Expert de la s curit des si
Download
1 / 15

Expert de la sécurité des SI - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Expert de la sécurité des SI. Guardium Data Encryption La protection des données. Juillet 2014. What is IBM Infosphere Guardium Data Encryption?. Security for your structured and unstructured data High performance encryption , access control and auditing

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Expert de la sécurité des SI' - blade


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Expert de la s curit des si

Expert de la sécurité des SI

Guardium Data Encryption

La protection des données

Juillet 2014


What is IBM Infosphere Guardium Data Encryption?

  • Security for your structured and unstructured data

    • High performance encryption, access control and auditing

    • Data privacy for both online and backup environments

    • Unified policy and key management for centralized administration across multiple data servers

  • Transparency to users, databases, applications, storage

    • No coding or changes to existing IT infrastructure

    • Protect data in any storage environment

    • User access to data same as before

  • Centralized administration

    • Policy and Key management

    • Audit logs

    • High Availability

2


Relationship to IBM Data Protection suite

  • Data Encryption is complimentary to other security products

  • Data Encryption Strength

    • Transparent Data Encryption

    • Key management

    • File Access Control

GDE Server


Guardium Data Encryption

Guardium Data Encryption

Requirements

Ensure compliance with

data encryption

Ensure compliance and protect enterprise data with encryption

  • Protect sensitive enterprise information and avoid data breaches

  • Minimize impact to production

  • Enforce separation of duties by keeping security and data administration separate

  • Meet government and industry regulations (eg. PCI-DSS)

Benefits

  • Protect data from misuse

  • Satisfy compliance requirements including proactive separation of duties

  • Scale to protect structured and unstructured data across heterogeneous environments without enterprise changes

4


GDE Use Cases

Database Encryption

Unstructured Data Encryption

Cloud Encryption

  • Usage: Encrypt Tablespace, Log, and other Database files

  • Common Databases: DB2, Informix, Oracle, MSSQL, Sybase, MySQL…

  • Usage: Encrypt and Control access to any type of data used by LUW server

  • Common Data Types: Logs, Reports, Images, ETL, Audio/Video Recordings, Documents, Big Data…

  • Examples: FileNet, Documentum, Nice, Hadoop, Home Grown, etc…

  • Usage: Encrypt and Control Access to data used by Cloud Instances

  • Common Cloud Providers: Amazon EC2, Rackspace, MS Azure

5


GDE Design Concept

Typical Approaches

InfoSphere Guardium Data Encryption centralizes encryption

Full disk encryption on the endpoint systems

Database Exports

Databases

Application

Logs

File/Print

Servers

Document

Ingest

Spreadsheets,

PDFs, Scanned

Images

Staging areas

FTP Servers


GDE Architecture

Components:

  • GDE Security Server

  • GDE Secure File System Agent

Users

Application

Web

Administration

Databases, Files

OS

FS Agent

File System

SAN, NAS, DAS Storage

Policy is used to restrict access tosensitive data by user and processinformation provided by the OS.

https

GDE Security Server

Failover

SSL/TLS

Key, Policy, Audit Log Store

GDE Security Server

  • Policy and Key Management

  • Centralized administration

  • Separation of duties

7


Web

Administration

Data Encryption Architecture

Authenticated Users

Applications

DBMS Server / File server

ftp server

DBMS Server / File server

ftp server

DBMS server / file server

ftp server

DBMS Server / File server

ftp server

DBMS Server / File server

ftp server

SSL

x.509 Certificates

DEAgent

File System

File System

File System

https

IBM DE Server

Active /Active

Key, Policy, Audit Log Store

Data Encryption Security Server

  • Policy and Key Management

  • Centralized administration

  • Separation of duties

Online Files

8


GDE: How It Works

Data Encryption

Clear Text

File Data

File Data

File Data

File Management

DE Agent

Policy

File SystemMetadata

Name: Jsmith.doc

Created: 6/4/99

Modified: 8/15/02

Name: Jsmith.doc

Created: 6/4/99

Modified: 8/15/02

Writes

Name: J Smith

Credit Card #:

6011579389213

Exp Date: 04/04

Bal: $5,145,789

Social Sec No:

514-73-8970

File Data

dfjdNk%(Amg

8nGmwlNskd 9f

Nd&9Dm*Ndd

xIu2Ks0BKsjd

Nac0&6mKcoS

qCio9M*sdopF

Reads

  • Protects Sensitive Information Without Disrupting Data Management

  • High-Performance Encryption

  • Data Access as an Intended Privilege

9


GDE Policies

Authentication

Authorization

Audit

Context-Aware Access Control

  • Filters Users or Groups Who May Access Protected Data

  • Filters the Applications Users May Invoke to Access Protected Data

Who?

  • Identifies the File System Operations Available to the User/ Application Combination

What?

Where?

  • Identifies Protected Data (e.g., File, Directory, Wildcard)

  • Verifies Authorized Time Window Available for Access by Window-Sensitive Tasks (e.g., Backup, Contract Employees)

When?

How?

  • Separates the Ability to Access Data From the Ability to View Data


GDE Segregation of Duties

Key Administrator

Server Administrator

Policy Administrator

Audit Administrator

Administrator Roles

  • Roles provide separation of duties for Data Encryption Administrators

    • Server Administrator Role - Provides administration/configuration capabilities relevant to the security server

    • Domain Administrator: Assigns accounts their security roles

    • Key Administrator Role – Allows administrator to generate/manage keys

    • Policy Administrator Role – Allows administrator to create/manage policies

    • Host Administrator Role – Applies Policies to hosts

    • Audit Administrator Role – This role is required to purge audit logs

11


LAN/WAN

SAN

NAS

DAS

Distributed Enforcement - Centralized Management

Production

DEV

QA

Centralized Security Servers

  • Centralized Security Server:

    • Multiple database instances

    • Online and Offline

    • Heterogeneous databases

12





ad