GED- i Ltd Storage Security

GED-i LtdStorage Security


GED-I Proprietary

www.ged-i.com +972 9 8651054 [email protected]

Securing Data Residing on Storage devices

and Data Transferred over IP Networks

http://www.ged-i.com/

GED-I Proprietary

Why Encryption is needed ?

Regulations Cost of Data TheftSecurity Incidents

GED-I Proprietary

Where Encryption is needed ?

Enterprise Data CenterDRP Site

Health Institutions

Financial Institutions

University Research Center

Government Defense

Bank

Remote Hosting

Merchants Payments Processors

ISP Site

GED-i Products offeringData Encryption

GED-i Products offeringData Encryption

GED-I Proprietary

GDDS

GPDS

AIO - i AIO - FC

AIO - HA

Superior - i Superior - FC

Superior - HA

Personal Enterprise infrastructureEnterprise

Best Security

Entry level

Security

Department

GED-i Products offeringNetwork Encryption

GED-i Products offeringNetwork Encryption

GED-I Proprietary

G4Crypt 100

Enterprise infrastructureEnterprise

Fast

Slow

Department

G4Crypt 300

G4Crypt 1000

Data Security Layers

GED-I Proprietary

Network Network SecurityFW, VPN, IDS/IPS

Device: PC,Laptop,PDAAccess controlBiometrics, Smart Card..

Application Application SecurityPIN, DRM

Data Encryption In

vasion th

rough netw

ork



GED-I Proprietary

Encryption of

STORAGE DEVICES

(SAN)

GED-i High Availability SolutionGED-i High Availability Solution

GED-I Proprietary

GEM 2000(Element Manager)

Ethernet

FC / iSCSI

AES 256

Storage

Server

Clients

Clients

GSA 2000 EE (Encryption Engine)

GKS 2000 (Key Server)

#W~ZABCD



GED-I Proprietary

Ethern

et

Ethernet

GKS 2000 (Key Server) GEM 2000(Element Manager)


GSA 2000 EE (Encryption Engine)FC / iSCSI

+ Scrambling + InterferenceAES 256

Storage

Server

Port 1

Port 2

Port 4

Port 3

Clients

Clients


GED-I Proprietary Storage

Server

Clients

Clients

GSA 2000 EE Encryption Engine


GEM 2000Element Manager

GKS 2000 Key Server


GED-I Proprietary

Storage

Direct Data Copy

Take and GoTake, Copy and Return

Digital Way

Direct Data Copy

Remote Data Copy

Physical way

Take and Go

Take, Copy and Return

Data Protection against….

Service level

Remote Data Copy

GED-i Data Leak PreventionGED-i Data Leak Prevention

GED-I Proprietary

Storage

Server

Clients

Use of Personal Encryption Key

Storage data is Encrypted and NOT available

SELECTED Storage data is available to key holders only

to continue press Space Bar

Typical Link of End Users to Storage Device

Hiding Storage Data while using GED-i’s Encryption KEY solutionupon Encryption Key insertion Data becomes available to key holders group onlyupon Encryption Key removal Storage data becomes UNAVAILABLE again

GKS 2000 Key Server

TOTAL Storage Data Encryption while using GED-I’s solutionStorage data is Encrypted and

Available to End Users

ABCD?&#@


GED-I Proprietary Storage

Server

Clients

Clients




GKS 2000 Key Server


DRP


GED-I Proprietary

Storage

Server

Clients

Clients


GKS 2000 Key Server


DRP SiteGSA 2000 EE

Encryption Engine

GED-i in Cloud ComputingGED-i in Cloud Computing

GED-I Proprietary

Storage



GKS 2000 Key Server

Server Clients

User Site

Cloud Services at remote site

GED-I Product LineGED-I Product Line

GED-I Proprietary

Superior Security

GSA 2000 - EE

GKS 2000

GEM 2000

High Security level Solution

External Key Server for multiple GSA 2000 - EE

Automatic High availability

All In One Security

GSA 2000 – AIO

GEM 2000

Solution in single appliance

Internal Key management

GED-I Product LineGED-I Product Line

GED-I Proprietary

Superior Security GSA 2000 - EE

GKS 2000

GEM 2000

StorageServerGEM 2000

GSA 2000 - EE

• Best Security Solution

• Encryption engine

• External Key Server

• Automatic setup for High Availability

• AES 256

• Optional : Segmentation & Scrambling

GKS 2000

GSA 2000 For SAN Configuration


GED-I Proprietary

Specification Highlights

Storage Security Appliance

Connection In-line

iSCSI interface

Fiber Channel interface

At least 2 ports of 1Gb

Wire speed

External & Remote Key Server

Invisible to user

Invisible to storage application

Invisible to storage device



GED-I Proprietary

Key Technology Incorporates the algebraic AES, Segmentation and scrambling

key Ensuring an unmatched security level

Key Management Physical Gap between the security appliance and the encryption

engine Encryption keys are remotely stored on the key Server Key Server can be local or remotely deployed Keys are transferred to the security appliance only as needed



GED-I Proprietary

Easy Deployment Plug and Play technology Appliance with no IP address No S/W installation on client, server or storage Self Learning Easy and fast disaster recovery



GED-I Proprietary

Network Encryption

Encrypting Data transmitted

between IT islands

Encrypting Data transmitted between IT islands

Network Encryption

Encrypted IP Network

IPsec AES 256Public Network

ABCD

ABCD

%&^#

Total Solution by GED-i

G4Crypt Models

The G4Crypt is an encryption appliance available as desktop or 19” rack mountable device, providing encryption at rates of 100Mbs, 300Mbs and near 1Gbs.

• An encryption appliance• Desktop or 19” Rack mountable device• Encryption at rates of 100Mbs, 300Mbs and near 1Gbs.

G4Crypt Models

Technical Specification

AES – FIPS 197 (256) CBC

X.509 v3 digital certificates

Pre-shared secrets

HMAC-SHA-1-96

Encapsulating Security Payload (ESP) Tunnel mode

Encapsulating Security Payload (ESP) Transport mode

Ethernet Encapsulated Security Payload

Ethernet link

IPv4

Easy Deployment

Plug and Play technology

No S/W installation

Specification Highlights

Ethernet Link

IPsec - Layer 3 IP packet encryption

AES 256 encryption

G4Crypt 100 for 100Mbs

G4Crypt 300 for 300Mbs

G4Crypt 1000 for near 1Gbs

Point to Point link

Multi Point to Point links

Transparent bridge

Appliance Technology

At least 3 Ethernet ports

Up to 1Gbs Ethernet port

Desktop version

19” rack version

Management

Simple to use

Reports and logging



GED-I Proprietary

www.ged-i.com +972 9 8651054 [email protected]

Securing Data Residing on Storage devices

and Data Transferred over IP Networks

http://www.ged-i.com/



GED-I Proprietary

Personal/Departmental Data Safe

Encrypting Data Resides on

Departmental servers

Group 1 Existing Computers with

non-encrypted data

Ethernet-LAN

Private Or Joint Encryption key, required to decrypt the encrypted disk. Removed to prevent access to data

Local Disk Non-Encrypted data

Single groupsShared 5:1 Configuration

GDDS 2000

A+B+…+E

K(A)=K(B)=K(C)=K(D)=K(E)

B

C

D

A

E “Local Disk” with Encrypted dataShared data in shared disk Volume

Dedicated for GED-I’s encryption station

Data Safe Personal

Computer

Ethernet-LANGPDS 2000

“}#%>?+[\ABCDE

Removed to prevent access to data

&$#{}[

Read with no Key

Read with Keys

Read with No Keys

GED-I’s solution for Personal Data Safe – GPDS 2000

1:1 Configuration

Group 1 Existing Computers with non-encrypted

data

Ethernet-LAN

Disk-on key with thousands of keys required to decrypt the encrypted disk.

Removed to prevent access to data USB port

Local Disk Non-Encrypted data

Two Independent GroupsShared 5:1 Configuration

“Local Disk” Encrypted data

GPDS 2000

A

A+B+…+E B

EShared data in shared disk Volume

Z

K(Z)

W

V

K(W)

K(V)

V+W+…+Z

K(A)

K(B)

K(E)

Group 2 Existing Computers with non-encrypted

data

K(A)=K(B)=K(C)=K(D)=K(E

)

K(Z)=K(Y)=K(X)=K(w)=K(V

)

GED- i Ltd Storage Security

Documents

Transcript of GED- i Ltd Storage Security