MAKE BREACHES IRRELEVANT - T M - ConnectAmericas
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
T M M A K E B R E AC H E S I R R E L E VA N T
While much of the cybersecurity industry tries to just keep attackers out
through protecting the perimeter, StrongKey is focused on securing on what
OUR matters most to organizations: your sensitive data.
STORY. We provide an open source, comprehensive data security approach, deploying
a combination of encryption, tokenization, strong authentication (both PKI
and FIDO), digital signatures, and key management.
Securing your data this way means that when attackers breach your
perimeter, the data they may access is still protected. This is how we
make breaches irrelevant.
STRONGKEY HIGHLIGHTS.
GLOBAL ADOPTION WITH DIFFERENTIATED PRODUCT, INDUSTRY THOUGHT
MARQUEE CUSTOMERS FULLY OPEN SOURCE LEADERSHIP
StrongKey has created an open source
StrongKey is protecting data in mission Our deep expertise in key management
security appliance that has both replaced
critical environments all around the has led to inclusion on NIST projects,
and won out over established key
world. Payment processors have trusted government appointments, and
management companies. Our product — the
us with billions of dollars in contributions to industry standards. We
Tellaro — is both easier to integrate and
transactions, banks with financial are prepared and actively developing to
more affordable to operate than the
documents, and technology companies the next wave of trends: blockchain,
competition. Our open source software
with their sensitive data. IIoT, and post-quantum encryption.
means that our pricing is flat and affordable
for customers.
BUSINESS USE CASES
StrongKey provides a variety of cryptographic services, delivered by our
comprehensive security appliance — the Tellaro.
We either host our Tellaro in a cloud environment or deploy it on premises,
based on customer operations and risk tolerance.
The following slides outline the various use cases for our cryptographic services.
INDUSTRY: PAYMENTS, BANKING, FINTECH
COMPLIANCE & ENCRYPTION &
REGULATIONS TOKENIZATION
PCI DSS P2PE PSD2 TOKENIZATION FOR FINANCIAL FILE
StrongKey tackles the most Our appliances underpin our The European payments market DATA SECURITY PROTECTION &
difficult controls of PCI DSS (key customers who pursue P2PE has new regulations that We provide simple ways to SHARING
management). Customers pass certification in the payments mandate the use of “Strong encrypt and tokenize payments We work with banks around the
their audits in 15 minutes or less. sector. StrongKey provides end- Customer Authentication” (SCA) data, which helps with both world to provide secure file
Our current customers include to-end encryption using DUKPT, as part of PSD2. data protection and many protection (e.g., mortgage
payment processors, banks, and and applications never see the
compliances . documents, banking
merchants. credit card number. StrongKey delivers SCA
documents) and set up secure
leveraging industry standards, Tokenizing data simply replaces file sharing between
On recent deals, new customers This eliminates the prime cause including FIDO, which allows for it with a non-sensitive organizations.
have chosen StrongKey over for data breaches and takes our frictionless authentication representative “token,” meaning
industry giants (Thales and customers’ applications out of through biometrics on users the data becomes meaningless
Amazon Web Services), as well as scope when complying to devices. This creates an to attackers.
rising stars (Very Good Security). regulations. affordable, secure, and
In all of these instances, compliant way to meet PSD2
StrongKey has been cited as regulations.
both easier and more affordable
than the competition.
DATA PROTECTION ACROSS INDUSTRIES
PROTECTING PII FILE PROTECTION AT SHARING SENSITIVE
We provide simple ways to SCALE FILES
encrypt and tokenize sensitive
StrongKey can build wide- We built CryptoCabinet to
data, which helps with both data
ranging infrastructure to protect provide the most secure transfer
protection and many
any type of file, including audio of files available using a
compliances (e.g., CMMC, GDPR,
and video. This data protection combination of our key
CCPA etc.).
infrastructure can be deployed in management, encryption, and
a hybrid way to make use of the FIDO strong authentication
Tokenizing data simply replaces
cloud while securing key storage technologies.
it with a non-sensitive
on prem.
representative “token”, meaning
the data becomes meaningless
to attackers.
StrongKey can encrypt and
tokenize billions of any type of
object, eliminating the prime
cause for data breaches.
FIDO: PASSWORD-FREE AUTHENTICATION
WHAT IS FIDO? WHO SHOULD DEPLOY FIDO?
The FIDO Alliance is solving the world’s password Any company or service that provides user
problem. Both a standard and an alliance of authentication, whether it is username/password, multi-
companies, FIDO is replacing passwords with factor, or PKI, is a good candidate for adopting a FIDO
something simpler and stronger: biometrics or server. FIDO authentication is both more secure and
physical keys. Learn more at loginwithfido.com more user-friendly.
STRONGKEY’S FIDO SERVER
STRONGKEY AND FIDO
Full Featured: Enterprise-grade, FIDO-certified, and open
StrongKey has been a FIDO member since 2014, source.
Our FIDO server is FIDO-Certified, making it the Expertly Built: Built by a company with 20 years of expertise
world’s first and only open source FIDO server for in cryptographic key management and building PKIs all over
two protocols: FIDO2 and U2F. the world.
Secure Appliance: When desired, FIDO can be deployed on
We help companies remove passwords from their FIPS-certified hardware.
applications, making them far more secure, and Flexible Deployment: We can deploy FIDO in the cloud (both
often saving money by moving away from private and public) or into a customer’s physical environment.
expensive multi-factor options. Adoption: We have customers in Europe and the U.S. making
use of our FIDO server to improve their security. We’ve been a
part of three NIST NCCoE projects making use of our FIDO
expertise and FIDO server as a component of their Reference
Architecture
FIDO USE CASES
REPLACE PASSWORDS PROTECT LEGACY MITIGATING PKI2FIDO PSD2
& STRENGTHEN MFA WEBSITES E-COMMERCE FRAUD StrongKey FIDO can be used to
Many organizations currently rely
StrongKey worked with NIST’s fulfill the Strong Customer
Any application that currently StrongKey has created a FIDO on legacy PKI systems,
National Cybersecurity Center of Authentication mandate of
uses passwords can replace gateway to protect older particularly in banking and
Excellence to leverage FIDO Europe’s PSD2 regulations in a
those passwords with FIDO, offer websites that can't be modified government. They may want to
technology (using our product) frictionless way.
FIDO as a secure alternative, or directly to use FIDO. move to FIDO, so we have
to mitigate against e-commerce
use FIDO in place of current created an application that easily
fraud. TRANSACTION
multi-factor options. Similar to a single sign-on ports their credentials.
CONFIRMATION
mechanism, users can log into
FIDO can be used to decrease
Organizations can integrate our one FIDO-protected gateway and StrongKey is unique in our Beyond PSD2, FIDO can be
fraud during transactions.
FIDO server to remove passwords have access to multiple background in PKI and expertise used to confirm any transaction
from their applications. This applications and websites — even in FIDO and can consult with to ensure it comes from an
means better security and those that can’t be directly organizations understanding authorized user. We have
decreased costs (from fewer modified for FIDO. how to navigate both demonstrated this use case in
password resets and SMS environments. viewing and exchanging
charges). medical information as well as
payments transactions.
Please note: While the NCCoE competitively selected StrongKey, the NCCoE
and NIST do not explicitly endorse companies or products.
PUBLIC KEY INFRASTRUCTURE
INDUSTRY FITS & USE
OUR CAPABILITIES CASES
PKI OUR BACKGROUND OPEN SOURCE INDUSTRIAL IOT & MEDICAL DEVICES
A PKI from StrongKey has the We have been in the PKI DEVICE KEY We have secured connected
Our open source architecture
following benefits: business for almost 20 years, with guarantees your costs stay low,
MANAGEMENT medical devices to combat
implementations across the Our key management and counterfeiting.
and comes with no per-
- Simplifies certificate life cycle globe. We have built a PKI for flexible deployment can be
certificate fees or usage limits.
management one of the largest embedded in industrial IOT
- Protects sensitive data pharmaceutical companies in devices and environments. This TRADITIONAL PKI
QUICK DEPLOYMENT ensures the security of the data DEPLOYMENTS
collected by IOT devices the world, a central bank of a
- Authenticate humans, servers, country, and one of the largest We have extensive experience in the devices receive, store, send, Any environment involving
routers, WAPs, applications, telecoms, among others. being able to set up PKIs in and process. Use cases extend smart card personnel
IOT, etc. under 90 days. through Smart Cities, authentication systems.
- Issues and manages tens of manufacturing, and power.
millions of digital certificates
- SOAP/REST web services for
custom integration
- Hosted, on-premises, and
hybrid solutions available
KEY MANAGEMENT: OTHER USE CASES &
READY-TO-DEPLOY BUSINESS SOLUTIONS
Key management is the root of all we do. We often have undertaken projects that
involve customization that we later turn into product offerings. These are a listing of
these use cases.
SITE CERTIFICATE CRYPTOCABINET FOR RANSOMWARE DIGITAL SIGNATURES SELF ENCRYPTING
MANAGEMENT SECURE FILE SHARING SOLUTIONS FOR DATA INTEGRITY DRIVE PROTECTION
Centrally and automatically We built CryptoCabinet to CryptoCabinet can also be used StrongKey can deploy digital Organizations who have too
manages the lifecycle of free TLS provide the most secure transfer to protect files against the threat signatures within workflows to much information to encrypt at
server certificates, using the of files available using a of ransomware. ensure data integrity. The signing the application layer can make
ACME protocol from combination of our key keys are strongly protected. This use of StrongKey to protect Self-
LetsEncrypt.org. management, encryption, and workflow can fit into existing Encrypting Drives (SEDs). We
FIDO strong authentication customer architectures. provide a fully automated
technologies. process for provisioning, escrow,
and recovery of millions of keys.WHY STRONGKEY TELLARO?
COMPETITIVE DIFFERENTIATION OF OUR PRODUCT
EASE OF AFFORDABLE SECURE AND SCALABLE
IMPLEMENTATION FLEXIBLE OPTIONS
We expose a simple API for our Because we are open source, our We only offer the most secure We offer multiple appliance sizes,
customers to integrate. There's no customers use the appliances as deployments: single tenancy and the smallest appropriate for even a
proprietary code, and no lock-in. much as they want — unlimited exclusive customer ownership of small startup — but the core
Customers have integrated in as little applications, transactions, users, and keys — but we offer on-prem and cryptography is the same. It's easy to
as an hour. records. hosted solutions. grow and scale with StrongKey.STRONGKEY CRYPTOCLOUD
StrongKey CryptoCloud gives you the ease of cloud key management with the
security of single-tenant hardware. Work with our simple APIs to integrate
industry-leading cryptography secured by FIPS-certified hardware hosted on
dedicated, single-tenant appliances in StrongKey’s data centers. StrongKey’s
CryptoCloud is a complete and flexible cryptographic solution that enables the
flexibility of cloud deployments while not compromising on security.
Tokenization as a StrongKey
EASIER INTEGRATION
Service CryptoCloud
BENEFITS:
- Dedicated cryptographic hardware, with you controlling all keys
- Scales with your business
Cloud Key Cloud Hardware
- Affordable and open source
Management as a Security Module
- Secure, while still taking advantage of the cloud’s benefits
Service (KMS) (HSM)
MORE SECURESTRONGKEY
TELLARO.
The Tellaro Every Appliance comes with:
Our security appliance is called the “Tellaro.” - Single-tenant, FIPS 140-2 Certified Hardware Cryptoprocessor
The appliance can be deployed on premises, or hosted by (HSM or TPM) to Level 2 or 3, depending on customer choice
StrongKey or a partner as cloud cryptographic services. - High Availability with Active-Active Clustering
- Option for Client Key Custodians / Client-controlled Keys
Deployment Options: - Easy-to-integrate REST and SOAP web service APIs, taking the
- On premise. Appliances reside in customers’ data centers, which complexity out of cryptography
gives maximum control and security. - Access to StrongKey’s U.S. support team to help with integration,
- Private Cloud: A single-tenant hosting in StrongKey affiliated data troubleshooting, and security patching
centers, giving minimal effort with high security.
- Multi-Tenant Cloud: Select cryptographic services are available in
a multi-tenant fashion, providing cost savings with high levels of
security.
FIPS-Certified Hardware Key Management AppliancesSTRONGKEY CUSTOMER BASE
StrongKey has a global customer base and partner network.
Our top industry served is payments and fintech, while we also have presence in banking,
technology, health care, telecommunications, and government.
Our customer sizes range from startups to large enterprises.THANKS! HTTPS://STRONGKEY.COM GETSECURE@STRONGKEY.COM
You can also read
