1 / 20

Securing Data in Transit and Storage Sanjay Beri

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks. Presentation Goal. How To Protect a Corporation’s Sensitive Assets throughout the Web Server and Storage Infrastructure with a Centralized, Network-Attached Architecture.

salim
Download Presentation

Securing Data in Transit and Storage Sanjay Beri

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks

  2. Presentation Goal How To Protect a Corporation’s Sensitive Assets throughout the Web Server and Storage Infrastructure with a Centralized, Network-Attached Architecture

  3. Speaker’s Background • Ingrian Networks is an application security company specializing in protecting the privacy and integrity of your data, whether it is in your database, being transported via JMS, etc, etc • Sanjay Beri holds several patents in the area of Internet security, has led the design and development of software, firmware and hardware at various small to large companies, and is a co-founder of Ingrian Networks and responsible for their product management and strategy

  4. Presentation Agenda or Key Topic Areas • What is The Data Privacy Problem? • How Do You Solve The Problem? • Which Solution Architecture Do You Need? • Examples of Using Ingrian NAE • Summary

  5. I The Unprotected Zone Database Storage Sys NAS Web Server Application Server Network Switch Firewall Client The Internet AA SSL Unprotected transaction zone! App Firewall IDS Sensitive data in the “backend” is very vulnerable to internal and external attacks.

  6. Unprotected Zone Threats • Theft • Modification • Defacement • Unauthorized viewing • Fraudulent distribution • In general, any other unauthorized or unsanctioned activity “For-money” hackers internal threats competitors “For-fun” hackers

  7. Area A: Inter-Application Server s Database Storage Sys NAS Web Servers Application Servers Unprotected transaction zone! JMS, SOAP, RMI, IIOP, RMI over IIOP, JRMP, or something else? Regardless of the protocol, the DATA being transported must be protected against the many threats, and this must be done in a manageable fashion.

  8. Area B: Application Server to Storage Database Storage Sys NAS Web Servers Application Servers Unprotected transaction zone! JDBC, ODBC, OLE-DB, or something else? Regardless of the protocol, the DATA being transported must be protected against the many threats.

  9. Area C: Data while in Storage Database Storage Sys NAS Web Servers Application Servers Unprotected transaction zone! Oracle9i, DB2, some other database? Server, mainframe, or something else? NAS, SAN, etc? Regardless of where the DATA is stored and how it is stored, the DATA must be must be protected against the many threats.

  10. Vulnerability Summary Database Storage Sys NAS Web Servers Application Servers A. B. C. Unprotected transaction zone!

  11. Remedy for A Database Storage Sys NAS Web Servers Application Servers A. Sender: Encrypt and Add Integrity Check Receiver: Verify Integrity and Decrypt Unprotected transaction zone!

  12. Remedy for B and C Database Storage Sys NAS Web Servers Application Servers Sender: Encrypt and Integrity Check or Fingerprint via Keyed Hash or Sign Receiver: Verify Integrity and Decrypt or Fingerprint Data Again and Compare or Verify Signature B. C. Unprotected transaction zone!

  13. Key Considerations for a Solution • Security • Management and Administration • Scalability • Ease of Integration and Deployment

  14. The Possible Solutions? Solution 1 (only for C): Do it on the Storage System (eg. the database)? Solution 2: Do it Per Web/Application Server? Solution 3: Network-Attached Cryptographic Services? Web Servers Application Servers Network Switch Solution 2 Firewall Solution 1 (only for C) Database Storage Sys NAS Solution 3

  15. Security Comparison

  16. Management & Administration

  17. Scalability & Cost

  18. The Best Solution • The Network-Attached solution is the best solution from all angles: • Can remedy all 3 (A, B and C) vulnerabilities • Does it securely • Makes it easy to manage, monitor and administer • Does not burden existing infrastructure and scales easily

  19. Network-Attached Encryption (NAE) Database Storage Sys NAS Web Servers Application Servers • Works with any web or application server • Works with any type of content (credit cards, passwords, patient records, entire files, images, spreadsheets, etc) • Works no matter where you store the data (e.g., databases, servers, SANs, NAS, etc.) Ingrian Network-Attached Encryption Solution

  20. Summary • Protecting data at the field level in storage is vital • Secure, easily manageable, centralized and consolidated key management and cryptography is vital • Network-Attached Cryptography and Key Management is the solution • This is what Ingrian Networks provides (www.ingrian.com)

More Related