Data Protection in 2016 - Top 5 Use Cases2. 2
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Welcome
▌Today’s outlook
▌How Hardware Security Modules will help secure the future
▌Top 5 Use Cases for Hardware Security Modules
▌Further resources
3. 3
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Today’s reality: targeted and successful data breaches
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/
4. 4
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Many Connected “Things”
▌ 6.4B Connected "Things" will be in use in 2016
Up 30% from 2015
▌ Manufacturers must secure the data that connected devices are sharing
Robust device authentication & data protection will be crucial
Public Key Infrastructures will play strong role
Source: Gartner, http://www.gartner.com/newsroom/id/3165317
Thales Blog post: “How
to safeguard your data in
the age of the
Vulnerability of Things”
5. 5
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Security Trends
Today’senvironment
Continual cyber attacks
New data privacy regulations
Connected everything
Mobile payments on the rise
7. 7
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Hardware Security Modules provide utmost security
▌What’s the best way to protect your organization’s sensitive data in
today’s highly connected world?
More companies than ever are turning to Hardware Security Modules (HSMs)
Un-paralleled protection of cryptographic operations
Manage encryption keys, digital signatures, and more, within tamper-resistant
hardware devices.
8. 8
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
HSMs: certified platform for trust management
▌ What are HSMs?
Hardened, tamper-resistant devices
isolated from host environment
Alternative to software crypto
libraries
▌ What do HSMs do?
Secure cryptographic operations
Protect cryptographic keys
Enforce policy over use of keys
Business Application Application Data
Encrypted/decrypted or
signed data
Data to be signed,
encrypted/decrypted
HSM security boundary
HSM Application Keys inside
security boundary
Secure crypto
processing
engine
9. 9
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
The nShield HSM family
nShield Connect
Network attached appliance
Shared crypto resource
High-volume transactions
High availability
nShield Solo
Server-embedded card
Dedicated processing
Compact PCIe design
Certified implementations of all leading algorithms
nShield HSMs are FIPS 140-2 Level 3 certified
Market leading platform for trusted applications
nShield Edge
Portable HSM
Small footprint
USB interface
10. 10
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
How are organizations using HSMs today?
PKIs
Custom
applications
Digital
signing
SSL
Code signing
11. 11
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
#1 Use case: PKIs
▌ Public Key Infrastructures (PKIs)
61% of customers surveyed said PKI was their main HSM application
Average PKI supports seven enterprise applications
▌ PKI use growing
Rise of cloud and mobile
Devices, applications, and “things” require credentialing and a secure way to
communicate
12. 12
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
PKI use cases
Digital Cinema
Authentication between
playback devices and
servers, content
encryption, watermarking
Manufacturing
Unique identities &
device authenticity to
prevent counterfeiting,
IoT
Polycom
Case Study
PRIMA CINEMA
Case Study
13. 13
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
#2: Custom Applications
▌ It’s not just data… Applications need to be protected too
Protecting sensitive applications is critical for safeguarding IP
Running applications within a protected environment is increasingly popular as
more mission-critical apps handle sensitive data
In 2016, we expect to see more organizations moving sensitive algorithms off their
application servers and executing them inside the FIPS boundary of an HSM.
Thales’s CodeSafe runs apps inside HSMs
14. 14
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
bitcoin
▌ Critical trust challenge
Keys must be protected and stored in a secure location. Because transactions are
anonymous and non-reversible, they are vulnerable to theft. If stolen, they are
pretty much untraceable.
▌ HSMs offer
Private key protection
Key derivation
Multi-signature capability for dual control
bitcoin basics
Users record transactions in an open “ledger”
Ledger consists of a “blockchain” of transaction data
To send a bitcoin, you need
• A private key from which a public key is derived
• A bitcoin address
• A wallet for your private key
Blockchain experts
Thales partner
15. 15
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
#3 Digital Signing
▌ 26% of customers cite digital signing as the primary HSM use case
▌ Popular application is signing barcodes used in electronic transactions
Examples include e-tickets for sporting events or airlines
▌ In 2016, we expect to see digital signing to rise
New regulations
Increasing adoption of cloud-based signing models, where signing keys are protected,
stored and managed on behalf of the signer by a cloud provider
e-Ticketing
Securing e-Tickets
Data such as loyalty numbers can be extracted from
barcodes
Signing barcodes with cryptographic keys helps ensure
integrity
Digital signature keys managed in HSMs
16. 16
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
#4 SSL
▌26% of our customers use HSMs for SSL
▌Poised to grow in 2016
▌Rising use of application delivery controllers (ADCs) driving
HSM adoption
Security of keys
Performance demands of networking environment in today’s world of
web applications and cloud-based services
17. 17
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
SSL Use Case
DNS
InternetInternet
SSL
SSL
SSL
SSL
SSL
SSL
SSL
WebAddress
IPAddress
Application Delivery Controllers (ADCs) balance
traffic while HSMs protect keys.
ADCs
Servers
Hosting applications
HSMs
18. 18
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
#5 Code Signing
▌ Lessons from attacks like Stuxnet and Duqu
Attackers who steal an organization’s private signing keys can replace legit code with
malware both malware installation plus identity fraud
▌ Not just a problem for companies producing software
Banks who develop mobile apps
Manufacturers who produce control systems for cars
Media providers that need to control access to content
With such a variety of organizations now at risk, more will look toward HSMs to help
authenticate code.
20. 20
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Faster! Bigger!
▌Thales introduces nShield XC Solo & Connect HSMs
Accelerated transactions
Best in class Elliptic Curve Cryptography (ECC)
More room for customer apps run in HSM boundaries using
CodeSafe, unique Thales feature
21. 21
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
XC Benefits
More Powerful Apps
nShield XC expands
memory, letting our
customers run larger and
more powerful apps in
CodeSafe.
Fastest ECC = Versatility
nShield supports the fastest
ECC transactions of any HSM
on the market. Ideal for
helping secure variety of
apps including emerging IoT.
Speed + Volume
nShield XC helps our
customers manage
crypto keys and sign
apps at higher rates.
ECC, one of today’s
most efficient security
algorithms, is favored where low
power consumption is crucial.
22. 22
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Why THALES e-Security?
Summary
▌Solutions for 2016 and beyond
Secure increasingly important PKIs partnering with Thales experts
Protect custom applications in unique run-time environment within secure
HSM boundary (CodeSafe)
Benefit from experience from hundreds of use cases across traditional,
virtualized, and cloud-based environments
▌Outstanding global support and services to help you succeed
23. 23
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Resources and questions
▌ Resources referenced in this webcast
www.thales-esecurity.com
Blog post: How to safeguard your data in the age of the Vulnerability of Things
www.thales-esecurity.com/blogs/2016/february/safeguarding-your-data
PRIMA CINEMA case study:
www.thales-esecurity.com/knowledge-base/case-studies/prima-cinema
Polycom case study:
www.thales-esecurity.com/knowledge-base/case-studies/polycom
▌ Next Thales e-Security webcast
Global Encryption Trends
10 A.M. ET on March 23, 2016
Thank you!
Editor's Notes 7 10 11 12 13 14 15 16 17 18 19 20 21 22 23