Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 12

Customer Managed Keys: An Emerging Requirement for Large Enterprise Sales

1

Share

Download to read offline

For many large enterprises, ownership and control of encryption keys is a baseline requirement for SaaS adoption. IronCore's Customer Managed Keys (CMK) lets SaaS application vendor offer performant, per tenant encryption with integrations to all major key management infrastructures. Get to market faster and sell more to security-conscious customers.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

Customer Managed Keys: An Emerging Requirement for Large Enterprise Sales

  1. 1. Customer Managed Keys IRONCORE LABS IRONCORELABS.COM | @IRONCORELABS An Emerging Requirement for Large Enterprise Sales
  2. 2. ironcorelabs.com// @IronCoreLabs WHAT IS CMK? Per-tenant encryption for some data All data access is logged in an audit trail Master key(s) used to decrypt are held by the customer Customer can revoke access
  3. 3. ironcorelabs.com// @IronCoreLabs GDPR / NEW PRIVACY REGS TRICKLE-DOWN FEATURES DATA SOVEREIGNTYBREACH APOCALYPSE ANALYSTS BEST PRACTICES In part because of breach disclosure laws and in part due to the climbing complexities of systems, big companies are getting pwned left and right and making big headlines. New privacy laws mean companies must have greater control of and visibility into their data to operate in various countries. Analysts love CMK and are out telling companies that they should be demanding it. The top-tier companies now offer CMK so companies are trying to push it to their other vendors. In many jurisdictions, certain data isn’t allowed to leave (in readable form). An alternative to creating data centers everywhere is to keep the keys in- country. Folks, including especially analysts, are starting to call CMK a “best practice” and this has huge implications for what companies are contractually (ie with insurance provider) and legally (ie with HIPAA) obligated to do. ironcorelabs.com// @IronCoreLabs WHY? Everyone is getting more sensitive to storing data in the cloud
  4. 4. ironcorelabs.com// @IronCoreLabs MAJOR SAAS LOGOS OFFER CMK
  5. 5. ironcorelabs.com// @IronCoreLabs HOW CMK WORKS
  6. 6. ironcorelabs.com// @IronCoreLabs Algorithm AES Mode ECB CBC OFB CFB GCM CTR XTS OCB Key Size 128 192 256 Asymmetric RSA Key Size Elliptic Curve CA / validation Curve Choices Symmetric Protocols KMIP PKCS#11 Google/AWS proprietary HSMs Gemalto Safenet AWS Azure Thales Connection SIEM Key Management Supported Systeems Languages Libraries Interoperable formats? Audit Scheme Code Rotation Revocation Backup Dual controls Common Log File System (CLFS) Common Event Format (CEF) Vendor Arcsight Splunk Logrhythm Trustwave Public IPs for HSM? VPN Configuration Rotation / refreshChoices IF YOU DIY…
  7. 7. ironcorelabs.com// @IronCoreLabs 1 2 3 1 Stateless low-latency, Keys are never persisted 2 Customer manages keys & options independently 3 Data Layer App Layer Encryption
 Service KMS / HSM Configuration
 Broker Single point of 
 integration
 (Typically API level) IRONCORE SIMPLIFIES CMK
  8. 8. ironcorelabs.com// @IronCoreLabs Client-sideServer-side Per-tenant key-remote Per-tenant key- local Per user, end-to-end YOU MAKE POLICY CHOICES PRIVATE SECRET TOP-SECRET
  9. 9. ironcorelabs.com// @IronCoreLabs Proprietary KMIP PKCS#11 Proprietary Gemalto AWS Azure GCP SaaS App Enterprise One Enterprise Two Enterprise Three Enterprise Four KMIP Proprietary PKCS#11 Proprietary THE ENCRYPTION SERVICE HANDLES THE DETAILS
  10. 10. ironcorelabs.com// @IronCoreLabs Only a few lines of code. (EDEK, ciphertext) = IRON.encrypt(metadata, plaintext); plaintext = IRON.decrypt(metadata, ciphertext, EDEK); (DEK, EDEK) = IRON.wrap(metadata); DEK = IRON.unwrap(metadata, EDEK); INTEGRATION IS SIMPLE
  11. 11. ironcorelabs.com// @IronCoreLabs ALL IN ONE EASY UI
  12. 12. ironcorelabs.com// @IronCoreLabs SUMMARY Accelerate your roadmap Greater control means easier compliance Integrate once, support many KMSs and gain policy-driven controls Low latency, high availability

×