Policy Key Management Architecture
- 格式:pdf
- 大小:992.45 KB
- 文档页数:15
CipherOptics: Network-Wide Data Protection A Policy Key Management Architecture™ Primer for Business Leaders
-2- Abstract Corporations need to protect their business transactions, customer data and intellectual property. At minimum, data loss or compromise can hurt short-term stock prices and create excessive public relations nightmares. In the long run, they can impact customer relationships and damage corporate revenues. This problem has presented a technological challenge to IT because the ideal data protection solution should secure any type of traffic over any network topology without any change to the network infrastructure and with no network performance impact. Until now, data protection solutions were not capable of meeting these requirements. In fact many so-called “solutions” caused so many other issues and forced so many compromises they could hardly be considered solutions at all. With the introduction of CipherOptics’ Policy & Key Management Architecture™ (PKMA™) and CipherEngine™ Policy & Key Manager product, enterprises can now secure their data in motion as it has never been possible before. CipherOptics PKMA is a network overlay for the generation and distribution of policies and keys that allows enterprises to dynamically protect data across their entire network, without compromising network best practices or introducing unmanageable cost and complexity into the network. CipherOptics PKMA can accommodate all network requirements for the protection of data transmissions over the network, in particular over redundant, load balanced, multicast, broadcast and MPLS networks.
-3- Table of Contents Abstract......................................................................................................................................................................................2 The Best Security Defense: Protecting Data on the Network.........................................................................................4 How to Protect Enterprise Networks..................................................................................................................................4 Present Network Data Protection Solutions.......................................................................................................................5 Limitations when Securing Networks with IPSec..............................................................................................................6 Introducing CipherOptics’ Policy Key Management Architecture.................................................................................8 Deploying CipherOptics CipherEngine.............................................................................................................................10 Use Cases.................................................................................................................................................................................12 Use Case: Deploying CipherEngine in a Resilient IP Network...............................................................................12 Use Case: Deploying CipherEngine for MPLS Networks........................................................................................12 Conclusion...............................................................................................................................................................................13 About CipherOptics..............................................................................................................................................................13 References...............................................................................................................................................................................15 Acronyms................................................................................................................................................................................15
-4- The Best Security Defense: Protecting Data on the Network Today’s corporate intruders are clearly not motivated just by fame, but also by profit from their intrusions. So it is not surprising to find, as reported in the CSI/FBI 2005 Computer Crime and Security Survey1 that the major type of attack, second only after the spread of viruses is unauthorized access to corporate/customer information and theft of proprietary information. The cost of these attacks is on the rise as well since they focus much more on the weaknesses of their targets involve higher levels of technical sophistication and are therefore more difficult to stop. Present monitoring tools such as firewalls and intrusion detection and prevention systems that are efficient for generic types of attacks are, in fact, insufficient against these well-targeted and sophisticated types of attacks. According to the CSI/FBI2 survey, the average cost to a company for unauthorized access to information has increased from $51,545 in 2004 to $303,234 in 2005. Theft of proprietary information has increased from $168,529 in 2004 to $355,552 in 2005. This growing access to, and theft/loss of, high value information has put enterprises at severe risk. Over the last few years, these risks have led to the introduction of many regulatory and compliance laws, including Sarbanes-Oxley (SOX), HIPAA, GLBA, California SB 1386 and many others. These laws, including the European Union Directives, place clear responsibility on companies and organizations to protect their sensitive customer data. This is great from a consumer perspective but many of these regulations require levels of data protection that can significantly affect the bottom line of corporations across many different industries. Corporations need to take steps to protect their business transactions, customer data and intellectual property more so now than ever before. Headlines made by Veteran’s Affairs, CitiBank, Disney, Bank of America, Microsoft and many others should remind every corporate executive to continually evaluate the level of data protection used to secure their corporate assets. Data loss or compromise can create, at minimum, excessive public relations nightmares and often hurts stock prices. In the long run, they can impact customer relationships and damage corporate top and bottom lines. In the end, the best defense for any organization is to protect data everywhere and at all times within the network. How to Protect Enterprise Networks Protecting network communications is an ever-growing challenge for IT organizations. Today’s networks have complex architectures and boundaries resulting in massive vulnerabilities. And as reported by the CERT3, these vulnerabilities have increased by 58% from 2004 to 2005. Without data protection, network traffic can be intercepted, inspected, modified, redirected and used for malicious/unintentional purposes. Also, with either the sender or the receiver being able to falsify their identities, these unauthorized users can have access to information, severely compromising today’s corporations. Traditional perimeter security technologies such as firewalls and intrusion detection/prevention systems are, no longer sufficient at guaranteeing safe internal business communications. As a result, enterprises are adopting 1 www.gocsi.com/press/20050714.jhtml 2 www.gocsi.com/press/20050714.jhtml 3 www.cert.org/stats