SafeNet ProtectV Data Protection for Virtual Infrastructure

Insert Your Name

Insert Your Title

Insert Date

SafeNet ProtectV Data Protection for Virtual Infrastructure ProtectV Overview

© SafeNet Confidential and Proprietary

Andrey Laptev

PreSales Consultant,

Russia & CIS

Virtualization Risks

How secure is my data in a virtualized world?

VMs are easy to copy (and steal).

VMs are easy to move.

VMs introduce a new class of

privileged users and

administrators—server, storage,

backup, and application—all

operating independently.

VMs have multiple instances,

snapshots and backups of data.

And what about your Disaster

Recovery site?

APP APP APP APP

OS OS OS OS

Hypervisor

Compute Layer

Storage

Backup

Snapshots Snapshots

Cloud Risks

Intellectual

Property

Sensitive

Communications Critical data

Customer data Payment info

File Servers

SharePoint Services

Mail Servers

Web Servers

E-commerce

App server

• Do I have control of my data?

• Who is accessing my data?

• Where is my data?

• Is InfoSec going to stop me from

moving to the cloud?

Data Protection for Virtual Infrastructure

ProtectV is the industry’s first comprehensive solution

for protecting virtual environments.

With ProtectV you can:

• Isolate your data

• Authorize virtual machine instance launches

• Track key access to all copies of your data

• Revoke key access in case of a breach

ProtectV enables you to migrate your sensitive

data to virtual datacenters, the cloud and untrusted

or shared environments securely.

6 © SafeNet Confidential and Proprietary

Anatomy of Securing Your Data in Virtual or Cloud Environments

KeySecure 3a

ProtectV Manager 1

ProtectV Client 2

Protected Virtual

Machines

2. ProtectV Client is installed on

your virtual machine or your

servers in your datacenter.

1. ProtectV Manager is a virtual

machine instance that runs

in a virtualized/cloud

environment.

3. KeySecure is a hardened, high-

assurance enterprise key management

solution in a hardware or in a new

virtualized platform, Virtual KeySecure

Protected Volumes

Hypervisor

Storage

Protected on-premise servers

in physical datacenter

Virtual

KeySecure 3b

ProtectV: Secures Your Virtual Data

ProtectV API makes server provisioning automated

and efficient enabling you to PowerOn a VM securely

You must be

authenticated and

authorized to launch

a VM

All data and VMs are

encrypted

Every time you

delete a key, it

“digitally shreds”

the data, rendering

all copies of VMs

inaccessible

Every copy of VM in

storage or backup is

encrypted

Power On

Start

Daily Operations

Snapshot

Delete

1

2

3

4

5


ProtectV Delivers Complete VM Encryption

• Encryption of entire virtual machine (VM)

• Encryption of system/OS partition

• Encryption of data partition

• Encryption of associated snapshots and

backups (DR sites etc.)

Entire VM is

encrypted

Secured VMs

Secured Volumes


ProtectV Delivers Ownership & Control of Your Data

• StartGuard pre-launch user

authentication and authorization to

launch a virtual machine instance

• Separation of duties between

infrastructure and security

administrators

• KeySecure Hardware based FIPS

140-2 level 3 certified Enterprise Key

Manager or Virtual KeySecure

hardened virtual security

appliance

StartGuard Pre-Launch Authentication &

Authorization

On-Premise EKM

Secured VMs

Virtual EKM

NEW!


ProtectV Delivers Visibility & Proof of Data Governance

11

• Unified management - at-a-glance

dashboard view and central audit

point

• On-premise or virtualized key

management audit for encryption

keys

Centralized security management

On-Premise EKM

Virtual EKM

© SafeNet Confidential and Proprietary

Deployment Scenario: Public Cloud

Example of an AWS EC2 deployment

Public Cloud

ProtectV Manager (HA)

Trusted on-premise location

ProtectV Client

KeySecure (HA)


Deployment Scenario: Virtual Datacenter

Example of a VMware deployment

ProtectV Manager (HA)

Trusted on-premise location

ProtectV Client

KeySecure (HA)

Virtualized Data Center


ProtectV: Environments, Impact, Products

• ProtectV currently supports the following environments:

• Amazon Web Services EC2

• Amazon Web Services VPC

• VMware vCenter

• ProtectV impacts performance by 10% - 15% in standard

AWS EC2 scenarios

• Complementary products to ProtectV:

• KeySecure (k150 and k460) and Virtual KeySecure (k150v)

• DataSecure (i150 and i450) and Virtual DataSecure (i150v)


At-a-Glance Control of Your Data


ProtectV Delivers

Unified management - at-a-glance dashboard view and

central audit point

Manage physical, virtual and cloud servers from a single

management console.

On-premise key management audit for encryption key

usage

Visibility and proof of data governance

Pre-launch user authorization to access a VM

Encryption based separation of duties across virtual and

physical environments

Unified HW based FIPS 140-2 level 3 certified key

management to ensure VM ownership

Ownership and control of your

data

Encryption of entire VM or server

Encryption of associated storage volumes (mapped drives),

VM instances (snapshots, backups) and locations (DR sites

etc.)

Even the entire OS partition is protected

Complete VM or server encryption


Thank You


SafeNet ProtectV Data Protection for Virtual Infrastructure

Technology

data encryption

data safenet confidential

virtual environments

backups of data

virtual datacenters

sensitive data

products protectv

encrypted safenet confidential