1 / 15

Laptop Disk Encryption Colorado’s Approach

Laptop Disk Encryption Colorado’s Approach. Presented to: Ohio Digital Government Summit October 16, 2007. Overview. Colorado’s Data Security Environment Acquisition Strategy The State’s Acquisition Process Trade-Offs Results Current Status What We’ve Learned.

ike
Download Presentation

Laptop Disk Encryption Colorado’s Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Laptop Disk EncryptionColorado’s Approach Presented to: Ohio Digital Government Summit October 16, 2007 Ohio Digital Government Summit 2007

  2. Overview • Colorado’s Data Security Environment • Acquisition Strategy • The State’s Acquisition Process Trade-Offs • Results • Current Status • What We’ve Learned Ohio Digital Government Summit 2007

  3. Colorado’s Data Security Environment • Background • Appointment of CISO • House Bill 1157 • Laptop Related Incidents • Goals • Pre-empt the Problem with a Solution • Get It Done Fast • Solve it for the Enterprise • Make It Comprehensive • Provide a Solution With Staying Power Ohio Digital Government Summit 2007

  4. Acquisition Strategy • What’s Available • What Does Gartner Think • What’s the Scope? • RFP? • Agency Collaboration/Communications • State Employee Teams Ohio Digital Government Summit 2007

  5. Requirements TradeoffsCapability vs Price Walking the tight rope Technical Requirements Cost and Pricing Considerations Ohio Digital Government Summit 2007

  6. IDENTITY MANAGEMENT SYSTEM MGT. CAPI COMPATIBLE LINUX MAC W95 W98 WNT WME WXP VM REMOTE USER MGT. W2K FILE ENCRYPTION LOG MGT. DIGITAL SIGNATURE PKI INTEGRATION SSO S/MIME ENCRYPTION PHONE / PDA USB / CD / DVD FOLDER ENCRYPTION TOKEN SUPPORT TRAINING SUPPORT PROF. SERVICES PRICE CENTRAL PRODUCT MANAGEMENT CENTRAL KEY MANAGEMENT PRE-BOOT AUTHENTICATION FULL DISK ENCRYPTION Capabilities Desired

  7. IDENTITY MANAGEMENT SYSTEM MGT. WME LINUX MAC W95 W98 WNT CAPI COMPATIBLE WXP VM REMOTE USER MGT. W2K FILE ENCRYPTION LOG MGT. DIGITAL SIGNATURE PKI INTEGRATION SSO S/MIME ENCRYPTION PHONE / PDA USB / CD / DVD FOLDER ENCRYPTION TOKEN SUPPORT TRAINING SUPPORT PROF. SERVICES PRICE CENTRAL PRODUCT MANAGEMENT CENTRAL KEY MANAGEMENT PRE-BOOT AUTHENTICATION FULL DISK ENCRYPTION Capabilities “Proposed” Ohio Digital Government Summit 2007

  8. Technical Requirements Full disk encryption Password at boot Secure storage of keys Removable devices User transparency Multiple operating systems Network based solution Key backup/recovery Remote installation Central pass-phrase management Training Cost and Pricing Considerations Firm-fixed-price initial buy Enterprise price agreement Mandatory price agreement Specified size of initial buy License mobility 4-year product support term Optional feature considerations Total bid price The Tight Rope Ohio Digital Government Summit 2007

  9. The State’s Acquisition Process Trade-Offs • The Tradeoffs were made: • IFB – 3 Months, Significant Risks • RFP – 8 Months, Less Risk, Too Long • RFP Selected - We Had 5 Months • Adopted Accelerated Project Management Approach Ohio Digital Government Summit 2007

  10. LTE Project’sApproach - Acquisition • Write and Issue RFP • Respond to Bidder Questions • Evaluate Bidder Responses • Step One – Technical Evaluation/Demo • Step Two – Price Evaluation/Selection • Step Three – Acceptance Testing • Negotiate Mandatory Price Agreement Ohio Digital Government Summit 2007

  11. LTE Project’s Approach – Leveraging A Solution • All Departments Funded by CISO ($450K) • 6,700 Laptops in the Baseline • Executive Departments Must use the Mandatory Price Agreement for Future Product Purchases • Secretary of State, Attorney General, Higher Education, and Local Governments May Use Price Agreement • Coordination/Communications with Departmental CIO’s • Technical Evaluators from Executive Branch Departments • Acceptance Testing Involved Same Departments • Centralized Training Provided to All Agency Technical Personnel Ohio Digital Government Summit 2007

  12. Results • Pre-emptive Solution Accepted • Near On-Schedule Completion of Acquisition Component of the Project • Coordination/Communication with Departments – Beneficial • Technical Training of Agency IT Personnel Completed On-Schedule • Enterprise Solution Accepted • Implementation Rate - Acceptable Ohio Digital Government Summit 2007

  13. Current Status Estimated Completion: Feb 2008 2007 2008 Ohio Digital Government Summit 2007

  14. What We Learned • Project Management Fundamentals Pay Off • Planning Project/Schedule Essential • Leveraging the State’s Buying Power Works! • Procurement Methods Vary in Terms of Time, Risk, and Effectiveness • Communications/Coordination with Agencies Vital • Funding Should Not an Issue • Making Trade-offs Up-Front Necessary • Acceptance Testing Involving Agency Technical Experts Leads to Buy-In • Training Up-Front Essential to Buy-In as Well • Following-Ups On Agency Implementation Necessary Ohio Digital Government Summit 2007

  15. Contact Information Bob Feingold bfeingold@centerdigitalgov.com 303-810-3215 Ohio Digital Government Summit 2007

More Related