewMark Argent
 
120019_top5_security
120019_top5_security120019_top5_security
120019_top5_securityJessica Hirst
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET Journal
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudAmazon Web Services
 
Secure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteSecure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteMike Brannon
 
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...IRJET Journal
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET Journal
 

Semelhante a IBM Cloud Data Encryption Services (20)

Z111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910aZ111806 strengthen-security-sydney-v1910a
Z111806 strengthen-security-sydney-v1910a
 
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
Strengthen your security posture! Getting started with IBM Z Pervasive Encryp...
 
Z110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909cZ110932 strengthen-security-jburg-v1909c
Z110932 strengthen-security-jburg-v1909c
 
CertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed OverviewCertainSafe MicroTokenization Technology Detailed Overview
CertainSafe MicroTokenization Technology Detailed Overview
 
Come gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLMCome gestire l'encryption dei dati con SKLM
Come gestire l'encryption dei dati con SKLM
 
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
Data Con LA 2019 - Securing IoT Data with Pervasive Encryption by Eysha Shirr...
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco #ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
#ITSitioEnRSA - Presentacion de Jeef Reed de Cisco
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
Sklm webinar
Sklm webinarSklm webinar
Sklm webinar
 
Confidential Computing overview
Confidential Computing overviewConfidential Computing overview
Confidential Computing overview
 
120019_top5_security
120019_top5_security120019_top5_security
120019_top5_security
 
IRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under DrivehqIRJET- Data Security in Cloud Computing through AES under Drivehq
IRJET- Data Security in Cloud Computing through AES under Drivehq
 
Using the Cloud
Using the CloudUsing the Cloud
Using the Cloud
 
EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review EMC Symmetrix Data at Rest Encryption - Detailed Review
EMC Symmetrix Data at Rest Encryption - Detailed Review
 
Maintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the CloudMaintaining Trust & Control of your Data in the Cloud
Maintaining Trust & Control of your Data in the Cloud
 
Secure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 CharlotteSecure Your Cloud Migration - Secureworld 2019 Charlotte
Secure Your Cloud Migration - Secureworld 2019 Charlotte
 
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
Execution Analysis of Different Cryptographic Encryption Algorithms on Differ...
 
IRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on CloudIRJET-Domain Data Security on Cloud
IRJET-Domain Data Security on Cloud
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

IBM Cloud Data Encryption Services

  • 1. © IBM Corporation 1 Presented by: IBM Cloud Data Encryption Services Software-defined data protection with built-in fault tolerance Isabel Sanz Isabel.sanz@ie.ibm.com
  • 2. © IBM Corporation 2 text The number of hacks and data breaches are growing every year. Over 2 million the number of records compromised in cyber attacks daily1 205 the number of days before a breach is detected4 49 the percentage of data breaches that occur due to criminal attacks3 429 the number of cyber breaches that happen every week5 12014 Data Breach Trends, Risk Based Security Open Security Foundation, February 2015 2,32015 Cost of Data Breach Study: Global Analysis, Ponemon Institute, May 2015 4 M-Trends 2015: A View from the Front Lines, Mandiant 2015 5 2014 Global Report on the Cost of Cyber Crime, Ponemon Institute, October 2014 More than 3.8 million USD the cost to recover from a cyber breach2
  • 3. © IBM Corporation 3 © IBM Corporation 3 Security remains the primary barrier to cloud adoption.1 Nearly 50% think security is a barrier to cloud adoption, while 41% feel the related issues of data loss and leakage risks are impediments.2 1, 3Cloud Adoption Practices & Priorities Survey Report, Cloud Security Alliance, January 2015 2 The LinkedIn Cloud Security Spotlight report, 2015 61% of companies think that security of data in the cloud is an executive or board-level concern.3
  • 4. © IBM Corporation 4 text How do we prepare ourselves: Key questions… – Are you worried about failing to meet Compliance requirement for data security? – Are you struggling to keep up with scaling your IT infrastructure in house? – Are you worried about the wrong people gaining access to your data? – Do you think any of your data has even been stolen/hacked? – Have you ever lost access to your data?
  • 5. © IBM Corporation 5 text How do we prepare ourselves… IBM Cloud Data Encryption Services (ICDES) is data protection that goes well beyond traditional security products to safeguard your data even when your network protection fails IBM Cloud Data Encryption Services Software defined data protection
  • 6. © IBM Corporation 6 text Addressing main pillars of the data protection with ICDES ICDES PRIVACY AND INTEGRITY
  • 7. © IBM Corporation 7 text What’s Inside ICDES – SPx™ Cryptographic Splitting “M of N” Resiliency for Fault Tolerance 10010101110 01000011010 01010100001 101011 000110 101000 AES-256-GCM Encryption & Integrity Checks f8^w#DATA IN IDA Random Cryptographic Splitting (f8^w#) is 100010100 101101010 101011 000110 101000 Share 1 Share 2 Share 3 Server Key Write Cryptographically Split Data and Keys to Shares Workgroup Key Encryption & Integrity Checks Cryptographic Splitting
  • 8. © IBM Corporation 8 text Server Key – Created at initial configuration of ICDES on server • Stored on separate server or in external keystore with config file • Must be present at time of boot (key location in config) and is stored in RAM • Server Key used to encrypt / decrypt / split Workgroup Key Workgroup Key – Each top level directory is protected by the software automatically, and gets its own key • Workgroup Key is stored in the internal ICDES File System Keystore. • Workgroup Key is used to encrypt internally generated file keys every time a file is written. File Keys – A File Key is created when the data is encrypted (AES-256-GCM) and another for IDA Randomization IDAAES # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Encrypted AES File Key Encrypted IDA File Key Encrypted File Keys are split and wrapped with data by Workgroup Key DATA # # # # # # # # # # # # # # # # # # # # # # # # # # # # # @ # # # ! # # & # # # $ # # # #! # # @ # # # # ? # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # Workgroup Key is encrypted and split using Perfect Secret Sharing Cryptographically split data shares and keys sent to Storage Simplified Key Manager
  • 9. © IBM Corporation 9 text IBM Cloud Data Encryption Services: 3 different models
  • 10. © IBM Corporation 10 text IBM Cloud Data Encryption Services: 3 different models – Secure provides you with: • Encryption and cryptographic splitting Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds
  • 11. © IBM Corporation 11 text IBM Cloud Data Encryption Services: 3 different models – Advanced secure provides you with: • Encryption and cryptographic splitting • Resiliency for fault tolerance • High availability – “always on” Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds M<N
  • 12. © IBM Corporation 12 text IBM Cloud Data Encryption Services: 3 different models – Advanced multisite provides you with: • Encryption and cryptographic splitting • Resiliency for fault tolerance • High availability – “always on” • Multisite resiliency (disaster recovery) Management Console covering ICDES usage at: SoftLayer® IBM OpenStack Customer data center Competitor clouds
  • 13. © IBM Corporation 13 text ICDES Pricing $20 / month per core (based in usage) $50 / month per core (based in usage) $35 / month per core (based in usage) Try for 30 Days Try for 30 Days Try for 30 Days Install it everywhere:
  • 14. © IBM Corporation 14 text IBM Cloud Data Encryption Services is designed to be easy to install and use. PURCHASE ICDES Advanced Secure DOWNLOAD IBMCLOUD Marketplace 2 of 4 /share1 /share2 /share3 /share4 CONFIGURE START PROTECTING DATA DATA PROTECTED DIRECTORY Share 1 Share 2 Share 3 Share 4 Step 1 Step 2 Step 3Install and begin protecting your data in three simple steps.
  • 15. © IBM Corporation 15 text Why IBM Cloud Data Encryption Services delivers robust data protection – Ground-breaking data security technology • Designed to provide data-centric, file-level protection • Helps safeguard data even when network protection fails • Combines security-rich data encryption and cryptographic splitting – Easier management of regulatory requirements • Helps manage compliance for HIPAA, HITECH, FISMA, Sarbanes-Oxley and PCI DSS more effectively1 • FIPS 140-2 certified2 – Data resiliency added at server edge • Allows for simplified architecture • Supports a reduced-cost high availability and disaster recovery (HA and DR) architecture – Helps reduce overall storage costs • Helps reduce copies of data needed for HA and DR • Helps eliminate need for expensive bulk key storage 1Health Insurance Portability and Accountability Act of 1996 (HIPAA); Health Information Technology for Economic and Clinical Health Act (HITECH); Federal Information Security Management Act of 2002 (FISMA); Payment Card Industry Data Security Standard (PCI DSS) 2Federal Information Processing Standard (FIPS)
  • 16. © IBM Corporation 16 text ICDES Support – ICDES Support details: • If additional information is needed, please contact: Isabel Sanz Isabel.sanz@ie.ibm.com Skype: Isabel_sanz_garces