KeySecure and Encryption Connectors

SafeNet KeySecure & Encryption Connector Portfolio

• IBM DB2
• Oracle
• Microsoft SQL Server
• Linux
• Samba
• IBM • Windows Server
• SAP • Novell
• BEA • Apache Hadoop • Multiple programming
• Apache • Cassandra languages
• Sun • mongoDB • SOAP and REST interfaces
• IBM • Oracle • Microsoft SharePoint • OPEN XML interface
• • • Amazon EC2 & S3 • Amazon Web • KMIP interface
BEA • IBM DB2 Java
• Sun • Oracle • Jboss • Chef Services • Tape Libraries
• • • Docker • Microsoft Azure • Storage
Apache • Microsoft Cassandra
• Oracle • VMware • Cloud gateways
SQL Server SafeNet
• Java SafeNet • IBM SoftLayer • Databases
ProtectFile • Applications
• Jboss SafeNet Tokenization SafeNet
SafeNet ProtectDB ProtectV
ProtectApp Ecosystem

Application File Servers Virtual

Databases Servers & Shares Machines
Web &
Application Servers Apps | GW | Tape
Disk | KMIP | TDE |
Storage

• Key and crypto engine

• Authentication and authorization
• Key lifecycle management
• SNMP, NTP, SYSLOG

SafeNet KeySecure Platform

Distributed Key Management
 Database and File Protection Options

In Physical, Virtual, and Cloud Environments

File/Folder/Share Encryption
SQL Database Encryption NoSQL Database
(DAS/NAS/SAN)
ProtectApp
Application level encryption
ProtectApp ProtectFile
Tokenization Application level encryption Transparent file encryption at the
Application level tokenization file-system level

ProtectDB Tokenization
Transparent column level encryption Application level tokenization ProtectApp
Multi-purpose APIs to perform
data encryption, including file
ProtectFile encryption at the application level
Transparent database file encryption ProtectFile
Transparent database file encryption

TDE
Transparent data encryption

Customer-Controlled Key Management

KeySecure Virtual KeySecure

On-premises Cloud/Virtual environments
 Deployment Options
SafeNet ProtectApp
APPLICATION-LEVEL ENCRYPTION
On-premises Cloud/Virtual

Encrypt application data and keep it secure across its SUPPORTED PLATFORMS
entire lifecycle – no matter where it is transferred, backed Web Application Servers
up, or copied  Apache Tomcat
Rich application encryption and flexible key management  IBM WebSphere
 IBM AS/400
interfaces  Jboss
Broad standard and interface support, including web  Microsoft IIS
 Oracle WebLogic
services  SAP NetWeaver
Easy deployment and management, including built-in key  Sun ONE
 And more…
rotation and data re-keying
Built-in health checking and multi-tier load balancing Cloud/Virtual Infrastructures
Secure authentication, granular authorization, and  All public cloud and virtual
environments, including Amazon
detailed logging and auditing Web Services, Microsoft Azure, and
Large and growing ecosystem VMware

Development Libraries/APIs
Integrates with SafeNet KeySecure to provide:  Java, C/C++, .NET
Centralized administration of application encryption  XML open interface, KMIP standard
 Web services, including SOAP
policy and keys and REST
Ability to offload cryptographic processing to KeySecure
for improved performance Certificates
 X509, PKCS1, PKCS8, PKCS12
 Export, Import, Monitor

4
 Application Level Encryption

Application Server Database Server

SafeNet
ProtectApp

SafeNet
KeySecure

5
 SafeNet ProtectApp: Common Use Cases

Protect personally Protect data Meet compliance

identifiable information in the cloud and regulatory mandates

Secure Deploy a KMIP-enabled

intellectual property key management solution

6
 Deployment Options
SafeNet ProtectDB
COLUMN-LEVEL DATABASE ENCRYPTION
On-premises Cloud/Virtual

Encrypt column-level data in databases transparently in SUPPORTED PLATFORMS

multi-vendor database management systems
Databases
Define granular access controls by role, user, time of day,  Oracle
 Microsoft SQL Server
and other variables  IBM DB2
Prevent database administrators (DBAs) from
impersonating users with access to sensitive data Operating Systems
 Microsoft Windows
Increase security of sensitive data with seamless,  Linux
 Solaris
built-in key rotation and data re-keying  HP-UX
 AIX
Secure communication, logging, and auditing  IBM i/OS
Multi-site support with built-in load balancer
Cloud/Virtual Infrastructures
 All public cloud and virtual
Integrates with SafeNet KeySecure to provide: environments, including Amazon
Centralized key and policy management Web Services, Microsoft Azure, and
VMware
Segregation of data and keys
Strong separation of duties
Ability to meet compliance mandates

7
 Transparent Database Encryption

Application Server Database Server

SafeNet
ProtectDB

SafeNet
KeySecure

8
 SafeNet ProtectDB: Common Use Cases

Secure financial data Meet compliance and regulatory

mandates, specifically PCI DSS

Protect data Protect personally

in the cloud identifiable information

9
 Deployment Options
SafeNet ProtectFile
FILE AND FOLDER ENCRYPTION
On-premises Cloud/Virtual

SUPPORTED PLATFORMS
Transparent, comprehensive encryption for file shares
and network drives (DAS, NAS and SAN) Operating Systems
 Microsoft Windows
Granular access controls to ensure only authorized  Linux: Oracle, Red Hat Enterprise
users or processes can view protected data Linux, SUSE, Ubuntu, AIX, Centos

Prevent rogue administrators from impersonating users Databases

 Oracle
with access to sensitive data  mongoDB
 Cassandra
Easy and automated deployment in large environments  IBM DB2
 Microsoft: SQL Server, SharePoint
Comprehensive logging and auditing capabilities  MySQL
Deep and shallow key rotation  PostgreSQL

FIPS 140-2 strength AES algorithms Cloud/Virtual Infrastructures

 All public cloud and virtual
environments, including Amazon
Web Services, Microsoft Azure, and
Integrates with SafeNet KeySecure to provide: VMware
Centralized key and policy management Big Data
 Apache Hadoop
Segregation of data and keys  IBM InfoSphere BigInsights
Strong separation of duties Other
 Cloud Management: Chef
Ability to meet compliance mandates  Containers: Docker

10
 File System-level Encryption

File Server
Applications (On premises/Virtual/Cloud)

SafeNet
ProtectFile

SafeNet
KeySecure

11
 SafeNet ProtectFile: Common Use Cases

Protect personally Protect data Enable separation of duties

identifiable information in the cloud

Segregate departmental data Secure big data Protection of data in

on servers implementations SQL/NoSQL databases,
mongoDB, and Cassandra

12
 Deployment Options
SafeNet Tokenization
APPLICATION-LEVEL TOKENIZATION
On-premises Cloud/Virtual

Protect high value information by replacing it with a SUPPORTED PLATFORMS

surrogate value, or “token”, that preserves the length and Token Vault Databases
format of the data  Microsoft SQL Server
 MySQL
No changes necessary to applications, databases, or  Oracle
 Cassandra
legacy systems
Unlimited data type support Application Servers
 IBM
Broad token format support, including regular  SAP
 Bea
expressions and customized formats  Apache
Granular access controls ensure only authenticated  Sun
 Oracle
users or systems can view protected tokens and data  Java
 JBoss
 And more…

APIs
Integrates with SafeNet KeySecure to provide:  Java
 .NET
Single, centralized interface for logging, auditing,  Web Services (SOAP, REST/JSON)
and reporting access to protected data, keys, and tokens

13
 Token Handling
Token generation: Plaintext (sensitive information) is sent by application with request for tokenization

Token Managers

Keyed hash is
generated using
hash key on KS

If hash exists:
Corresponding token is returned.
KeySecure
Lookup on hash
If no hash exists: is performed
 Token is generated Token Vault
 Value is encrypted
 Token, cipher text, and hash
are written to the token vault Protected Zone
AES 256
Versioned key

De-tokenization: Token is sent by application with request for plaintext value (Get Token)
 Token is looked up
 Corresponding ciphertext is decrypted and sent back to the application

14
 SafeNet Tokenization: Common Use Cases

Protect personally Protect data Meet compliance and regulatory

identifiable information in the cloud mandates, specifically PCI DSS

Secure big data Prevent exposure of

Secure financial data sensitive data in production
implementations
databases to non-
production environments
(testing, development,
staging, research, etc.)

15
 SafeNet ProtectV Deployment Options

ENCRYPTION OF ENTIRE VIRTUAL MACHINE

Cloud/Virtual

Ensure secure virtualization and cloud migration by SUPPORTED PLATFORMS

encrypting the entire virtual machine, including associated Public/Private Cloud
 Amazon Web Services
storage volumes (mapped drives), instances (snapshots  Microsoft Azure
 VMware
and backups), and partitions (system/OS, data)  IBM Softlayer Cloud

Maintain ownership and control of data and encryption

keys at all times
Authorize virtual machine instance launches with ProtectV
StartGuard
Track and report on key access to all copies of your data
Revoke key access in case of a breach

Integrates with SafeNet KeySecure to provide:

Single, centralized interface for logging, auditing,
and reporting access to protected data and keys

16
 SafeNet ProtectV Virtual Machine Encryption
SafeNet SafeNet SafeNet
KeySecure ProtectV Manager ProtectV Client
On-premises or Virtual Virtual Virtual

Protected
Volumes

TLS* TLS
Secure
Channel

Protected Volumes

Hypervisor

Centralized key Centralized discovery Crypto and

management and management pre-boot services

*Transport Layer Security

17
 ProtectV: Common Use Cases

Enable separation of duties between

Enable secure Meet compliance
cloud service provider, storage,
cloud migration and regulatory mandates
security and other administrators

Protect data against Support for hybrid

lawful seizure cloud environments

18
SafeNet KeySecure & Encryption Connector Portfolio
• IBM DB2
• Oracle
• Microsoft SQL Server
• Linux
• Samba
• IBM • Windows Server
• SAP • Novell
• BEA • Apache Hadoop • Multiple programming
• Apache • Cassandra languages
• Sun • mongoDB • SOAP and REST interfaces
• IBM • Oracle • Microsoft SharePoint • OPEN XML interface
• • • Amazon EC2 & S3 • Amazon Web • KMIP interface
BEA • IBM DB2 Java
• Sun • Oracle • Jboss • Chef Services • Tape Libraries
• • • Docker • Microsoft Azure • Storage
Apache • Microsoft Cassandra
• Oracle • VMware • Cloud gateways
SQL Server SafeNet
• Java SafeNet • IBM SoftLayer • Databases
ProtectFile • Applications
• Jboss SafeNet Tokenization SafeNet
SafeNet ProtectDB ProtectV
ProtectApp Ecosystem

Application File Servers Virtual

Databases Servers & Shares Machines
Web &
Application Servers Apps | GW | Tape
Disk | KMIP | TDE |
Storage

• Key and crypto engine

• Authentication and authorization
• Key lifecycle management
• SNMP, NTP, SYSLOG

SafeNet KeySecure Platform

Distributed Key Management