ged- i ltd storage security
DESCRIPTION
GED- i Ltd Storage Security. Securing Data Residing on Storage devices and Data Transferred over IP Networks. www.ged-i.com +972 9 8651054 [email protected]. Why Encryption is needed ?. Cost of Data Theft. Regulations. Security Incidents. Where Encryption is needed ?. - PowerPoint PPT PresentationTRANSCRIPT
GED-i LtdStorage Security
GED-i LtdStorage Security
GED-I Proprietary
www.ged-i.com +972 9 8651054 [email protected]
Securing Data Residing on Storage devices
and Data Transferred over IP Networks
GED-I Proprietary
Why Encryption is needed ?
Regulations Cost of Data TheftSecurity Incidents
GED-I Proprietary
Where Encryption is needed ?
Enterprise Data CenterDRP Site
Health Institutions
Financial Institutions
University Research Center
Government Defense
Bank
Remote Hosting
Merchants Payments Processors
ISP Site
GED-i Products offeringData Encryption
GED-i Products offeringData Encryption
GED-I Proprietary
GDDS
GPDS
AIO - i AIO - FC
AIO - HA
Superior - i Superior - FC
Superior - HA
Personal Enterprise infrastructureEnterprise
Best Security
Entry level
Security
Department
GED-i Products offeringNetwork Encryption
GED-i Products offeringNetwork Encryption
GED-I Proprietary
G4Crypt 100
Enterprise infrastructureEnterprise
Fast
Slow
Department
G4Crypt 300
G4Crypt 1000
Data Security Layers
GED-I Proprietary
Network Network SecurityFW, VPN, IDS/IPS
Device: PC,Laptop,PDAAccess controlBiometrics, Smart Card..
Application Application SecurityPIN, DRM
Data Encryption In
vasion th
rough netw
ork
GED-i LtdStorage Security
GED-i LtdStorage Security
GED-I Proprietary
Encryption of
STORAGE DEVICES
(SAN)
GED-i High Availability SolutionGED-i High Availability Solution
GED-I Proprietary
GEM 2000(Element Manager)
Ethernet
FC / iSCSI
AES 256
Storage
Server
Clients
Clients
GSA 2000 EE (Encryption Engine)
GKS 2000 (Key Server)
#W~ZABCD
GSA 2000 EE (Encryption Engine)
GED-i High Availability SolutionGED-i High Availability Solution
GED-I Proprietary
Ethern
et
Ethernet
GKS 2000 (Key Server) GEM 2000(Element Manager)
GSA 2000 EE (Encryption Engine)
GSA 2000 EE (Encryption Engine)FC / iSCSI
+ Scrambling + InterferenceAES 256
Storage
Server
Port 1
Port 2
Port 4
Port 3
Clients
Clients
GED-i High Availability SolutionGED-i High Availability Solution
GED-I Proprietary Storage
Server
Clients
Clients
GSA 2000 EE Encryption Engine
GSA 2000 EE Encryption Engine
GEM 2000Element Manager
GKS 2000 Key Server
GSA 2000 EE Encryption Engine
GED-I Proprietary
Storage
Direct Data Copy
Take and GoTake, Copy and Return
Digital Way
Direct Data Copy
Remote Data Copy
Physical way
Take and Go
Take, Copy and Return
Data Protection against….
Service level
Remote Data Copy
GED-i Data Leak PreventionGED-i Data Leak Prevention
GED-I Proprietary
Storage
Server
Clients
Use of Personal Encryption Key
Storage data is Encrypted and NOT available
SELECTED Storage data is available to key holders only
to continue press Space Bar
Typical Link of End Users to Storage Device
Hiding Storage Data while using GED-i’s Encryption KEY solutionupon Encryption Key insertion Data becomes available to key holders group onlyupon Encryption Key removal Storage data becomes UNAVAILABLE again
GKS 2000 Key Server
TOTAL Storage Data Encryption while using GED-I’s solutionStorage data is Encrypted and
Available to End Users
ABCD?&#@
GED-i High Availability SolutionGED-i High Availability Solution
GED-I Proprietary Storage
Server
Clients
Clients
GSA 2000 EE Encryption Engine
GSA 2000 EE Encryption Engine
GEM 2000Element Manager
GKS 2000 Key Server
GSA 2000 EE Encryption Engine
DRP
GED-i High Availability SolutionGED-i High Availability Solution
GED-I Proprietary
Storage
Server
Clients
Clients
GEM 2000Element Manager
GKS 2000 Key Server
GSA 2000 EE Encryption Engine
DRP SiteGSA 2000 EE
Encryption Engine
GED-i in Cloud ComputingGED-i in Cloud Computing
GED-I Proprietary
Storage
GSA 2000 EE Encryption Engine
GEM 2000Element Manager
GKS 2000 Key Server
Server Clients
User Site
Cloud Services at remote site
GED-I Product LineGED-I Product Line
GED-I Proprietary
Superior Security
GSA 2000 - EE
GKS 2000
GEM 2000
High Security level Solution
External Key Server for multiple GSA 2000 - EE
Automatic High availability
All In One Security
GSA 2000 – AIO
GEM 2000
Solution in single appliance
Internal Key management
GED-I Product LineGED-I Product Line
GED-I Proprietary
Superior Security GSA 2000 - EE
GKS 2000
GEM 2000
StorageServerGEM 2000
GSA 2000 - EE
• Best Security Solution
• Encryption engine
• External Key Server
• Automatic setup for High Availability
• AES 256
• Optional : Segmentation & Scrambling
GKS 2000
GSA 2000 For SAN Configuration
GSA 2000 For SAN Configuration
GED-I Proprietary
Specification Highlights
Storage Security Appliance
Connection In-line
iSCSI interface
Fiber Channel interface
At least 2 ports of 1Gb
Wire speed
External & Remote Key Server
Invisible to user
Invisible to storage application
Invisible to storage device
GSA 2000 For SAN Configuration
GSA 2000 For SAN Configuration
GED-I Proprietary
Key Technology Incorporates the algebraic AES, Segmentation and scrambling
key Ensuring an unmatched security level
Key Management Physical Gap between the security appliance and the encryption
engine Encryption keys are remotely stored on the key Server Key Server can be local or remotely deployed Keys are transferred to the security appliance only as needed
GSA 2000 For SAN Configuration
GSA 2000 For SAN Configuration
GED-I Proprietary
Easy Deployment Plug and Play technology Appliance with no IP address No S/W installation on client, server or storage Self Learning Easy and fast disaster recovery
GED-i LtdStorage Security
GED-i LtdStorage Security
GED-I Proprietary
Network Encryption
Encrypting Data transmitted
between IT islands
Encrypting Data transmitted between IT islands
Network Encryption
Encrypted IP Network
IPsec AES 256Public Network
ABCD
ABCD
%&^#
Total Solution by GED-i
Total Solution by GED-i
Total Solution by GED-i
G4Crypt Models
The G4Crypt is an encryption appliance available as desktop or 19” rack mountable device, providing encryption at rates of 100Mbs, 300Mbs and near 1Gbs.
• An encryption appliance• Desktop or 19” Rack mountable device• Encryption at rates of 100Mbs, 300Mbs and near 1Gbs.
G4Crypt Models
Technical Specification
AES – FIPS 197 (256) CBC
X.509 v3 digital certificates
Pre-shared secrets
HMAC-SHA-1-96
Encapsulating Security Payload (ESP) Tunnel mode
Encapsulating Security Payload (ESP) Transport mode
Ethernet Encapsulated Security Payload
Ethernet link
IPv4
Easy Deployment
Plug and Play technology
No S/W installation
Specification Highlights
Ethernet Link
IPsec - Layer 3 IP packet encryption
AES 256 encryption
G4Crypt 100 for 100Mbs
G4Crypt 300 for 300Mbs
G4Crypt 1000 for near 1Gbs
Point to Point link
Multi Point to Point links
Transparent bridge
Appliance Technology
At least 3 Ethernet ports
Up to 1Gbs Ethernet port
Desktop version
19” rack version
Management
Simple to use
Reports and logging
GED-i LtdStorage Security
GED-i LtdStorage Security
GED-I Proprietary
www.ged-i.com +972 9 8651054 [email protected]
Securing Data Residing on Storage devices
and Data Transferred over IP Networks
GED-i LtdStorage Security
GED-i LtdStorage Security
GED-I Proprietary
Personal/Departmental Data Safe
Encrypting Data Resides on
Departmental servers
Group 1 Existing Computers with
non-encrypted data
Ethernet-LAN
Private Or Joint Encryption key, required to decrypt the encrypted disk. Removed to prevent access to data
Local Disk Non-Encrypted data
Single groupsShared 5:1 Configuration
GDDS 2000
A+B+…+E
K(A)=K(B)=K(C)=K(D)=K(E)
B
C
D
A
E “Local Disk” with Encrypted dataShared data in shared disk Volume
Dedicated for GED-I’s encryption station
Data Safe Personal
Computer
Ethernet-LANGPDS 2000
“}#%>?+[\ABCDE
Removed to prevent access to data
&$#{}[
Read with no Key
Read with Keys
Read with No Keys
GED-I’s solution for Personal Data Safe – GPDS 2000
1:1 Configuration
Group 1 Existing Computers with non-encrypted
data
Ethernet-LAN
Disk-on key with thousands of keys required to decrypt the encrypted disk.
Removed to prevent access to data USB port
Local Disk Non-Encrypted data
Two Independent GroupsShared 5:1 Configuration
“Local Disk” Encrypted data
GPDS 2000
A
A+B+…+E B
EShared data in shared disk Volume
Z
K(Z)
W
V
K(W)
K(V)
V+W+…+Z
K(A)
K(B)
K(E)
Group 2 Existing Computers with non-encrypted
data
K(A)=K(B)=K(C)=K(D)=K(E
)
K(Z)=K(Y)=K(X)=K(w)=K(V
)