1 / 12

Data Protection Policy Compliance using Notebook Hard Disk Drive Encryption

Data Protection Policy Compliance using Notebook Hard Disk Drive Encryption . Encryption: one element of Smart Security . Security Involves Several Focus Areas. Why Data Encryption? Breaches Can Be Costly!. When a breach occurs, organizations can lose money.

Leo
Download Presentation

Data Protection Policy Compliance using Notebook Hard Disk Drive Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection Policy Compliance usingNotebook Hard Disk Drive Encryption

  2. Encryption: one element of Smart Security Security Involves Several Focus Areas

  3. Why Data Encryption? Breaches Can Be Costly! • When a breach occurs, organizations can lose money. • They may be required to publicly disclose the breach, significantly damaging an organization’s public image. • They are generally required to notify persons whose information was exposed - involving communication costs & perhaps financial compensation. • They may experience lost productivity costs when staff is repurposed to address a breach. • They may face fines from the FTC or business partners. • Many industries are now subject to governmental regulation and/or industry security compliance guidelines

  4. Costs of a Security Breach 2007 Estimated Cost/Lost Record Forrester Research: $90-$3051 Ponemon Institute: $1972 • Direct Costs • Notification Costs - organizations can incur costs associated with legal fees, mail notification letters, calls to individual customers, increased call center costs and discounted product offers • Lost Productivity Costs - organizations can incur costs when employees and contractors are diverted from their normal duties in order to address data breach controls • Fines • Certain federal privacy statutes include fines for violations that can amount to tens of thousands of dollars3 • In 2006, Visa and MasterCard announced levying of fines from$10K-100K against transaction processors that fail to keep transactions secure4,5 • In 2006, the FTC issued $15 million in fines when an Atlanta-based consumer data broker lost more than 163,000 personal records to insurance and credit companies in February 20056 • Lost Shareholder Value and Goodwill • Stock prices can take temporary or long term drops – eg, an Atlanta-based data broker had lost about 20% of its stock value 2 years after losing 163,000 personal records7 Footnoted references are recorded at the end of this presentation.

  5. Who can be Affected? Virtually Everyone! Any organization can be at risk if, for instance, they lose employee records

  6. What can organizations do? • Strong data encryption can protect private information from unauthorized access • Data encryption can help address federal and state privacy requirements* • At least 39 states have enacted legislation requiring the notification of security breaches involving personal information** • Many federal laws that have been enacted also seek to ensure protection of private information • Encryption can be hardware-based or software- based • Hardware-based: Seagate® Momentus® Full-Disk Encryption (FDE) drives • Software based: Software encryption solutions exist from a variety of third-party independent software vendors *Rigorous standards apply and can vary by state - check with a local legal expert for a complete set of requirements for your state **According to the National Conference of State Legislatures, December 12, 2007

  7. Hardware vs. Software Encryption Dell recommends hardware encryption for new system purchases.

  8. Dell FDE Hard Drive Solution Solution Components Select Dell™ Latitude™ D-series notebooks*, with Seagate Momentus 5400 FDE.2 hard drive Dell Embassy Security Center with Wave Trusted Drive manager Wave Embassy Remote Administration Server Software (running on your Dell server) Implementation of Dell’s Security Best Practices http://www.dell.com/security/bestpractices/ ENTERPRISE NETWORK Embassy® Remote Administration Server • LOCAL PC FDE DRIVE Embassy® Trusted Drive Manager Seagate® DriveTrust™ Technology Implementation of Dell’s Security Best Practices * Seagate Momentus hard drives and Dell Embassy Security Center are also available on select Precision mobile workstations

  9. Dell FDE Hard Drive Solution Dell Embassy Security Center • Single-user Solution • This offering allows individual users to configure and control their personal access to encrypted data on their hard drive. The offering provides the following features • Authenticate user in BIOS • Simple Sign On capability • Single-user passwords management • Manual backup and restore for keys Factory-installed software • Key Components • Seagate Momentus FDE hard drive • Factory-installed Dell Security Center with Trusted Drive Manager • Managed Enterprise Solution • Using the ERAS software, IT departments can remotely manage clients with FDE hard drives, providing documentation on the state of a drive when a system has been lost or stolen. With ERAS server software, you can… • Enable remote deployment & management of FDE hard drives • Take ownership of TPMs • Enable identity & authorization provisioning from Active Directory Single-user Solution Embassy Remote Administration Server (ERAS) * Note: Additional Wave security solutions detailed in backup slides

  10. Client Encryption Evaluation Program Cross-over Network cable Reviewer’s Guide “Server” System with Embassy Remote Administration Server “Client” System with Dell Embassy Security Center

  11. Backup Materials

  12. References • “Calculating the Cost of a Security Breach" Khalid Kark, Forrester Research, April 10, 2007. • "2007 Annual Study: U.S. Cost of a Data Breach," The Ponemon Institute. • Health Insurance Portability and Accountability Act of 1996 - Public Law 104-191, 104th U. S. Congress, August 21, 1996 • “Visa and MasterCard take new steps to stop credit card fraud,” Jeremy Simon, Creditcards.com Article, November 27, 2006 (http://www.creditcards.com/visa-and-mastercard-take-new-steps-to-stop-credit-card-fraud.php) • “Visa USA Pledges $20 Million in Incentives to Protect Cardholder Data”, Visa Corporate Press Release, December 12, 2006 (http://corporate.visa.com/md/nr/press667.jsp) • ChoicePoint Settles Data Security Breach Charges; to Pay $10 Million in Civil Penalties, $5 Million for Consumer Redress, Federal Trade Commission Press Release, January 26, 2006 • “The Hidden Cost of IT Security,” Network Security Journal, Cindy Waxer, April 16, 2006 http://www.networksecurityjournal.com/features/hidden-cost-of-IT-security-041607/

More Related