StoredSafe Broschyr

BUSINESS
CRITICAL INFORMATION
AND ASSETS WITH

Vem behöver StoredSafe?

Vi på StoredSafe är stolta över att kunna presentera våra svenskutvecklade, säkra och
användarvänliga produkter.
Här kommer ett enkelt gör-det-själv-test som alla bör göra med tanke på dagens in-
formationskänsliga samhälle. Om ni svarar på dessa frågor (endast internt) och ni får
övervägande nej-alternativ så finns det troligtvis en god anledning att starta en dialog
med oss om hur ni kan stärka upp er organisations it- och informationssäkerhet på ett
mycket smidigt, användarvänligt och kostnadseffektivt sätt.

LÖSENORD

En organisation med 100 anställda har vanligtvis 500 lösenord att hålla ordning på, det
är allt från lösenord till systemkonton med förhöjda privilegier till krypteringsnycklar.

Ja Nej

1. Använder ni någon form av lösenordshanterare som
krypterar era lösenord idag?

2. Om ja på frågan ovan, är det för individ- eller enterprisebruk?
3. Kan ni dela priviligerade lösenord internt på ett säkert

och enkelt sätt?
4. Kan rätt person komma åt kritiska lösenord i en akut situation?
5. Vet du när ett specifikt lösenord ändrades senast?
6. Vet du vilka lösenord som bryter mot er lösenordspolicy?
7. Vet du vilka som sett vilka lösenord och när?
8. Finns det någon som ensam kan komma åt alla lösenord?

FILER OCH DOKUMENT Ja Nej

1. Vet ni vilken information i er organisation som är känslig
och/eller gör företaget sårbart?

2. Vet informationsägaren vilka som kan komma åt informationen?
3. Kan ni säkerställa att bara informationsägaren kan komma

åt informationen?
4. Kan ni på ett säkert och enkelt sätt dela känslig information

utanför er organisation?
5. Finns det situationer där det kan vara bra att se vem som har sett

vilken information och när?

TVÅFAKTOR-AUTENTISERING

Syftet med två-faktor autentisering (2FA) är att stärka upp skyddet för inloggning (autentise-
ring), dvs istället för att bara kräva användarnamn och ett lösenord, så behövs även en ”faktor”
till. Denna ”faktor” kallas ibland för ”token” och bör helst vara en fysisk enhet som t.ex. en bank-
dosa, ett smartcard eller en yubikey. På så sätt blir problemet med ett röjt lösenord inte omedel-
bart lika allvarligt, då den som tänker missbruka det även måste få tag på den token du har valt
för att stärka upp skyddet för inloggning.

Ja Nej

1. Har ni en VPN lösning idag och i såfall använder ni
2FA för att stärka inloggningen?

2. Använder ni idag en 2FA lösning för att stärka
inloggningen till nätverksutrustningen?

3. Krävs 2FA för användare som har högre privilegier
(Domain Admin etc.) idag?

4. Krävs 2FA för kritiska verksamhetsapplikationer idag?

CERTIFIKAT

PKIX är ett samlingsnamn för hanteringen av X.509 certifikat för webb (och mejl). X.509 certifi-
kat används för att säkra upp kommunikation mellan dig och din bank när du gör betalärenden,
men används också för att sätta upp säkra business-to-business (B2B) VPN, inloggning med
smarta kort, signering/kryptering av email etc. X.509 certifikat har alltid en giltighetstid (vanligt-
vis mellan 1-3 år), när certifikatet har gått ut, så går det inte längre att använda, och tjänster som
förlitar sig på certifikaten kommer att sluta fungera.

Ja Nej

1. Vet du vart dina certifikat är och när de går ut?
2. Vet du vilka tjänster som stannar om ett certifikat går ut?

Password StoredSafe

The primary objective of Password Stored Safe is to securely store and share passwords as well
as other critical information related to your passwords on a “real” need to know basis with a full
audit trail. Our solution ensures that even the Password StoredSafe system administrators do
not have access to the critical information. The information owner maintains the master encryp-
tion key and is the person who remains in control.

Passwords StoredSafe is used to share
passwords in a secure way. This functionali-
ty includes: full traceability of who has seen
what, when passwords were accessed, an unli-
mited number of password policies, two factor
authentication, regulatory compliance, role
based access, assignment of privileges by the
information owner, audit reports, and strong
encryption.
This product is especially strong for protecting
critical passwords against the risk of unautho-
rizedor unintentional access, hacking attacks,
vendors and disgruntled employees. In addi-
tion, this solution can be used when there is
a need to store passwords at other physical
locations such as a hot site for disaster reco-
very, outsourcing, etc.

Our solution easily integrates with your current
IT infrastructure without any major redesigns.

Examples of common uses of The Key Benefits of Password StoredSafe:
Password Storedsafe:
• Passwords for privileged accounts • Information Owner in Control
– Only information owner can authorize
(root, sa, etc.) access.

• Password for service accounts • Protection of Highly Critical Passwords
- All high-risk information is protected
• Encryption keys by an additional authentication factor,
strong encryption and authorized access
• PIN codes (alarms, safe combinations) to all users.

• Passphrases • Regulatory Compliance – Several regulatory
and common security standards require
secure storage and traceability for privile-
ged accounts.

• Convenient and Easy to Use
– Easy maintenance and full traceability
to ensure passwords are updated and
maintained on a needed basis based on
defined requirements.

File StoredSafe

File StoredSafe is used d to store and share any type of file or document in a secure manner.
It further enables an organization to assure and prove that the information is restricted, only
accessed by authorized individuals and provi des an audit log of who has seen what information
and when.

You are also able to share this information in a fully controlled manner to external individuals.
Not even your File StoredSafe system administrators will be able to read your encrypted infor-
mation. The information owner remains in control. This product is especially beneficial for pro-
tecting highly confidential information against the risk of unauthorized or unintentional access,
hacking attacks, disgruntled employees and vendors. In addition, this is also a valuable solution
when there is a need to store highly sensitive information at other physical locations such as a

hot site for disaster recovery, emergency management, outsourcing, etc.

File StoredSafe is used by our customers to store • Due Diligence Information
highly confidential data such as: • Critical IT-Infrastructure Documentation
• Merger and Acquisition Information
• Intellectual Property (patents, code, • Internal/External Investigations
recipes, product development etc.) • Critical Backups

• Board Reporting (HSM’s, encryption keys etc.)

• Financial Reporting
(before publishing date)

Certificate StoredSafe

Certification Management Made Easy

Certificate StoredSafe enables the organiza- Example of usage of your one stop shop for
tion to securely store, ensure and prove that certificate information:
certificates and related information are known
to and restricted to only authorized personnel. • Store and administrate your private keys
and passphrases
Furthermore it provides critical information
such as who has seen what certificate key • Store and administrate your public keys

passphrase, certificate • Store and administrate certificate meta
last changed, certificate data (inception date, expiration date,
expirations, etc. usage, etc.)

Certificae StoredSafe will • Dynamic triggering and alerts for upcoming
reduce your risk signifi- expiration dates and hosts needing
cantly as well as impro- renewed certificates.
ving your incident respon-
se capability by raising This product is the one storing certifica-te sig-
your control level, helping you monitor, alert ning requests, certificates, certifi-cate key files
and respond to operational risks posed by any and confidential informa-tion related to your
certificate in you environment without vendor PKI-Infrastructure.
specific limitations.

Two Factor Authentication (2FA) StoredSafe

TWO FACTOR AUTHENTICATION MADE EASY!

Two Factor Authentication StoredSafe provides organizations with a secure, easy to implement
and cost-effective two-factor authentication with YubiKeys and Google Authenticator.

Our turnkey appliance enables organizations to implement two factor authentication to various
information resources. It can be integrated with Active Directory other LDAPs and RADIUS, and
can be integrated with any authentication and remote access solution.

Two Factor Authentication (2FA) StoredSafe Two Factor Authentication Tokens
StoredSafe can support almost any token. The
Supported Frontends current solution uses YubiKeys from Yubico.
RADIUS for 2FA and webservice for Google And Google Authenticator.
Authenticator and YubiKey OTP Validation.
HSM
Supported Backends To further improve security, an HSM (Hard-
Windows Active Directory (AD), LDAP and ware Security Module) is incorporated in the
RADIUS. platform to protect cryptographic keys for all
Authentication Methods hardware tokens. This enables our customers
Challenge/Response, Concatenated and to be independent of Internet when in need of
Secondary Authentication. access to critical resources.
Validation Service
YubiKey and Google Authenticator OTP. Example of Common Two Factor Authentication

Two Factor Authentication StoredSafe Overview: StoredSafe Implementations:
• Adding 2FA to current VPN solution
Plug compatible to current authentication ser-
vices • Adding 2FA for Network Equipment
Two Factor Authentication StoredSafe is de-
signed to strengthen a current authentication • Adding 2FA to critical applications
service with two factor authentication.
• Adding 2FA to Unix/Linux and

• Windows Servers

Our solution easily integrates with your current
IT infrastructure without any major redesigns.

StoredSafe Secure Platform

UNIQUE ARCHITECTURE

All our products utilize the StoredSafe Secure Platform. Our unique architecture puts the
information owner in control of the information on a scalable platform and enables an
organization to choose between our products, based on their needs as well as adding
functionality over time.

StoredSafe Audit Engine tion algorithms and modes (OFB, GCM, etc.) as
needed without putting current data at risk.
All events in StoredSafe Secure Platform are
logged and traceable in our easy to use audit Data at Rest
engine. StoredSafe utilizes 4096 bit RSA Keys for
asymmetric encryption and AES-128 in OFB
2-factor Tokens mode for symmetric operations.

Our preferred, recommended solutions are Data in Transit
Yubico’s YubiKeys as client-side hardware StoredSafe uses TLS for protection of data in
token and Google Authenticator in addition to
a strong passphrase. transit.

Hardware Security Module (HSM) Role Based Access Control System
StoredSafe utilizes a Role Based Access
To further improve security, YubiHSM (Hard- Control System (RBAC) to supply a fine
ware Security Module) is incorporated in the grained control of user capabilities and vault
platform to store cryptographic keys for all permissions.
YubiKey hardware tokens. This provides an
excellent YubiKeys and Google Authenticator
server and enables our customers to be inde-
pendent of Internet connectivity.

StoredSafe Overview
Strong Encryption

To assure confidentiality over time all Sto-
redSafe products can easily change encryp-

Your IT Security
Protection Partner

ANDERS BJERNUDD

[email protected]
+46-76-868 58 94

SALES INQUIRES

[email protected]

AB STOREDSAFE SVERIGE STOREDSAFE LLC

Girovägen 13 2909 W.Bay to bay Blvd.
SE-175 62 JÄRFÄLLA Suite 208
SWEDEN Tampa, FL 33629
USA
+46-8-1210 5860
+1-717-444 1010