Secure Data Sharing in OpenShift Environments

Secure Data Sharing
in OpenShift
Environments
© 2020 Zettaset, Inc. | Proprietary and Confidential
TIM REILLY
CHIEF EXECUTIVE OFFICER
MAKSIM YANKOVSKIY
VP ENGINEERING

About the presenters
Tim brings more than 25 years of successful public and private
experience in the high-tech industry filling key operational roles
within product line business units and venture capital funded
companies through all stages of growth. During his time at Zettaset,
the company has successfully grown its software-defined encryption
portfolio to provide a comprehensive data protection solution across
all physical, virtual and cloud environments. Prior to joining Zettaset,
Tim took on a variety of roles at companies including Trapeze
Networks,, Nicira, netVmg, and WorldxChange. He has a BS in
Accounting from the University of Southern California and currently
resides in the San Francisco Bay Area.
Maksim has over 20 years of experience delivering and managing
enterprise encryption and database software across all the major
high tech industries. During his tenure at Zettaset, he has been
responsible for the engineering team that delivered the entire XCrypt
product portfolio. He has also filed patents related to distributed and
high-performance encryption. Prior to Zettaset, Maksim worked at
Ingrian Networks and held various roles related to distributed
database systems at Siemens Medical Solutions, Ross Stores and
Adobe Systems.
Tim Reilly – CEO Maksim Yankovskiy – VP Engineering

The eternal pursuit to protect treasure
• Built in 1078 by William the Conqueror
• Country Mint for 500 years
• Second wall added in 1350
• $32 billion worth of treasure
• Star of Africa diamond
• Imperial Crown
• 2,868 diamonds
• 273 pearls
• 28 sapphires/emeralds
• Considered impenetrable, but…
• 1671 – Captain Blood
• 2012 – Intruder breaks in/steals keys
• 2019 – Intruder walking the grounds

The new highly coveted treasure….data
0
20
40
60
80
100
120
140
160
180
200
2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025
Size of global datasphere
Zettabytes
 Sensitive data is generated,
disbursed, and stored
everywhere
• Sensors and devices
• Social media
• VoIP
• Enterprise data
 More data sources means
more attack vectors
IDC & Seagate Data Age 2025 – www.Seagate.com/gb/en/our-story/data-age-2025/ Data Age 2025, sponsored by Seagate with data from IDC Global DataSphere, Nov 2018
175
Zettabytes

Digital transformation is driving data growth
49%
of all worldwide data
will reside in public
cloud environments
by 2025.
30%
of the world’s data will
need real-time
processing by 2025 as
the role of the edge
continues to grow.
90%
of data has been
created in the last two
years due to explosion
in IoT devices.

The speed of digital transformation is putting sensitive data at risk
 Digital transformation
creates new cyberattack
vectors
 Aggressive, fast-paced
digital transformation has
the highest rates of
breaches
2019 Thales Data Threat Report
Speed of digital transformation
8%
15%
22%
27%
28%
Percentriskofdatabreach
Risk to data increases as
digital transformation accelerates
BASIC AD-HOC NEAR-TERM AGILE VISION AGRESSIVE

Trust is earned through data protection
“The services don’t trust the validity of the
data provided by other services; nor do
they trust their sister services to properly
protect any data they themselves share.
“At the end of the day, information sharing
has a currency: trust”
- Gen. Charles Brown, USAF Chief of Staff

How do we overcome?
TRUST
&
RISK
• Citizen care and protection
• State security
• Enhanced customer experience
• Smart and connected cities
• Profitability through asset optimization
• AI/ML value extraction for decision making
Control the environment within which the data can be operated on
Value and benefits touch all sectors

Experts agree on the best ways to protect data
TOP THREE
Data protection methods
universally recommended
by security experts
Encrypt data throughout the process of collection, viewing,
and manipulation – preferably at the source.
1
2
3
Store keys in different location from the data.
Encrypt any sensitive data that is stored or "at rest“.
Log all access and manipulation of data.

Encryption is a critical solution to the problem
33%
or less of respondents are
using encryption within
digital transformation
technologies
92%
of respondents will use
sensitive data with digital
transformation technologies
Transformative
technologies
Cloud IoT
Big data Containers

Engineer with security in mind
1. Security as an afterthought is bad idea!
2. Identify primary drives for your security initiatives
3. Balance security and regulatory compliance
4. Identifying security solutions
5. Secrets and passwords protect processes, not data
“Zettaset delivers on the promise of container data security in
the same way that Red Hat OpenShift delivers the stable,
consistent, and supported base that organizations need to get
applications out the door.”
- Tim Reilly, CEO Zettaset

Challenges with securing data in the cloud & containers
58% of respondents
transfer sensitive data to
the cloud whether-or-not
it is encrypted3
55% of respondents
said encryption is a key
driver for increased
adoption of containers2
1 Red Hat Security Report 2019
2 2019 Thales Data Threat Report
3 Ponemon 2020 Global Encryption Trend Study
Migrating from legacy in-house
deployments to hybrid-cloud installations
opens new attack surfaces1
Think holistically about your security
controls; have layered or overlapping
protections1
Know where critical data/systems are;
focus security efforts there1

Six factors impeding broad adoption of encryption
0 20 40 60 80 100
System performance and latency
Policy enforcement
Support cloud/on-premise development
System scalability
Key managements
Integration with other security tools
78%
72%
71%
68%
64%
68%
Zettaset
Addressed the
Global Encryption Trends Study 2020, Ponemon Institute
TOP
SIXHURDLES
Top six hurdles have remained constant for past three years

Zettaset XCrypt: Delivers the value of software-defined encryption
 Deploys on
commodity hardware
 Turnkey
 Compatible with
major key mgmt and
HSM solutions
 Automated key and
policy management
 Operator-driven
encryption
 Point and encrypt
 Transparent to
developers
 Near zero
performance impact
 Encrypts all or
selected data
 Key-per-volume
approach
 On demand flexibility
in physical, virtual or
cloud
 Scales infinitely
 Protects data-at-rest
and data-in-motion
 Provides regulatory
and corporate
compliance
 Simplifies reporting
LOW TOTAL COST
OF OWNERSHIP
(TCO)
EASE OF USE
HIGH
PERFORMANCE
INFINITE
SCALABILITY
COMPREHENSIVE
COMPLIANCE
COVERAGE

The right approach to data encryption
 Minimal performance impact
 Complete transparency
 Automated key policy and
administration
 Unique key per partition
 Secure removal of
compromised nodes
 Protects data-in-place
FULL DISK
ENCRYPTION SOFTWARE
 Significant performance
impact
 Potential key exposure
 Requires application
changes
 Compatibility issues with
OS/drives
FILE/FOLDER
ENCRYPTION
 Default mode: one key for
entire drive; partition-level
keys hard to manage
 Lacks centralized policy
management; not scalable
 Lacks key management
 Lacks data-in-motion
encryption
SELF-ENCRYPTING DRIVES

Red Hat OpenShift + Zettaset XCrypt
Accelerates your transition from DevOps to DevSecOps
Leading hybrid cloud, enterprise
Kubernetes application platform
Helps application developers
build with speed, agility,
confidence, and choice
Leading software-defined
encryption solution
Transparent, high performance
encryption for Red Hat
OpenShift environments

XCrypt works across physical, virtual & cloud environments
EDGE ON-PREM HYBRID MULTI-CLOUD
OpenShift
00101001101100010010100100110110101100101
10100110110001001010010011011010110010100CONTAINER DATA
VM VM VM VM

Where XCrypt fits in the infrastructure
XCrypt Deployment
Encrypted Storage Manager
Encrypted Volume Manager
OpenShift
Kubernetes
Container
Certificate
Authority
Key
Manager
Volume
Driver

Limitations of data security with Kubernetes
CNCF Survey 2019
Focus on
vulnerabilities
and integrity of
containers
CURRENT
SECURITY
SOLUTIONS
Data within
containers is
unprotected when
a breach occurs
WHAT’S
MISSING
Data security to
the infrastructure
is a bad idea
DELEGATING

Zettaset + Kubernetes ensures data security
Real-time
protection for data
within containers
ZETTASET
XCRYPT
Last-line of
defense for data in
containers
WHAT’S
ADDED
Data security is
transparent to
developers and
operators
SEPARATION
OF DUTIES
CNCF Survey 2019

 Automated to simplify data security
in OpenShift environments
 Transparent, high performance
encryption
 Unique encryption key per container
volume
 Protects container data across on-
premises, hybrid, and multi-cloud
environments
 Protects data stored and used in
multi-tenant container environments
XCrypt OpenShift Encryption

Legacy
Solution
Zettaset encrypts the Kubernetes data layer
HYBRID STORAGE VOLUME DEPLOYMENT
vSphere Volume Elastic Block StorageCeph Storage
 Protects individual
persistent volumes in
any environment
 Supports multi-
storage vendor
support for hybrid and
multi-cloud
 Unifies administration
and management
 Automates
provisioning of
persistent volumes
Tools focused on everything
but the data
Storage Volume Encryption
Persistent Volume EncryptionK8S
Solution
Kubernetes Master
Kubernetes Worker Node 1
Pod
Containers Containers
Container
Tools

Data share: How it works
Sensitive data
Persistent
volume
Containerized
apps
Data request
Encrypted
data
Transparent,
high performance
Real-time
encryption
Remote data
availability controls
Scheduled
or time limit access
Persistent
volume
Auto-provision
and encrypt
Request to obtain
encryption key
Data owner Data requester

Summary: Simplify shared data protection in OpenShift
Organizations can flexibly protect container data across
any on-premises, cloud, or hybrid deployment with fast,
transparent encryption enabling them to:
• Confidently focus on driving innovation
• Dramatically reduce the risk of security breaches and
data theft
• Ensure developers are no longer required to make
security decisions
• Create a smooth plan for the transition to DevSecOps
https://marketplace.redhat.com/en-us/products/zettaset-encryption-for-kubernetes-containers-rhm

Thank you!

Secure Data Sharing in OpenShift Environments

More Related Content

What's hot

Similar to Secure Data Sharing in OpenShift Environments

More from DevOps.com

Recently uploaded

Secure Data Sharing in OpenShift Environments

Editor's Notes