Manufacturing involves multiple tiers of suppliers providing components that come together to create the end product. Each tier is an exercise in unique processes to the manufacturer and their third-party suppliers’ raw materials, production, inventory, and distribution. This complicated convergence of players, processes, and data creates a wicked infrastructure security problem.
Let us consider a scenario in which an organization, a general contractor utilizing at least one subcontractor, implements a production chain security strategy powered by encryption, but NEGLECTS the addition of a key management system. You’re the CISO, responsible for the cybersecurity strategy that ensures your organization’s information assets and technologies are adequately protected.
Your team implemented standards-based encryption across the board and provided a common software platform to your supply chain partners, allowing for data to be transferred securely between your organizations…or so you thought.
Suddenly, your organization gets word from a subcontractor that they’re experiencing unusual network activity. The cybersecurity strategy you spent months creating is clear; cut off your partner’s network, lock down your data, and as CISO, stay up all night hoping the bad actor wasn’t able to permeate your network’s exterior defenses. In the interim, your IT department heads begin the grievous task of pulling reports from various locations and mulling them over to better understand any potential impact.
In the early morning hours, you find out that there was indeed a breach, courtesy of your subcontractor’s less-than-robust “secure network.” A bad actor was able to breach your defenses through your subcontractor’s weaker network, grabbed your data, and basically left unnoticed until your subcontractor alerted you to a “possible problem.” You’ve already spent a good portion of the night calculating the estimated costs of just such a breach, and you’re now faced with explaining what happened to your CEO.
The CISO who went beyond just “checking the box” for data encryption when planning their security strategy slept like a baby while his IT department went home in time for dinner with their families. The subcontractor did experience a breach, but your organization was left unscathed. Thanks to the encryption key management system you integrated with your legacy system earlier in the year, the company’s data remained secure. With the automated, short-life periodic key rotations, and the system’s robust identity capabilities, applications, and storage services, the necessary insight and controls needed to thwart this sort of next generation attack were in place and all data remained secure.
Addressing the overall security of not only your enterprise, but also those in your supply or distribution chains, in a protection-centric approach, is the most cost-effective and simple solution you can add to your current security strategy to protect your data. Learn how one encryption key management solution like Fornetix® VaultCore™ can extend the reach and power of your encryption and better protect your data from attack.
For a deeper dive into understanding encryption key management and how CISOs, CTOs, and others tasked with implementing enterprise security strategy and securing data across multiple environments can utilize a key management system to better protect their data, click here to read The CISO’s Guide to Understanding Encryption Key Management.
FREDERICK, MARYLAND – Fornetix, LLC today announced the selection of Dell Technologies Design Solutions to deliver its VaultCore™ encryption key management system on Dell Technologies storage and hyperconverged infrastructure platforms. VaultCore is a 1u or 2u appliance that slots into the management pod rack providing an integrated system for enterprise key policy and automation.
“We are pleased to deliver VaultCore on Dell Technologies infrastructure hardware. This solution will equip customers with embedded protection from cyber-attacks for storage, hyperconverged infrastructure and more,” said Mark Gilroy, CEO of Fornetix.
VaultCore provides a single-pane-of-glass for IT administrators and security professionals to manage encryption across the entire enterprise with precision, speed, and little impact on performance. A key feature of VaultCore is its Policy Engine which provides fine-grained inherited access controls for encryption giving enterprises the ability to define encryption key management use in line with their corporate policy. All of this works behind the scenes, automatically with no effort from an end user to offer consistent, secure encryption key management for applications, communications, and storage.
Users can easily schedule and automate the full encryption key lifecycle process and manage tens of millions of keys for large-scale environments. VaultCore is the only key management solution on the market with US provenance and secure supply chain ensuring integrity across the entire enterprise infrastructure. VaultCore can also employ FIPS 140-2 Level 3 validated protections by using an HSM.
The VaultCore solution enables security in various uses cases including IoT, Edge, Multi-cloud and MSL. Examples include: Storage D@RE – enterprise approach to handling keys for heterogenous storage platforms; Data Center and Multi-Cloud – serves trust to DC components, servers switches, storage, and virtualization, extending to the cloud via VMware or Microsoft; Zero Trust/Multi-Tenancy – secure separation of network enclaves; Seamless integration with vRealize, NSX and VSAN; and for Edge/IOT, a remote kill switch keeps access points in the wild secure.
At Fornetix we understand that managing encryption in today’s complex environment can seem an impossible task. That is why we created VaultCore, a simplified, automated, and secure encryption key management solution designed to address security challenges arising from the proliferation of IoT, big distributed networks, and rapid cloud adoption. Our commitment to standards and interoperability enable us to join forces with leading technologies around the globe to provide smart and unified security solutions that bring order to the chaos of encryption management. For more about Fornetix visit our website. Follow us on LinkedIn and Twitter #VaultCore
C Wolniewicz
SVP Global Marketing
Fornetix, LLC
marketing@fornetix.com