SlideShare uma empresa Scribd logo

Securing Cloud Storage Security Guide

SafeNet
SafeNet

For many organizations, leveraging elastic, pay-as-you-go cloud services for housing exponentially expanding amounts of fi les and digital assets represents a signifi cant opportunity. However, for those enterprises that must comply with regulatory mandates or strict internal security policies, the security risks posed by keeping information in multitenant cloud storage servers can make migrating to the cloud a nonstarter. In these cloud environments, sensitive data resides on virtualized, multi-tenant storage infrastructures, which can pose signifi cant challenges from a security standpoint. How do security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of the cloud? How can organizations address mandates for separation of administrative duties, so those with super-user privileges in the cloud infrastructure can’t exploit their access rights?

1 de 4
Baixar para ler offline
Securing Cloud Storage Security Guide TRUSTED CLOUD FABRIC
Securing Securing Cloud Storage SECURITY SECURITY GUIDE DE Introduction: The Promise, and Security Obstacles, of Cloud Storage ProtectV Volume: Key For many organizations, leveraging elastic, pay-as-you-go cloud services for housing Features exponentially expanding amounts of files and digital assets represents a significant opportunity. However, for those enterprises that must comply with regulatory mandates or • Data Isolation strict internal security policies, the security risks posed by keeping information in multi- • Compliant Key Management tenant cloud storage servers can make migrating to the cloud a nonstarter. • Granular Authentication In these cloud environments, sensitive data resides on virtualized, multi-tenant storage • Multi-tenant Protection infrastructures, which can pose significant challenges from a security standpoint. How do • Separation of Duties security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of the cloud? How can organizations address mandates for separation of administrative duties, so those with super-user privileges in the cloud infrastructure can’t exploit their access rights? Securing Cloud Storage with SafeNet ProtectV Volume SafeNet offers a range of solutions that enable organizations to leverage the business benefits of cloud services, without making compromises in security. With SafeNet ProtectV Volume, organizations can leverage cloud storage for their most sensitive assets. ProtectV Volume enables security teams to encrypt entire storage volumes in remote cloud deployments, ensuring data is isolated and secured even in shared, multi-tenant environments. ProtectV Volume addresses the critical requirements needed to secure cloud storage: • Data isolation. With ProtectV Volume, security teams can logically separate volumes that hold sensitive data, so, for example, a cloud provider’s administrators can’t abuse their super-user privileges and a user with access to one volume can’t “jump” partitions and gain access to another group’s containers. • Compliant key management. ProtectV Volume offers the key management capabilities administrators need to support the logical segmentation of data, users, and groups, and enforce the policies required to ensure the confidentiality and integrity of data, so they can adhere to internal policies and external compliance mandates in the near and long term. • Granular authentication. ProtectV Volume also delivers strong pre-launch authentication, including password-based protection at the user level, to control which resources can be accessed, when, and by whom. Securing Cloud Storage Security Guide 1
• Multi-tenant protection. With its comprehensive, robust capabilities, organizations can ensure that, even in shared, multi-tenant cloud environments, administrators can have the visibility and controls they need to safeguard sensitive assets. • Separation of duties. ProtectV Volume enables security teams to separate administrative responsibilities, for example, data encryption roles can be separated from data access controls. The solution offers controls for ensuring that any one administrator can’t abuse his or her privileges. For example, using approaches like “M of N separation”, organizations can require that multiple administrators must always conduct such critical administrative tasks as policy changes and key export. In addition, ProtectV Volume offers support for strong encryption algorithms, including FIPS- approved AES 256 and 3DES, and it delivers the reporting, auditing, and logging capabilities required by PCI and many other regulatory mandates for data privacy and protection. Deployment Scenario ProtectV Volume can be used in VMware and Xen virtualized environments, as well as Amazon Web Services deployments. ProtectV Volume can be deployed in tandem with SafeNet DataSecure, an appliance-based platform that offers data encryption and granular access control capabilities. DataSecure can be applied to databases, applications, mainframe environments, and individual files, making it a comprehensive solution for enterprises. When the combined solution is deployed, DataSecure is used as the central management mechanism for cryptographic keys, security policies, and administration. DataSecure resides in the customer’s premises, so administrators can retain the control and visibility required. ProtectV Volume resides on virtualized servers and communicates with cloud storage systems, enforcing encryption protection, so that only users that have been authenticated through DataSecure will be allowed to decrypt and use information. Data On-premise ProtectV™Volume Storage Virtual Server SafeNet DataSecure® (Supplemental Security Option): • Manages file protection • Security policy enforcement • Lifecycle key management • Access control By employing the ProtectV Volume solution, organizations can retain control over sensitive assets stored in virtualized, multi-tenant cloud environments. Securing Cloud Storage Security Guide 2
Benefits of SafeNet With its unparalleled combination of robust security, flexible deployment, efficient administration, and granular control, SafeNet enables organizations to move more applications to the cloud, without making any compromises in security. With ProtectV Volume, enterprises can realize a range of benefits: • Maximize cloud storage security. With ProtectV Volume, organizations can apply policy- based controls to isolate and secure data in multi-tenant environments—and so effectively guard against an array of threats posed to sensitive assets in the cloud. • Ensure and demonstrate compliance. With its compliant key management, separation of duties, robust encryption support, and granular authentication, ProtectV Volume enables organizations to address the core requirements for ensuring data confidentiality and integrity—so they can ensure they remain compliant with a host of policies and mandates. • Maximize control. Through ProtectV Volume’s integrated authentication, security administrators can maintain control of where, when, and how instances are allowed to run, ensuring only authorized usage of cloud-based volumes. • Increase business agility. Inherently, cloud offerings enable organizations to scale or contract storage much more quickly and cost effectively than if they were relying on internally hosted infrastructures. With ProtectV Volume, organizations can leverage multi- tenant, cloud-based storage services that would have previously been off limits from a security standpoint. Consequently, ProtectV Volume provides organizations with an unparalleled ability to take advantage of the cloud’s flexibility to more quickly adapt to changing requirements. • Strengthen confidence in cloud deployments. Through its strong security and separation of duties, business management can have the confidence that sensitive data will remain secure, and that no category of users will be able to get to data without proper authorization. Part of the SafeNet Trusted Cloud Fabric ProtectV Volume is a part of the SafeNet Trusted Cloud Fabric™, a blueprint that equips organizations moving data, applications, and systems to the cloud with the trust and control they need to ensure security and compliance. SafeNet offers a modular approach that gives organizations the flexibility to migrate to the cloud in the most effective and efficient manner, and according to their specific timeframes, business objectives, and security policies. SafeNet solutions support traditional data centers, private clouds, public clouds, and hybrid cloud infrastructures. As a result, SafeNet’s Trusted Cloud Fabric gives enterprises a practical roadmap for moving into the cloud, while leveraging the same technologies they know and trust for their private data centers. With the SafeNet Trusted Cloud Fabric, enterprises sustain optimal security—while fully leveraging the breakthrough agility, elasticity, and efficiencies offered by the cloud. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. ScG (EN)-02.01.11 Securing Cloud Storage Security Guide 3

Recomendados

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Cloud Storage System
Cloud Storage SystemCloud Storage System
Cloud Storage SystemCommunication Management
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 

Recomendados

Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilityNot Going Quietly: Gracefully Losing Control & Adapting to Cloud and Mobility
Not Going Quietly: Gracefully Losing Control & Adapting to Cloud and MobilitySafeNet
 
Authentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webAuthentication_Best_Practices_WP(EN)_web
Authentication_Best_Practices_WP(EN)_webSafeNet
 
Cloud Storage System
Cloud Storage SystemCloud Storage System
Cloud Storage SystemCommunication Management
 
Building Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesBuilding Trust into eInvoicing: Key Requirements and Strategies
Building Trust into eInvoicing: Key Requirements and StrategiesSafeNet
 
eIDAS Reference Guide
eIDAS Reference GuideeIDAS Reference Guide
eIDAS Reference GuideSafeNet
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
Whose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlWhose Cloud Is It Anyway: Exploring Data Security Ownership and Control
Whose Cloud Is It Anyway: Exploring Data Security Ownership and ControlSafeNet
 
Cyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldCyber Security Management in a Highly Innovative World
Cyber Security Management in a Highly Innovative WorldSafeNet
 
ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 

Mais conteúdo relacionado

Mais de SafeNet

ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudSafeNet
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelSafeNet
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeNet
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsSafeNet
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSafeNet
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...SafeNet
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...SafeNet
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...SafeNet
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementSafeNet
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessSafeNet
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetSafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...SafeNet
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesSafeNet
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementSafeNet
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSafeNet
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementSafeNet
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...SafeNet
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSafeNet
 

Mais de SafeNet (20)

ProtectV - Data Security for the Cloud
ProtectV - Data Security for the CloudProtectV - Data Security for the Cloud
ProtectV - Data Security for the Cloud
 
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business ModelCloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
Cloud Monetization: A Step-by-Step Guide to Optimizing Your SaaS Business Model
 
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
SafeWord 2008 Migration Bundle Building a Fully Trusted Authentication Enviro...
 
A Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise ApplicationsA Single Strong Authentication Platform for Cloud and On-Premise Applications
A Single Strong Authentication Platform for Cloud and On-Premise Applications
 
Securing Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security GuideSecuring Digital Identities and Transactions in the Cloud Security Guide
Securing Digital Identities and Transactions in the Cloud Security Guide
 
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
Securing Network-Attached HSMs: The SafeNet Luna SA Three-Layer Authenticatio...
 
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
Introduction to PKI & SafeNet Luna Hardware Security Modules with Microsoft W...
 
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
Cloud Computing and the Federal Government: Maximizing Trust Supporting the M...
 
Hardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk ManagementHardware Security Modules: Critical to Information Risk Management
Hardware Security Modules: Critical to Information Risk Management
 
Strong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling BusinessStrong Authentication: Securing Identities and Enabling Business
Strong Authentication: Securing Identities and Enabling Business
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNetPayment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
Payment Card Security: 12-Steps to Meeting PCI-DSS Compliance with SafeNet
 
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
E-Passport: Deploying Hardware Security Modules to Ensure Data Authenticity a...
 
SafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server EncryptionSafeNet DataSecure vs. Native SQL Server Encryption
SafeNet DataSecure vs. Native SQL Server Encryption
 
Building Trust into DNS: Key Strategies
Building Trust into DNS: Key StrategiesBuilding Trust into DNS: Key Strategies
Building Trust into DNS: Key Strategies
 
Charting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key ManagementCharting Your Path to Enterprise Key Management
Charting Your Path to Enterprise Key Management
 
Secure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the WebSecure PIN Management How to Issue and Change PINs Securely over the Web
Secure PIN Management How to Issue and Change PINs Securely over the Web
 
An Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key ManagementAn Enterprise Guide to Understanding Key Management
An Enterprise Guide to Understanding Key Management
 
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
4 Steps to Financial Data Security Compliance Technologies to Help Your Finan...
 
Securing the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMsSecuring the Smart Grid with SafeNet HSMs
Securing the Smart Grid with SafeNet HSMs
 

Securing Cloud Storage Security Guide

  • 2. Securing Securing Cloud Storage SECURITY SECURITY GUIDE DE Introduction: The Promise, and Security Obstacles, of Cloud Storage ProtectV Volume: Key For many organizations, leveraging elastic, pay-as-you-go cloud services for housing Features exponentially expanding amounts of files and digital assets represents a significant opportunity. However, for those enterprises that must comply with regulatory mandates or • Data Isolation strict internal security policies, the security risks posed by keeping information in multi- • Compliant Key Management tenant cloud storage servers can make migrating to the cloud a nonstarter. • Granular Authentication In these cloud environments, sensitive data resides on virtualized, multi-tenant storage • Multi-tenant Protection infrastructures, which can pose significant challenges from a security standpoint. How do • Separation of Duties security organizations ensure sensitive data isn’t inadvertently exposed to other tenants of the cloud? How can organizations address mandates for separation of administrative duties, so those with super-user privileges in the cloud infrastructure can’t exploit their access rights? Securing Cloud Storage with SafeNet ProtectV Volume SafeNet offers a range of solutions that enable organizations to leverage the business benefits of cloud services, without making compromises in security. With SafeNet ProtectV Volume, organizations can leverage cloud storage for their most sensitive assets. ProtectV Volume enables security teams to encrypt entire storage volumes in remote cloud deployments, ensuring data is isolated and secured even in shared, multi-tenant environments. ProtectV Volume addresses the critical requirements needed to secure cloud storage: • Data isolation. With ProtectV Volume, security teams can logically separate volumes that hold sensitive data, so, for example, a cloud provider’s administrators can’t abuse their super-user privileges and a user with access to one volume can’t “jump” partitions and gain access to another group’s containers. • Compliant key management. ProtectV Volume offers the key management capabilities administrators need to support the logical segmentation of data, users, and groups, and enforce the policies required to ensure the confidentiality and integrity of data, so they can adhere to internal policies and external compliance mandates in the near and long term. • Granular authentication. ProtectV Volume also delivers strong pre-launch authentication, including password-based protection at the user level, to control which resources can be accessed, when, and by whom. Securing Cloud Storage Security Guide 1
  • 3. • Multi-tenant protection. With its comprehensive, robust capabilities, organizations can ensure that, even in shared, multi-tenant cloud environments, administrators can have the visibility and controls they need to safeguard sensitive assets. • Separation of duties. ProtectV Volume enables security teams to separate administrative responsibilities, for example, data encryption roles can be separated from data access controls. The solution offers controls for ensuring that any one administrator can’t abuse his or her privileges. For example, using approaches like “M of N separation”, organizations can require that multiple administrators must always conduct such critical administrative tasks as policy changes and key export. In addition, ProtectV Volume offers support for strong encryption algorithms, including FIPS- approved AES 256 and 3DES, and it delivers the reporting, auditing, and logging capabilities required by PCI and many other regulatory mandates for data privacy and protection. Deployment Scenario ProtectV Volume can be used in VMware and Xen virtualized environments, as well as Amazon Web Services deployments. ProtectV Volume can be deployed in tandem with SafeNet DataSecure, an appliance-based platform that offers data encryption and granular access control capabilities. DataSecure can be applied to databases, applications, mainframe environments, and individual files, making it a comprehensive solution for enterprises. When the combined solution is deployed, DataSecure is used as the central management mechanism for cryptographic keys, security policies, and administration. DataSecure resides in the customer’s premises, so administrators can retain the control and visibility required. ProtectV Volume resides on virtualized servers and communicates with cloud storage systems, enforcing encryption protection, so that only users that have been authenticated through DataSecure will be allowed to decrypt and use information. Data On-premise ProtectV™Volume Storage Virtual Server SafeNet DataSecure® (Supplemental Security Option): • Manages file protection • Security policy enforcement • Lifecycle key management • Access control By employing the ProtectV Volume solution, organizations can retain control over sensitive assets stored in virtualized, multi-tenant cloud environments. Securing Cloud Storage Security Guide 2
  • 4. Benefits of SafeNet With its unparalleled combination of robust security, flexible deployment, efficient administration, and granular control, SafeNet enables organizations to move more applications to the cloud, without making any compromises in security. With ProtectV Volume, enterprises can realize a range of benefits: • Maximize cloud storage security. With ProtectV Volume, organizations can apply policy- based controls to isolate and secure data in multi-tenant environments—and so effectively guard against an array of threats posed to sensitive assets in the cloud. • Ensure and demonstrate compliance. With its compliant key management, separation of duties, robust encryption support, and granular authentication, ProtectV Volume enables organizations to address the core requirements for ensuring data confidentiality and integrity—so they can ensure they remain compliant with a host of policies and mandates. • Maximize control. Through ProtectV Volume’s integrated authentication, security administrators can maintain control of where, when, and how instances are allowed to run, ensuring only authorized usage of cloud-based volumes. • Increase business agility. Inherently, cloud offerings enable organizations to scale or contract storage much more quickly and cost effectively than if they were relying on internally hosted infrastructures. With ProtectV Volume, organizations can leverage multi- tenant, cloud-based storage services that would have previously been off limits from a security standpoint. Consequently, ProtectV Volume provides organizations with an unparalleled ability to take advantage of the cloud’s flexibility to more quickly adapt to changing requirements. • Strengthen confidence in cloud deployments. Through its strong security and separation of duties, business management can have the confidence that sensitive data will remain secure, and that no category of users will be able to get to data without proper authorization. Part of the SafeNet Trusted Cloud Fabric ProtectV Volume is a part of the SafeNet Trusted Cloud Fabric™, a blueprint that equips organizations moving data, applications, and systems to the cloud with the trust and control they need to ensure security and compliance. SafeNet offers a modular approach that gives organizations the flexibility to migrate to the cloud in the most effective and efficient manner, and according to their specific timeframes, business objectives, and security policies. SafeNet solutions support traditional data centers, private clouds, public clouds, and hybrid cloud infrastructures. As a result, SafeNet’s Trusted Cloud Fabric gives enterprises a practical roadmap for moving into the cloud, while leveraging the same technologies they know and trust for their private data centers. With the SafeNet Trusted Cloud Fabric, enterprises sustain optimal security—while fully leveraging the breakthrough agility, elasticity, and efficiencies offered by the cloud. About SafeNet Founded in 1983, SafeNet is a global leader in information security. SafeNet protects its customers’ most valuable assets, including identities, transactions, communications, data and software licensing, throughout the data lifecycle. More than 25,000 customers across both commercial enterprises and government agencies and in over 100 countries trust their information security needs to SafeNet. Contact Us: For all office locations and contact information, please visit www.safenet-inc.com Follow Us: www.safenet-inc.com/connected ©2011 SafeNet, Inc. All rights reserved. SafeNet and SafeNet logo are registered trademarks of SafeNet. All other product names are trademarks of their respective owners. ScG (EN)-02.01.11 Securing Cloud Storage Security Guide 3