History, Heresy & The Future of Data Encryption Martin Hellman Professor Emeritus, Stanford University Co-Inventor of Public Key Cryptography Michael Callahan CMO and VP, CREDANT Gretchen Hellman VP of Marketing and Product Management, Vormetric
Agenda • The State of Encryption Today • Historical Perspective: The Inside Story on Inventing Public Key Cryptography • Psychology, Risk and Encryption • What Works in Cryptography • CREDANT and Vormetric: Changing Perceptions in Cryptography
The Business Problem Internet Cafe Employee Transit Patient Records Prospect List Customer Credit Card Information Social Security Numbers Home Site Classified Government Intellectual Property Information Airport Contractor Partner Office ALL Sensitive Corporate Data Data Center 3
Compliance Regulations Expanding • Data Compliance Laws are Driving the Market Many National Laws/Initiatives/Acts/Programs • HIPAA, PCI, GLBA, SOX, FISMA, BITS 44 states, DC, Puerto Rico and the Virgin Islands have laws* States with no law yet • Alabama, Kentucky, Mississippi, Missouri, New Mexico and South Dakota 4
Why aren’t all Enterprises Encrypting? Perception of encryption is behind advances in technology Perception - History Reality - State of the Art Hard Easy Expensive Economical Transparent Unmanageable
Introducing Professor Martin Hellman • Co-Inventor Public Key Cryptography • Professor Emeritus, EE, Stanford University • Selected Awards: IEEE Fellow, Marconi Fellow, Electronic Frontier Foundation Pioneer Award, Member of National Academy of Engineering
Early 1970s: Looking Into the Future
Finding Other “Fools” Merkle Hellman Diffie
Early Feedback About the Idea
Identifying the Issues • Ad-hoc communication with unknown users over computer networks • Symmetric key distribution could not work
Solving the Problem • Identified the need to develop a 2 key system • How could it be mathematically derived? An important suggestion from Professor John Gill Stanford University
1976 – New Directions in Cryptography “We stand today on the brink of a revolution in cryptography”
Building on the Foundation • PKI • Digital Signatures • SSL • Elliptic Curve
Risk, Psychology and Encryption • Resistance to addressing risk • Cassandra, teenage immortality, nuclear risk, soaring and cryptography • What we can do?
Cryptography Today – What Works • Integrated • Transparent • Automatic
Martin Hellman’s Work Today • NuclearRisk.org • Recent work: Soaring, Cryptography and Nuclear Weapons
CREDANT and Vormetric Changing perceptions about Encryption • Innovative approaches CREDANT – Endpoint Encryption Vormetric – Servers and Storage • Focused on making encryption work Manageable, transparent, secure “The CREDANT software “Vormetric made our key management and encryption as is very transparent — most people don’t know simple as it can be.” it’s on the machine.” — David Fennel, IT Security — Troy Larson, VP of Information Coordinator, Talisman Systems, Metabank Energy
CREDANT Overview 18
CREDANT Company Overview Founded - September 17, 2001 2007 & 2008: #1 Fastest Growing Private (Security) Company To enable customers to manage security of data on any device Product Line - CREDANT Mobile Guardian (CMG) Data-centric, policy based, centrally managed data protection solution that "Protects What Matters"- your critical information Financial and Strategic Investors Leading Venture Capital Firms Austin Ventures, Menlo Ventures, Crescendo Ventures 2007 Data Security Leadership Quadrant Cisco Systems & Intel Capital Accomplishments Testergebnis: 8.6 More than 775 customers worldwide Very Good Protecting >5 Million endpoints globally Solution recognized by leading industry experts 19
CREDANT’s Diverse Customer Base Spans Major Industries and Geographies Aerospace & Defense Energy State and Local Government Financial Services Universities Public Sector Consumer Industries Drugs & Healthcare Retail & Leisure Telecommunications, IT & Media 20
CREDANT’s Data-Centric Encryption More secure than other options CREDANT’S Full Disk File & Folder Data-Centric Encryption Encryption Encryption Complete encryption of hard disk, including boot Files and Folders specifically and system files selected by the user are • Data automatically encrypted based on encrypted Disadvantage: policies • Encryption only on system • Encryption awareness of users, groups, Disadvantage: level - no awareness of user systems and data types or type of data • Security dependent on user • System remains accessible for system behavior • Only available for Desktops administration and Laptops • Temporary application files can leak information • Central Administration for all devices • System administration significantly impacted and storage media with automated key • No central administration or escrow for guaranteed recovery key recovery • No separation of system and security administration • Automatic detection and enforced • Impossible to enforce or protection of external media prove compliance • No protection against copy onto external media The CREDANT approach combines the best of “Full Disk Encryption“ and “File & Folder Encryption“ and overcomes their significant problems
CREDANT Simplifies the Solution Full Compliance No Operational Impact Reporting All Solutions Managed Transparent to within One Web-based End-users Console 22
Vormetric Overview The Best in Enterprise Encryption • Mature and Proven Founded in 2001, production deployments since 2003 Over 500 enterprises use Vormetric solutions • Innovative Architecture Transparent to applications, databases, storage and users High performance, extendible, and rapidly deployable • Strong and Growing Unparalleled partnerships Diverse expanding customer base standardizing on Vormetric
Strong Validation • THE solution for DB2 and Informix • THE solution for NetBackup • THE solution for securing the execution environment for Oracle DataVault
Vormetric Data Security • Secure, centralized policy and key management • High performance • Heterogeneous • Rapidly deployable • Extensible Any File, Any Database, Any Application, Anywhere!
Vormetric Simplifies Data Security Dev Apps VoIP POS CAD SQL Server MySQL Sybase Point Encryption File Shares Flat Files Homegrown Applications Care Management Informix Oracle DB2 HR Apps ERP CRM CMS
The Vormetric Approach • Encryption • Access Control • Audit Apps Databases • Centralized Users management File Volume System Manager
Vormetric’s Extensible Solution • Log Files IIS Apache WebLogic • Password files • Configuration files • Archive CMS Custom ERP CRM Payments • Data files • Transaction logs SQL Sybase MySQL DB2 Oracle • Exports • Backup • File shares Email Servers Other File Servers FTP Servers • Archive • Content repositories • Multi-media DAS SAN NAS VM “ ” Future scalability to apply this solution where additional needs may arise was a significant consideration Thomas Doughty, CISO, Prudential
Summary • Making encryption easy and effective from the endpoint to the core • No impact to existing operations • Keeping you compliant, out of the headlines and protected
Thank You! Q&A For More Information Contact: CREDANT Vormetric • info@vormetric.com • info@credant.com • www.credant.com • www.vormetric.com • 866-CREDANT (273-3268) • 888-267-3732
Recommend
More recommend
