www.thales-esecurity.com

ISEC INFOSECURITY TOUR 2019 “I´LL BE WATCHING YOU”

¿Está seguro que está seguroen la NUBE?

Estrategias de Protección en la NUBE

Industry analysts state that

85%

85% of enterprise decision-makers say they have a time frame of two years to make significant inroads into digital

transformation or they will suffer financially and fall behind their competitors.

Source: PWC

We see digital transformation of traditional industries

There are risks associated with the digital transformation

Satisfying compliance requirements around encryption

and key management

Safeguarding against unauthorized insider access and

other data breaches Defending against unauthorized

code

Protecting retail customer data to meet PCI DSS requirements

Securing patient data wherever it is created, shared or stored

Ensuring the authenticity of connected components

DIGITAL TRANSFORMATION WITHOUT DATA SECURITYIT’S LIKE DRIVING OFF A CLIFF!

HEADLONG ADOPTION COMPOUNDS THE PROBLEM

94% use digital transformation technologies with sensitive data

(cloud, big data, IoT, containers, blockchain and mobile payments)

42% use more than

50 SaaS applications

99%use Big

Data

94%implement

IoT

91%working on or

usingmobile payments

53% use

3 or more PaaS environments

57% use

3 or more IaaS vendors

ENCRYPTION – A KEYSTONE TECHNOLOGYFOR PROTECTING DATA

Privacy Requirements: Encryption the top tool needed to meet newPrivacy requirements like GDPR

44%

35%

38%

48%

41%

Cloud: The top tool for more cloud use

Secure Identity needed to drive Big Data Adoption

Big Data: Encryption needed to drive Big Data Adoption

IoT: Encryption the top tool to increase ability to use IoT

Containers: Encryption drives Container usage

42%

Encryption tools top the plan for data security related spending to be purchased in the next year

Global tools US tools

45%

43%

42%

Tokenization

Encryption with BYOK

Hardware Security Modules

44%

43%

41%

Encryption needed to drive the adoption of the technologies needed for digital transformation

DEPLOYING TO THE CLOUDDATA SECURITY REQUIRED

Top Cloud Security Concerns

(rates of very/extremely concerned)

64%

62%

58%

58%

57%

54%

Attacks at the Service Provider

Lack of control over location of data

Security of my organization’s

data in the cloud

Managing Encryption Keys acrossmultiple cloud environments

Custodianship of encryption keys

Meeting compliance requirements

Encryption The top IT security control

needed to expand cloud adoption

44%42% 41%

34%

Encryption of Detailed ITcloud data with and Physical

Enterprise premises key management and storage

Security information

Encryption ofcloud data

with CSP key management and storage

HSMs on premises or in

the cloud

What are enterprises doing about the problem today?

Implementing CASB

46%

Enabling encryption

services offeredby the CSP

51%

Deploying orusing a BYOK

solution

40%

www.vormetric.com VORMETRIC COMPANY CONFIDENTIAL

CLOUD DATA SECURITY

Application Workload Migration to Cloud

Shared Responsibility Model Illustrates Data Security Roles

Software as a Service (SaaS)

Data

Application

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

Customer Responsibility

Provider Responsibility

Infrastructure as a Service (laaS)

Platform as a Service (PaaS)

Data

Application

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

Data

Application

Runtime

Middleware

O/S

Virtualization

Servers

Storage

Networking

Broad Cloud Security Concerns

59%

57%

54%

47%

51%

40% 50% 60%

SECURITY BREACHES / ATTACKS ON CSP

SHARED INFRASTRUCTURE VULNERABILITIES

CLOUD PRIVILEGED USER ABUSE

COMPLIANCE

ENCRYPTION KEY OWNERSHIP

2017 Thales Data Threat Report/451 Research – 1100 IT Professionals

Concerns

Multiplied

By

Multi-Cloud

You’re responsible for

data security.

What do you do?

Analysts: Advanced Encryption and Centralized Key Management

Use File Encryption Centralize Key Management

• File encryption is used for critical

data that needs to be encrypted

at all times

• File encryption is very good at

protecting from the insider threat

• Build a robust key management

infrastructure

• Essential components are a flexible

key management platform, the

data encryption, and access

control

IDC, Encryption a Powerful Risk-Reducing Tool, But a Business Impact Analysis Is Essential,

Robert Westervelt, April 2017 US42425317

IDC, Worldwide Endpoint Encryption and Key Management Infrastructure Forecast, 2016–2020,

Robert Westervelt et. al., August 2016 US41632016

Thales Technology Focus (VTE, CCKM)

Secure data encryption and strong key management to support any

enterprise cloud security strategy - public, private or hybrid

15

Block Privileged Users

Block access to data

(CSP, Subpoena)

Unstructured data, non

CSP data

Cloud Key Assurance

Visibility, Portability, DR,

Compliance

Single Pane of Glass

Securely leave the cloud

Automate Security

Logs, unstructured data, DBs

Block Root / Privileged Users

DevOps Automation

Key

ManagementRoles Based

Encryption

Container

Security

Remove Data Lock

Supply chain data share

Key ownership

Role ownership

Application

Encryption

Advanced Data Encryption Provides Real Protection and Control

Unified Encryption, Key and Policy Management

Security Intelligence Logs

➢ Capture granular data

access logs of authorized and

unauthorized access

Live Data Transformation

➢ No downtime: files or database

remain online during initial

encryption or key rotation

Container Awareness

➢ Establish fine-grained access

controls for each container

AES Encryption

Granular Access Control

Policies

Privileged User Access

Control

Files and Databases

Secure Data Portability

Tokenization with Dynamic Data

Masking

FIPS 140-2 Compliant Secure Key StoragePhysical

Appliances

On-premises

Key Management

Private

& Hosted

Clouds

In-cloud

Key Management

Application Layer

Encryption

Virtual

Appliances

Ad

va

nc

ed

BY

OE

Na

tive

En

cry

ptio

n

CipherTrust Cloud Key Manager

▌Centralized, multi-cloud key

control and management for

IaaS and SaaS

▌As a service or on-premises

deployment

▌Secure Key Storage

▌Logging and Reporting for

enhanced visibility and compliance

▌ As a Service

Subscribe

Configure

Go!

▌ Secure Key Storage

FIPS 140-2 Level 1

Deployment Choices to Fit Your Needs

▌ Your Deployment

Subscribe

Deploy

- Private Cloud

▪ All virtual appliances for cloud deployment

▪ FIPS 140-2 Level 1 Secure Key Storage

- On Premises

▪ CipherTrust Cloud Key Manager virtual appliance

▪ Up to FIPS 140-2 Level 3 secure key storage

▪ Configure

Go!

As a

Service

FIPS 140-2 L1 Secure

Key Storage

On Premises

FIPS 140-2 L3 Secure

Key Storage

Private

Cloud

FIPS 140-2 L1 Secure

Key Storage

True Encrypted Data Mobility is Only Possible with BYOE

Financial Data

HIPAA

On-Premises

Private Cloud

PII

Centralized Keys Provide

Data Mobility

Intellectual

Property

Securing your digital transformation by encrypting everything

Structured and unstructured data at rest

In motion and in use

Within and Across devices

Process, platforms and environments

Thales eSecurity solutions - Supporting a wide range of use cases

Customer Use Cases

Cloud

Security

Data

Security

IoT Security

Payments

Code Signing

PKI

Tokenization

Data Masking

Digital

Signing

Key

Management

App

Encryption

Data

Encryption

Container

Security

Hardware

Security

Modules

www.thales-esecurity.com

THANK YOU

Zamanta AnguianoZamanta.Anguiano@thalesesecurity.comCel: 55-4339-9652