Data Protection in 2016 - Top 5 Use Cases

www.thales-esecurity.com
Data Protection in 2016:
Top 5 Use Cases
KRISTINA CAIRNS, SENIOR PRODUCT MARKETING MGR
SANDER TEMME, SENIOR PRODUCT MANAGER
FEBRUARY 17, 2016

2
This document may not be reproduced, modified, adapted, published, translated, in
any way, in whole or in part or disclosed to a third party
without the prior written consent of Thales - © Thales 2016 All rights reserved.
Welcome
▌Today’s outlook
▌How Hardware Security Modules will help secure the future
▌Top 5 Use Cases for Hardware Security Modules
▌Further resources

3
Today’s reality: targeted and successful data breaches
www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

4
Many Connected “Things”
▌ 6.4B Connected "Things" will be in use in 2016
Up 30% from 2015
▌ Manufacturers must secure the data that connected devices are sharing
Robust device authentication & data protection will be crucial
Public Key Infrastructures will play strong role
Source: Gartner, http://www.gartner.com/newsroom/id/3165317
Thales Blog post: “How
to safeguard your data in
the age of the
Vulnerability of Things”

5
Security Trends
Today’senvironment
Continual cyber attacks
New data privacy regulations
Connected everything
Mobile payments on the rise

Securing the future

7
Hardware Security Modules provide utmost security
▌What’s the best way to protect your organization’s sensitive data in
today’s highly connected world?
More companies than ever are turning to Hardware Security Modules (HSMs)
Un-paralleled protection of cryptographic operations
Manage encryption keys, digital signatures, and more, within tamper-resistant
hardware devices.

8
HSMs: certified platform for trust management
▌ What are HSMs?
Hardened, tamper-resistant devices
isolated from host environment
Alternative to software crypto
libraries
▌ What do HSMs do?
Secure cryptographic operations
Protect cryptographic keys
Enforce policy over use of keys
Business Application Application Data
Encrypted/decrypted or
signed data
Data to be signed,
encrypted/decrypted
HSM security boundary
HSM Application Keys inside
security boundary
Secure crypto
processing
engine

9
The nShield HSM family
nShield Connect
Network attached appliance
Shared crypto resource
High-volume transactions
High availability
nShield Solo
Server-embedded card
Dedicated processing
Compact PCIe design
Certified implementations of all leading algorithms
nShield HSMs are FIPS 140-2 Level 3 certified
Market leading platform for trusted applications
nShield Edge
Portable HSM
Small footprint
USB interface

10
How are organizations using HSMs today?
PKIs
Custom
applications
Digital
signing
SSL
Code signing

11
#1 Use case: PKIs
▌ Public Key Infrastructures (PKIs)
61% of customers surveyed said PKI was their main HSM application
Average PKI supports seven enterprise applications
▌ PKI use growing
Rise of cloud and mobile
Devices, applications, and “things” require credentialing and a secure way to
communicate

12
PKI use cases
Digital Cinema
Authentication between
playback devices and
servers, content
encryption, watermarking
Manufacturing
Unique identities &
device authenticity to
prevent counterfeiting,
IoT
Polycom
Case Study
PRIMA CINEMA
Case Study

13
#2: Custom Applications
▌ It’s not just data… Applications need to be protected too
Protecting sensitive applications is critical for safeguarding IP
Running applications within a protected environment is increasingly popular as
more mission-critical apps handle sensitive data
In 2016, we expect to see more organizations moving sensitive algorithms off their
application servers and executing them inside the FIPS boundary of an HSM.
Thales’s CodeSafe runs apps inside HSMs

14
bitcoin
▌ Critical trust challenge
Keys must be protected and stored in a secure location. Because transactions are
anonymous and non-reversible, they are vulnerable to theft. If stolen, they are
pretty much untraceable.
▌ HSMs offer
Private key protection
Key derivation
Multi-signature capability for dual control
bitcoin basics
 Users record transactions in an open “ledger”
 Ledger consists of a “blockchain” of transaction data
 To send a bitcoin, you need
• A private key from which a public key is derived
• A bitcoin address
• A wallet for your private key
Blockchain experts
Thales partner

15
#3 Digital Signing
▌ 26% of customers cite digital signing as the primary HSM use case
▌ Popular application is signing barcodes used in electronic transactions
Examples include e-tickets for sporting events or airlines
▌ In 2016, we expect to see digital signing to rise
New regulations
Increasing adoption of cloud-based signing models, where signing keys are protected,
stored and managed on behalf of the signer by a cloud provider
e-Ticketing
Securing e-Tickets
 Data such as loyalty numbers can be extracted from
barcodes
 Signing barcodes with cryptographic keys helps ensure
integrity
 Digital signature keys managed in HSMs

16
#4 SSL
▌26% of our customers use HSMs for SSL
▌Poised to grow in 2016
▌Rising use of application delivery controllers (ADCs) driving
HSM adoption
Security of keys
Performance demands of networking environment in today’s world of
web applications and cloud-based services

17
SSL Use Case
DNS
InternetInternet
SSL
SSL
SSL
SSL
SSL
SSL
SSL
WebAddress
IPAddress
Application Delivery Controllers (ADCs) balance
traffic while HSMs protect keys.
ADCs
Servers
Hosting applications
HSMs

18
#5 Code Signing
▌ Lessons from attacks like Stuxnet and Duqu
Attackers who steal an organization’s private signing keys can replace legit code with
malware  both malware installation plus identity fraud
▌ Not just a problem for companies producing software
Banks who develop mobile apps
Manufacturers who produce control systems for cars
Media providers that need to control access to content
 With such a variety of organizations now at risk, more will look toward HSMs to help
authenticate code.

New nShield XC Series

20
Faster! Bigger!
▌Thales introduces nShield XC Solo & Connect HSMs
Accelerated transactions
Best in class Elliptic Curve Cryptography (ECC)
More room for customer apps run in HSM boundaries using
CodeSafe, unique Thales feature

21
XC Benefits
More Powerful Apps
nShield XC expands
memory, letting our
customers run larger and
more powerful apps in
CodeSafe.
Fastest ECC = Versatility
nShield supports the fastest
ECC transactions of any HSM
on the market. Ideal for
helping secure variety of
apps including emerging IoT.
Speed + Volume
nShield XC helps our
customers manage
crypto keys and sign
apps at higher rates.
ECC, one of today’s
most efficient security
algorithms, is favored where low
power consumption is crucial.

22
Why THALES e-Security?
Summary
▌Solutions for 2016 and beyond
Secure increasingly important PKIs partnering with Thales experts
Protect custom applications in unique run-time environment within secure
HSM boundary (CodeSafe)
Benefit from experience from hundreds of use cases across traditional,
virtualized, and cloud-based environments
▌Outstanding global support and services to help you succeed

23
Resources and questions
▌ Resources referenced in this webcast
Blog post: How to safeguard your data in the age of the Vulnerability of Things
www.thales-esecurity.com/blogs/2016/february/safeguarding-your-data
PRIMA CINEMA case study:
www.thales-esecurity.com/knowledge-base/case-studies/prima-cinema
Polycom case study:
www.thales-esecurity.com/knowledge-base/case-studies/polycom
▌ Next Thales e-Security webcast
Global Encryption Trends
10 A.M. ET on March 23, 2016
Thank you!

Data Protection in 2016 - Top 5 Use Cases

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (15)

Recently uploaded

Recently uploaded (20)

Data Protection in 2016 - Top 5 Use Cases

Editor's Notes