Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
53 views31 pages

Encryption Easy Part Keys Difficult 119655

Uploaded by

sa9317982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views31 pages

Encryption Easy Part Keys Difficult 119655

Uploaded by

sa9317982
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

ENCRYPTION IS THE

EASY PART
MANAGING THOSE KEYS IS DIFFICULT
An Oracle Presentation | 8 Oct 2015
WELCOME

• Have a question for the speaker? Use the Attachments Button to


Text it in using the Ask A find the following:
Question button!
• PDF Copy of today’s
• Audio is streamed over your presentation
computer
• Link to the Event Home Page
• Technical issues? Click the ? where ISACA members can find
button the CPE Quiz

• Use the Feedback button to • Upcoming ISACA Events


share your feedback about
today’s event • More assets from today’s
webcast
• Questions or suggestions?
Email them to
[email protected]

2
TODAY’S SPEAKERS

Troy Kitch Saikat Saha


Director of Product Marketing Senior Product Manager
Oracle Oracle

3
AGENDA SLIDE

1. Encryption is easy
2. Key management challenges
3. Key management best practices

4
“A cryptosystem should be secure even if
everything about the system, except
the key, is public knowledge.”

Auguste Kerckhoffs
Dutch linguist and cryptographer

5
ENCRYPTION IS EASY

 Encryption is critical to data security


 Data at rest
 Data in transit

 Data-at-rest Encryption
 Database Encryption
 File Encryption
 Disk/Storage Encryption
 Application Encryption

 Encryption is mainstream now!

6
POLL 1: WHAT KIND OF ENCRYPTION SOLUTIONS DO YOU
HAVE IN PLACE?

1. Application Encryption

2. Database Encryption

3. File Encryption

4. Storage Encryption

5. All of the above

7
KEY MANAGEMENT
CHALLENGES
DATABASE ENCRYPTION AS AN EXAMPLE

Encrypted
Data encryption keys columns
created and managed by
the database

Column key

Table key

Encrypted
tablespace

9
ENCRYPTION IS EASY

Encrypted
Data encryption keys columns
created and managed by
the database
Master encryption key
Column key
encrypts data encryption
keys

Master key

Table key

Encrypted
tablespace

10
ENCRYPTION IS EASY

Encrypted
Data encryption keys columns
created and managed by
the database
Master encryption key
Column key
encrypts data encryption
keys
Master key stored Master key
outside of database,
periodically rotated by
administrator Table key
Typically, only master
key is rotated.
Encrypted
tablespace

11
ENCRYPTION IS EASY

Encrypted
Data encryption keys columns
created and managed by
the database
Master encryption key
Column key
encrypts data encryption
keys
Master key stored Master key
outside of database,
periodically rotated by
administrator Table key
Typically, only master
key is rotated.
All rotated master keys Encrypted
must be retained to tablespace
restore encrypted DB
backups / exports

12
MANAGEMENT CHALLENGES: PROLIFERATION

13
KEY MANAGEMENT CHALLENGES

14
KEY MANAGEMENT CHALLENGES: PROLIFERATION

15
KEY MANAGEMENT CHALLENGES: PROLIFERATION

16
KEY MANAGEMENT CHALLENGES IN THE CLOUD

• Security and availability of keys • Isolation of keys


– Keys securely stored and protected ‒ No co-mingling of keys between
tenants
– Inaccessible by cloud administrators
‒ Dedicated key management
– Keys are highly available platform per customer
• Customer control of keys • Compliance requirements
– Keys can be deleted by customers to – Validations: U.S. FIPS 140-2,
remove their data from cloud Common Criteria
– On-premise control by customers – Full key auditing and monitoring

17
REGULATORY REQUIREMENTS

PCI DSS v3.1


April 2015

3.5 Store cryptographic keys in a secure form (3.5.2), in the


fewest possible locations (3.5.3) and with access restricted
to the fewest possible custodians (3.5.1)

3.6 Verify that key-management procedures are implemented


for periodic key changes (3.6.4)

And more!

18
KEY MANAGEMENT CHALLENGES: SHARING KEYS

19
POLL 2: GENERALLY, HOW OFTEN DO YOU ROTATE KEYS?

1. Every 6 months

2. Every year

3. Every 2 years

4. Never
KEY MANAGEMENT CHALLENGES: ROTATION

21
WHERE DO I BEGIN?

22
POLL 3: WHAT IS YOUR PRIMARY KEY MANAGEMENT PAIN
POINT?

1. Lack of a central platform to manage all the keys


across enterprise

2. Ease of key life cycle management including key


rotation

3. Finding out where encryption keys are

4. Assurance of key availability

5. Auditing and reporting of encryption key access


and usage

23
WHERE DO I BEGIN?

24
Centralized
Key life cycle
Secure sharing
Ease-of-use

Standards

Creation
Provision Auditing
Reporting
Rotation Alerting
Expiration
25 Destruction
WHAT ARE THE KMIP STANDARDS?

26
ENTERPRISE READY

Ease of Remote
deployment monitoring

Single
pane of
Highly glass
available

Scalable

Standards SoD
compliant
27
ORACLE KEY VAULT ARCHITECTURE

Middleware
Standby

Administration
Databases Console, Alerts,
Reports

Servers

Secure Backups

= Oracle Wallet = Certificate

= Java = Server Password = Credential File


Keystore
28
NEXT STEPS

1. Prioritize and identify


2. Assess platforms that centralize
3. Choose an enterprise-ready platform

29
TO LEARN MORE ABOUT ORACLE

/OracleDatabase /OracleSecurity blogs.oracle.com/ Oracle Database Insider /Oracle/database


SecurityInsideOut
/OracleLearning

oracle.com/database/security

30
THANK YOU
FOR ATTENDING
THIS WEBINAR
LEARN MORE @ WWW.ISACA.ORG/WEBINARS

You might also like