Enterprise Encryption and Key Management Strategy

THE TIME IS NOW

Vormetric Contact:
Name: Tina Stewart
Email: Tina-Stewart@vormetric.com

Download ESG Whitepaper

(send traffic to a registration page on Vormetric site for whitepaper download)

White Paper: Enterprise Encryption and Key Management Strategy

Overview
i
Large organizations need an enterprise encryption strategy. This should include central command and control, distributed policy enforcement, tiered administration, and an enterprise-class key management service.

Vormetric is the leader in enterprise encryption and key management. Our Data Security solution

In this presentation we share key insights from EGSs whitepaper on: Enterprise Encryption and Key Management Strategy The Time Is Now, By Jon Oltsik

This ESG white paper was commissioned by

Vormetric, Inc.
and is distributed under license from ESG.

encrypts any file,

any database, any application, anywhere.

White Paper: Enterprise Encryption and Key Management Strategy

The Time is Now

Your Business Data is Everywhere and Accessed by Everyone Ad hoc Data Security = increased risk and business exposure Large organizations need an enterprise encryption strategy
Central Command and Control Distributed Policy Enforcement Tiered Administration Enterprise-class key management service

White Paper: Enterprise Encryption and Key Management Strategy

Drivers of Enterprise-Class Data Security Solutions

Regulatory Compliance
State, industry and international privacy regulations require or recommend encryption for data security.

Intellectual Property Protection

Advanced Persistent Threats (APTs) resulting in IP theft are forcing enterprises to aggressively respond with data encryption technologies.

Publically Disclosed Breaches

126 breaches and 1.5Million personal records reported in 2012 alone. Including well known names Arizona State University and Zappos.com.

White Paper: Enterprise Encryption and Key Management Strategy

Top Investment: Data Encryption

Which of the following security technology products/solutions has your organization purchased in response to APTs? (Percent of respondents, N=95, multiple responses accepted)

Data encryption technologies Web gateway for blocking suspicious URLs and web based content Application firewalls Specific technology defenses designed to detect and prevent APT attacks Database security technologies Managed security services DLP (data loss prevention) technologies New types of user authentication/access controls Endpoint white-list/black-list enforcement technologies Third-party penetration testing service from specialty firm
Source: Enterprise Strategy Group,2012

54% 49%

44%
44% 43% 39% 35% 31% 24% 21%
0% 10% 20% 30% 40% 50% 60%

White Paper: Enterprise Encryption and Key Management Strategy

Data Security Growing Pains

!
Each tool has its own administration and key management

Source: enterprise Strategy Group, 2012

White Paper: Enterprise Encryption and Key Management Strategy

Data Security Growing Pains

Issue
Lack of standards

Cost
Redundancy- processes, tools, licenses, training

Risk
High risk of data loss or a security breach. No central view for risk management or measurement of KPIs. Increased security risk. Encryption keys exposure.

No central command and control

Redundancy- processes, tools, licenses, training

Multiple key management systems

Redundancy- processes, training

Organizational misalignment

Additional/ unfamiliar tasks for functional IT staff

Human intervention increases security risks.

All of these issues create operational overhead and increased risk.

White Paper: Enterprise Encryption and Key Management Strategy

Considerations for Enterprise Strategy

Transparent
Encryption must fit into existing infrastructure and processes without altering or affecting existing systems and application.

Provides Executive Visibility

CISOs should be able to assess risk across the enterprise at all times and keep executive management informed.

Owned by the security team

Key Management responsibilities must reside with specific, trained staff dedicated to this function.

White Paper: Enterprise Encryption and Key Management Strategy

Key Enterprise Architectural Features

1 Central Command &

Control

2 2 Distributed Policy Enforcement

3 Tiered

Administration

4 Enterprise-class Key
Management

White Paper: Enterprise Encryption and Key Management Strategy

The Bigger Truth The Time is Now.

i
One of your most valuable assets, sensitive data, faces an increasing level of risk ESG highly recommends that CISOs develop an enterprise encryption strategy as soon as possible.

1
DEFINE
the ideal encryption solution for your needs

2 2
ASSESS
what you have in place today

3
IDENTIFY
gaps in your current implementations

White Paper: Enterprise Encryption and Key Management Strategy

10

4
AUGMENT
current ad hoc solutions

Enterprise Encryption and Key Management Strategy

THE TIME IS NOW
Download ESG Whitepaper @Vormetric

Vormetric Contact:

Tina Stewart Tina-Stewart@vormetric.com

Click - to - tweet

White Paper: Enterprise Encryption and Key Management Strategy

11