Securing Data Across the Extended Enterprise
-
Upload
liaison-technologies -
Category
Documents
-
view
137 -
download
1
Transcript of Securing Data Across the Extended Enterprise
![Page 1: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/1.jpg)
@LiaisonTech
Securing Data Across the Extended Enterprise
![Page 2: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/2.jpg)
@LiaisonTech 2
Salary $75,000 Bonus € 5.000
1029-8400-9300-3010 DL GA 335-245578
SSN 123-12-1234
Maiden Name: Fuller DOB 11/12/1952
5201-0155-9123-9956 Diagnosis: AIDS
Data-Centric Regulatory Pressure
Regulatory Pressure
PCI DSS
HITECH Act
HIPAA
SOX
GLB
...
State Breach
Notification Laws
![Page 3: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/3.jpg)
@LiaisonTech 3
Business Drivers for Data Protection
• Government– Sarbanes Oxley Act (SOX)– Gramm Leach Bliley Act (GLBA)– Healthcare Insurance Portability & Accountability Act (HIPAA)– Federal Information Security Management Act (FISMA) – State Breach Notification Laws (e.g. California State Bill 1386)
• Industry– Payment Card Industry Data Security Standard (PCI DSS)– Healthcare Insurance Portability & Accountability Act (HIPAA)– Health Information Technology for Economic and Clinical
Health Act (HITECH)
• Company– Brand Protection in general– High-wealth individuals, etc..
![Page 4: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/4.jpg)
@LiaisonTech
Common Business Partner Interactions
• EDI documents – either direct connections to trading partners or VAN
• Payroll submissions• Health insurance claims• Check remittances• Product data - data synchronization with partners• Loan – applications, approvals, grants• Credit card transactions
![Page 5: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/5.jpg)
@LiaisonTech
Need for Secure Exchange Methods
• There is lots of information being exchange electronically between business partners – and it is increasing
• Broader adoption of using public Internet instead of private networks
• Government, Industry and Company laws and mandates are driving compliance to security and privacy standards
![Page 6: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/6.jpg)
@LiaisonTech
Day in the Life of Corporate Data
CRM
Corporate
BusinessPartners
Order EntrySystem
DataWarehouse
ConsumersStore / Agents
ConsumerWebsite
B2B Transactions
EmailEmail
FTPFTP
Dial-UpDial-Up
SSLSSL
![Page 7: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/7.jpg)
@LiaisonTech
What’s Required to Secure Information?
• Require secure communication with business partners
• Require encryption of data when stored
• Require reliability & automated recovery of failed transmissions
• Require audit-ability of all transactions & activities
• Require trace-ability of process & procedures including software updates
• Require notification of those affected when breached
![Page 8: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/8.jpg)
@LiaisonTech
Day in the Life of Corporate Data
Dial-UpDial-Up
CRM
Corporate
BusinessPartners
Order EntrySystem
DataWarehouse
ConsumersStore / Agents
ConsumerWebsite
B2B Transactions
AS2AS2
sFTPsFTP
SSLSSL
1. Require secure communication with business partners
2. Require encryption of data when stored
3. Require reliability and automated recovery of failed transmissions
4. Require audit-ability of all transactions and activities
5. Require trace-ability of process and procedures including software updates
6. Require notification of those affected when breached
1
2
34
5
6
12
2
3
4
4
4
4
4
5
5
6
6
6
![Page 9: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/9.jpg)
@LiaisonTech
Make Meeting the Laws and Mandates Part of Your Culture
Both the federal and state governments are fighting against data breaches – and this spells extra work for merchants. Payment Card Industry (PCI) mandates and soon-to-be federal regulations require all major credit holder information is encrypted – and more than 46 states have additional regulations. Stringent fines can be levied for non-compliance.
![Page 10: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/10.jpg)
@LiaisonTech
Train staff about the risks
Employees are a critical part of any data security strategy – the best practice is to define who should have access to sensitive information, and monitor it closely.
![Page 11: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/11.jpg)
@LiaisonTech
Consult and Collaborate With IT
Most merchants and business operations professionals aren’t expected to be up on the latest trends and solutions for keeping data secure. That’s IT’s responsibility. Laying out the operational processes helps IT identify the biggest threats to data security – and build a highly scaleable, integrated security infrastructure that supports the business.
![Page 12: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/12.jpg)
@LiaisonTech
Demand Business Partners Secure Information
• Data security is only as good as the weakest link. If your “house is in order” but your business partners’ is not, then you’re exposed to risk.
• Work with your business partner to secure any information being exchanged with them.
![Page 13: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/13.jpg)
@LiaisonTech
Educate Business Partners About the Risks
If your business partners are aware of the risk to their business, to your business and the relationship between both of you, they will understand the importance of securing data being exchanged with one another.
![Page 14: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/14.jpg)
@LiaisonTech
Point Solutions by User
14
![Page 15: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/15.jpg)
@LiaisonTech 15
What are the Common Solutions?
• Secure Transport• SMTP• HTTPs• FTPs• SFTP
• Secure Payload• PGP• S/MIME• PKZip• AS1, 2, or 3 (and transport)
• Deployment Model• Direct Connect• Internal Transfer• Value Added Network (VAN) Services• Hybrid
![Page 16: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/16.jpg)
@LiaisonTech
MFT and B2B Gateway
16
Firewall
MFT and B2B Gateway
![Page 17: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/17.jpg)
@LiaisonTech
Value Added Network – Partner Management
17
Value Added Network
![Page 18: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/18.jpg)
@LiaisonTech
Hybrid Model
18
Value Added Network
![Page 19: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/19.jpg)
@LiaisonTech
What Security Features Do We Need?
19
Security
Confidentiality Integrity
AuthenticationNon-
repudiation
• Encrypting the data so that it remains secret to the parties involved.
• Guarantee that the original data is not altered.
• Allows you to be sure that the document came from the party you think it came from.
• Verification by receiver.
• Allows a sender to prove that the document was delivered intact to the intended recipient.
• Verification by sender.
![Page 20: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/20.jpg)
@LiaisonTech
How Do We Apply These Services?
• Secure Transport– Secures the pipe that the data travels on.– Security services are not application-to-application and are lost
past the transmission.– Doesn’t provide document authentication or non-repudiation.
• Secure Payload – securing document for transmission– Services can be applied close to the application.– Doesn’t limit the choice of transports.– Security services such as authentication can be verified long
after the document has been transported.
![Page 21: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/21.jpg)
@LiaisonTech
What Are the Common Options?
• Secure Transport• SMTP• HTTPs (SOAP and Web-services)• FTPs• sFTP (SSH)
• Secure Payload• PGP• S/MIME• PKZIP w/ encryption• AS1, AS2 and AS3 (including SMTP)
![Page 22: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/22.jpg)
@LiaisonTech
SMTPs HTTPs FTPs SFTP
Secure Transport: Secure SMTP
• What is SMTP• Transport protocol for email
• Security Services• None
22
![Page 23: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/23.jpg)
@LiaisonTech
SMTPs HTTPs FTPs SFTP
Secure Transport: Secure SMTP
23
• Pervasiveness of e-mail• Simple implementation• Choice of vendors
• Push only• e-mail only• No large files
Benefits
Drawbacks
![Page 24: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/24.jpg)
@LiaisonTech
Secure Transport: HTTPs
• What is secure HTTP?• HTTP using SSL/TLS.• HTTP is the transport for services such as SOAP, Web
Services and AS2.
• Security Services• Similar to FTPs.• Services like SOAP have extensions to include digital
signatures.• Web Services has WS-Security.
24
SMTPs HTTPs FTPs SFTP
![Page 25: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/25.jpg)
@LiaisonTech
Secure Transport: HTTPs
25
SMTPs HTTPs FTPs SFTP
• Better for direct connect• Request / response model• Easy to connect through firewalls• MIME based• Canonical data requirements
• Complicated set-up• No built-in file management• Server always up & connected
Benefits
Drawbacks
![Page 26: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/26.jpg)
@LiaisonTech 26
Secure Transport: FTPs
• What is secure FTP? • FTPs is not the same as sFTP. • FTPs uses SSL/TLS.• sFTP is FTP using SSH
• Security Services:• Confidentiality ensured because the pipe is encrypted.• Authentication through either client-side authentication and/or
user id/password.• Integrity limited to features guaranteed by underlying TCP/IP
protocol.• No support for non-repudiation.• Security features not tied to the document.
SMTPs HTTPs FTPs SFTP
![Page 27: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/27.jpg)
@LiaisonTech
Secure Transport: FTPs
27
SMTPs HTTPs FTPs SFTP
• High adoption• Built in file management• Good in a hosted model• Transfer recovery supported
• No content validation• Inefficient for large numbers of
small transactions• File content in the clear
Benefits
Drawbacks
![Page 28: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/28.jpg)
@LiaisonTech
Secure Transport: SFTP
• What is SFTP?• FTP using Secure Shell – originated as a secure alternative for
the UNIX commands rlogin, rsh, and rcp• Secures a tunnel through which remote users can telnet, run
commands and perform file management• Provides session level encryption• File copy services include sFTP (SSH 2) and sCopy
• Security Services• Provided by Secure Shell (SSH)
28
SMTPs HTTPs FTPs SFTP
![Page 29: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/29.jpg)
@LiaisonTech
Secure Transport: SFTP
29
SMTPs HTTPs FTPs SFTP
• Protection against IP spoofing• Key based authentication• A UNIX favorite• Single connection easy
firewall routing
• More than just transfer• System profiles• Difficult to nail down restrictions • Lack of platform pervasiveness
Benefits
Drawbacks
![Page 30: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/30.jpg)
@LiaisonTech 30
Secure Payload: PGP
• What is PGP?• Pretty Good Privacy.• PKI-based crypto application.• Widely available, commonly used in financial institutions.
• Two models for securing data using PGP• Conventional password-based encryption. • PGP/MIME – uses PGP keys.• Confidentiality, integrity and authentication services.
PGP S/MIME PKZIP ASx
![Page 31: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/31.jpg)
@LiaisonTech 31
Secure Payload: PGP
• Tried and true• Vendor options• Transport independent
• No non-repudiation• Key Management can be difficult
Benefits
Drawbacks
31
PGP S/MIME PKZIP ASx31
![Page 32: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/32.jpg)
@LiaisonTech
Secure Payload: S/MIME
• What is S/MIME?• Secure Multi-purpose Internet Mail Extensions – initially
targeted at mail users, but expanded to cover many transports• General specification behind EDI-INT (EDI over the Internet)• Public Key Infrastructure (PKI) and X.509 Certificates.• Full range of security features including non-repudiation.
32
PGP S/MIME PKZIP ASx
![Page 33: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/33.jpg)
@LiaisonTech
Secure Payload: S/MIME
33
• Included functions• MDN defined error reporting• Compression
• Complex partner setup• Key management and exchange
Benefits
Drawbacks
PGP S/MIME PKZIP ASx
33
![Page 34: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/34.jpg)
@LiaisonTech
Secure Payload: PKZip with Encryption
• What is PKZip with Encryption?• Compression tool that has password-based encryption function• Not commonly used in B2B scenarios
34
PGP S/MIME PKZIP ASx
![Page 35: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/35.jpg)
@LiaisonTech
Secure Payload: PKZip
35
• Compression• PKZip Premium
• Weak encryption
Benefits
Drawbacks
PGP S/MIME PKZIP ASx
35
![Page 36: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/36.jpg)
@LiaisonTech
AS1, AS2, AS3
Protocol Transport Method
AS1 SMTP (email) Extended S/MIME + document management services over SMTP.
AS2 HTTP Extended S/MIME + document management services over HTTP.
AS3 FTP Extended S/MIME + document management services over FTP.
36
• Transport-dependant implementations of S/MIME and PGP/MIME
PGP S/MIME PKZIP ASx
36
![Page 37: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/37.jpg)
@LiaisonTech
Transport-dependent Secure Payload: AS1
37
• East peer-to-peer & firewall set-up
• Easy to configure• Easy to monitor• Automatic re-try
• Size restrictions• Susceptible to SPAM blockers
Benefits
Drawbacks
PGP S/MIME PKZIP ASx
37
![Page 38: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/38.jpg)
@LiaisonTech
Transport-dependent Secure Payload: AS2
38
• Peer-to-peer• Document turn-around• Instant receipt• No size restrictions• Single port connection
• Another server in the mix• High availability expected
Benefits
Drawbacks
PGP S/MIME PKZIP ASx
38
![Page 39: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/39.jpg)
@LiaisonTech
Transport-dependent Secure Payload: AS3
39
• Great for server side• No size restrictions
• Requires another server in the mix
• High availability expected• FTP firewall
Benefits
Drawbacks
PGP S/MIME PKZIP ASx
39
![Page 40: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/40.jpg)
@LiaisonTech
Summary
Protocol FTPFTPS (FTP with SSL)
SFTP (FTP with SSH) HTTPS AS1 AS2 AS3
Transport Method FTP FTP FTP HTTP SMTP HTTP FTP
Transport Security / Encryption
- SSL / TLS SSH SSL / TLS - SSL / TLS SSL / TLS
Payload Security / Encryption
- - - - S/MIME S/MIME S/MIME
Real-time Transport - - - ✓ - ✓ -
Confidentiality - Transport only
Transport only
Transport only
✓ ✓ ✓
Integrity - Transport only
Transport only
Transport only
✓ ✓ ✓
Authentication - Transport only
Transport only
Transport only
✓ ✓ ✓
Non-repudiation - Transport only
Transport only
Transport only
✓ ✓ ✓
![Page 41: Securing Data Across the Extended Enterprise](https://reader035.fdocuments.net/reader035/viewer/2022062319/5565a357d8b42a083a8b487c/html5/thumbnails/41.jpg)
@LiaisonTech
Solutions
• Data Integration• Data Management • Data Security
Multinational
• Global headquarters in Atlanta• European offices in Finland,
Netherlands, Sweden, UK• More than 7000 customers
worldwide in over 46 countries
For more presentations:
Liaison Webinars
AB
OU
T L
IAIS
ON
41
Additional Resources