《云端敏感数据需要加密与密钥管理.pdf》由会员分享,可在线阅读,更多相关《云端敏感数据需要加密与密钥管理.pdf(18页珍藏版)》请在三一文库上搜索。
1、 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. PROTECT SENSITIVE DATA IN THE CLOUD ENCRYPT AND CONTROL USER DATA EVERYWHERE AND ALL THE TIMES
2、ALEX BERLIN PRESIDENT & CEO 艾福艾福 为您提供云计算安全方案为您提供云计算安全方案 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. INTRODUCING AFORE Slide 2 Secure Server
3、Virtualization Secure Virtual Storage Secure Hosted Virtual Apps Increased granularity & levels Of Data Protection Provide Data Protection Solutions for Cloud Era Global customers and partners HQ in Ottawa, Canada Secure Data in Motion SAN & Ethernet 2012 AFORE Solutions Inc. All rights reserved. Th
4、e Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. CLOUD DATA PROTECTION CHALLENGES Astronomical growth in data in private and public clouds Traditional security methods have limits in Cloud envir
5、onments o Perimeter Protection - doesnt protect stored data & virtualized applications o Full Disk Encryption not scalable for cloud environments & not multi-tenant o Data Loss Prevention complex & costly to implement and manage Data exposure is costly o Damage to brand o Regulatory penalties for br
6、eaches o Loss of company IP o Litigation expenses Data more mobile than ever o Mobile devices, cloud based storage, file sharing End users are the weakest link o Protect data on VDIs, virtual applications and mobile devices Slide 3 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this
7、 document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. REQUIREMENTS FOR CLOUD DATA ENCRYPTION Multitenant Granular Persistent and under data owner control Slide 4 2012 AFORE Solutions Inc. All rights reserved. The Copyr
8、ight in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Host MULTITENANT STORAGE FOR SERVER WORKLOADS Storage Tenant A Tenant B Tenant C Multiple tenants share same infrastructure and storage Issues: o No pro
9、tection of one tenants sensitive information from other tenants o Difficult to achieve regulatory compliance VM VM VM VM VM VM Slide 5 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied w
10、ithout their prior written permission. Host SECURE MULTITENANCY WITH HARDWARE STORAGE ENCRYPTION Storage Tenant A Tenant B Tenant C Separate storage array for each tenant Per-tenant hardware-based storage encryption Issues: o Not cost effective! o Separate storage arrays and hardware encryption requ
11、ired for each tenant o Inefficient use of storage! Storage Storage Hardware Encryption Hardware Encryption Hardware Encryption VM VM VM VM VM VM Slide 6 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should b
12、e used or copied without their prior written permission. CLOUDLINK DATA PROTECTION ARCHITECTURE Slide 7 Multi-tenant Cloud Service Catalog Tenant B Key Store Tenant A Key Store CloudLink Center CloudLink Center CloudLink Center Monitoring/Control of Security and Performance SSL VPN Secure Network Ex
13、tension Secure VSA 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. CLOUDLINK VSA HOW IT WORKS Host Tenant A Tenant B Tenant C Secure VSA encrypt
14、s storage partitions with per-tenant keys Multiple tenants workloads can be hosted securely on same host and same storage array Tenants have complete control over data encryption Tenant sensitive data is protected Regulatory compliance achievable VM VM VM Tenant A secure storage Tenant B secure stor
15、age Tenant C secure storage Secure VSA Secure VSA Secure VSA VM VM VM Slide 8 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. CLOUDLINK FOR “ANY
16、 CLOUD” Slide 9 Security and Compliance for Virtual Storage in IaaS IaaS platform agnostic Supports all storage platforms Workloads on all major OSs Full enterprise control of policy and keys AD and option for RSA DPM 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belo
17、ngs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. FOR END USER - ITS ALL ABOUT APPS End Users are the weakest link Vulnerable to Malware attack and APTs Cloud and mobility demand new data protection solutions Protect active data
18、 in virtual app, VDIs, cloud file sharing (Dropbox) Slide 10 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. CLOUDLINK CX SECURE VIRTUAL CONTAIN
19、ER FOR APP-LEVEL TRUST + + = Trusted User Trusted App Trusted VM Access Granted Slide 11 Game-changing data protection for cloud and mobile security 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be us
20、ed or copied without their prior written permission. CLOUDLINK CX ARCHITECTURE Slide 12 Virtual App Server/Virtual Desktop File system Socket/IPC encryption File encryption Secure virtual container for Windows apps Enterprise Security Controller Policy Keys 2012 AFORE Solutions Inc. All rights reser
21、ved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Persistence With traditional file/folder/disc protection, encryption is lost once files leave enterprise With Secure Virtual Container, da
22、ta remains protected everywhere, all the time Slide 13 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Granularity MACHINE USERS APPS Policy con
23、trols what is encrypted and under what circumstances Slide 14 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Slide 15 Ubiquity Data security in
24、dependent of virtualization infrastructure and network 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Ease of Use Existing solutions require mu
25、ltiple point products to secure data Secure Virtual Container ensures data security with single policy set and one audit trail Slide 16 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied
26、without their prior written permission. Encryption of sensitive data is a key requirement for cloud and mobile security Enables security and compliance in Public and Private Clouds Security Keys and control belong to data owner, not provider Comprehensive protection of Data at Rest and Active Data T
27、rusted apps game-changing data protection technology for cloud and mobility security SUMMARY Slide 17 2012 AFORE Solutions Inc. All rights reserved. The Copyright in this document belongs to AFORE Solutions Inc. and no part of this document should be used or copied without their prior written permission. Slide 18 谢谢