Insert Your Name Insert Your Title Insert Date SafeNet ProtectV Data Protection for Virtual Infrastructure ProtectV Overview © SafeNet Confidential and Proprietary Andrey Laptev PreSales Consultant, Russia & CIS
Jan 12, 2015
Insert Your Name
Insert Your Title
Insert Date
SafeNet ProtectV Data Protection for Virtual Infrastructure ProtectV Overview
© SafeNet Confidential and Proprietary
Andrey Laptev
PreSales Consultant,
Russia & CIS
Virtualization Risks
How secure is my data in a virtualized world?
VMs are easy to copy (and steal).
VMs are easy to move.
VMs introduce a new class of
privileged users and
administrators—server, storage,
backup, and application—all
operating independently.
VMs have multiple instances,
snapshots and backups of data.
And what about your Disaster
Recovery site?
APP APP APP APP
OS OS OS OS
Hypervisor
Compute Layer
Storage
Backup
Snapshots Snapshots
Cloud Risks
Intellectual
Property
Sensitive
Communications Critical data
Customer data Payment info
File Servers
SharePoint Services
Mail Servers
Web Servers
E-commerce
App server
• Do I have control of my data?
• Who is accessing my data?
• Where is my data?
• Is InfoSec going to stop me from
moving to the cloud?
Data Protection for Virtual Infrastructure
ProtectV is the industry’s first comprehensive solution
for protecting virtual environments.
With ProtectV you can:
• Isolate your data
• Authorize virtual machine instance launches
• Track key access to all copies of your data
• Revoke key access in case of a breach
ProtectV enables you to migrate your sensitive
data to virtual datacenters, the cloud and untrusted
or shared environments securely.
6 © SafeNet Confidential and Proprietary
Anatomy of Securing Your Data in Virtual or Cloud Environments
KeySecure 3a
ProtectV Manager 1
ProtectV Client 2
Protected Virtual
Machines
2. ProtectV Client is installed on
your virtual machine or your
servers in your datacenter.
1. ProtectV Manager is a virtual
machine instance that runs
in a virtualized/cloud
environment.
3. KeySecure is a hardened, high-
assurance enterprise key management
solution in a hardware or in a new
virtualized platform, Virtual KeySecure
Protected Volumes
Hypervisor
Storage
Protected on-premise servers
in physical datacenter
Virtual
KeySecure 3b
ProtectV: Secures Your Virtual Data
ProtectV API makes server provisioning automated
and efficient enabling you to PowerOn a VM securely
You must be
authenticated and
authorized to launch
a VM
All data and VMs are
encrypted
Every time you
delete a key, it
“digitally shreds”
the data, rendering
all copies of VMs
inaccessible
Every copy of VM in
storage or backup is
encrypted
Power On
Start
Daily Operations
Snapshot
Delete
1
2
3
4
5
8 © SafeNet Confidential and Proprietary
ProtectV Delivers Complete VM Encryption
• Encryption of entire virtual machine (VM)
• Encryption of system/OS partition
• Encryption of data partition
• Encryption of associated snapshots and
backups (DR sites etc.)
Entire VM is
encrypted
Secured VMs
Secured Volumes
9 © SafeNet Confidential and Proprietary
ProtectV Delivers Ownership & Control of Your Data
• StartGuard pre-launch user
authentication and authorization to
launch a virtual machine instance
• Separation of duties between
infrastructure and security
administrators
• KeySecure Hardware based FIPS
140-2 level 3 certified Enterprise Key
Manager or Virtual KeySecure
hardened virtual security
appliance
StartGuard Pre-Launch Authentication &
Authorization
On-Premise EKM
Secured VMs
Virtual EKM
NEW!
10 © SafeNet Confidential and Proprietary
ProtectV Delivers Visibility & Proof of Data Governance
11
• Unified management - at-a-glance
dashboard view and central audit
point
• On-premise or virtualized key
management audit for encryption
keys
Centralized security management
On-Premise EKM
Virtual EKM
© SafeNet Confidential and Proprietary
Deployment Scenario: Public Cloud
Example of an AWS EC2 deployment
Public Cloud
ProtectV Manager (HA)
Trusted on-premise location
ProtectV Client
KeySecure (HA)
12 © SafeNet Confidential and Proprietary
Deployment Scenario: Virtual Datacenter
Example of a VMware deployment
ProtectV Manager (HA)
Trusted on-premise location
ProtectV Client
KeySecure (HA)
Virtualized Data Center
13 © SafeNet Confidential and Proprietary
ProtectV: Environments, Impact, Products
• ProtectV currently supports the following environments:
• Amazon Web Services EC2
• Amazon Web Services VPC
• VMware vCenter
• ProtectV impacts performance by 10% - 15% in standard
AWS EC2 scenarios
• Complementary products to ProtectV:
• KeySecure (k150 and k460) and Virtual KeySecure (k150v)
• DataSecure (i150 and i450) and Virtual DataSecure (i150v)
14 © SafeNet Confidential and Proprietary
At-a-Glance Control of Your Data
15 © SafeNet Confidential and Proprietary
ProtectV Delivers
Unified management - at-a-glance dashboard view and
central audit point
Manage physical, virtual and cloud servers from a single
management console.
On-premise key management audit for encryption key
usage
Visibility and proof of data governance
Pre-launch user authorization to access a VM
Encryption based separation of duties across virtual and
physical environments
Unified HW based FIPS 140-2 level 3 certified key
management to ensure VM ownership
Ownership and control of your
data
Encryption of entire VM or server
Encryption of associated storage volumes (mapped drives),
VM instances (snapshots, backups) and locations (DR sites
etc.)
Even the entire OS partition is protected
Complete VM or server encryption
16 © SafeNet Confidential and Proprietary
Thank You
18 © SafeNet Confidential and Proprietary