350 likes | 575 Views
Imation Mobile Security Product Overview. Presented by: . AGENDA. 03 09 15 22 28. Securing Your Mobile Workforce Portfolio Overview Management Solutions Control Software Solutions Q & A. Imation Mobile Security Say YES! To Securing Your Mobile Workforce. Imation Mobile Security.
E N D
Imation Mobile Security Product Overview Presented by:
AGENDA 03 09 15 22 28 Securing Your Mobile Workforce Portfolio Overview Management Solutions Control Software Solutions Q & A
Imation Mobile SecuritySay YES! To Securing Your Mobile Workforce
Imation Mobile Security Say YES! To Securing Your Mobile Workforce. Workers demand flexibility, usability, and choice in the face of their escalating compliance and security needs. IT is caught in the middle trying to enable the workforce while avoiding the nightmares that come with security breakdowns. Imation’s solutions enable you to be confident that your organization has the right solutions in place to safeguard data for your road warriors, teleworkers and contractors. When you secure your mobile workforce, you can say Yes! to letting employees work they way they want to work –anywhere, anytime. Sources: Ponemon Institute; McAfee; Gartner; IDC
User Mobility • Today’s user is mobile • Teleworkers (Telework Enhancement Act, December 2010) • Field personnel • Contractors • Using multiple computers and devices • What’s important to your mobile workforce • Data. The information users need to do their jobs. • Identity. The identities users use to access systems and communicate. • Workspace. The tools and applications that make users productive.
Data: The Problem • Your data is going mobile, too • Security, compliance, regulatory problems • If you cut it off completely, it’s a productivity problem • Behaviors • 50%+ of employees use portable devices to take confidential data out of the business every week • 87% of organizations do not encrypt USB devices or portable media • Results • 75% of organizations have suffered data loss from negligent/malicious insiders (e.g. WikiLeaks) • Data breaches cost $214/record, and average $7.2M/breach Sources: Ponemon Institute; McAfee; Gartner; IDC
Data: What to Do • Solve these problems • Lock out unauthorized devices/media • Authorize specific devices, but encrypt them, and require strong authentication to them • Centrally manage policies, remotely kill rogue devices – even over the Internet • Audit data that leaves your network on devices • Gartner: It’s always cheaper to invest in Mobile Data Protection than to pay for a breach Sources: Ponemon Institute; McAfee; Gartner; IDC
Identity: The Problem • Identities are vulnerable & they’re proliferating • Security breaches • Complexity for users • Behaviors • 20% growth (2010-2014) in multifactor authentication • 40M+ active RSA SecurID tokens, many are transitioning to digital certificates after the RSA breach • 87% of users have multiple passwords • Results • 54% of companies had an online access data breach in 2010 • 30-50% of help desk calls are for password resets • Users tend to use the same password on multiple systems (“keys to the castle”) • 50% of identity spending is on integration services Sources: Forrester; Technavio; Aberdeen
Identity: What to Do • Solve these problems • Strongly authenticate users • Plan for identity technology transitions • Reduce the number of user passwords • Reduce what users have to carry • Blend your identity plan into other efforts to reduce implementation costs Sources: Ponemon Institute; McAfee; Gartner; IDC
Workspace: The Problem • Workspaces are no longer just the computer down the hall • Laptops leave the office • Multiple computers in varying locations; user-owned systems • Mobile workspaces must be usable, supportable, secure, & compliant • Behaviors • 69% of organizations have some users working on their own laptops • 60-70% of private sector orgs have teleworking, 34% of their employees participate for 40% of their time • 20% or more teleworking mandated in US Federal agencies, one million employees affected • Mobile users often must make do with less than an in-office user (e.g. VDI, feature-reduced applications) • Results • 1700 laptops are stolen daily • Studies show telework effectiveness tied to user experience • Personal devices mean 59% of IT departments supporting added OSes • 82% of IT departments are worried about use of personal devices Sources: Ponemon; Gartner; Journal of Applied Psychology; Dell KACE
Workspace: What to Do • Solve these problems • Lock down user workspaces with encryption & authentication • Give mobile users full-featured work environments • Figure out how to get a standard, supportable desktop image on any computer an employee wants to use Sources: Ponemon Institute; McAfee; Gartner; IDC
MARKET SITUATION DATA GROWTH Worldwide mobile workforce totaled 919.4 million in 2008 and is estimated to reach 1.19 billion in 20134 The growth of digital information has rapidly surpassed expectations.By 2011 digital universe will be 10 times size of 2006 INCREASED DATA MOBILITY 50% of employees admit to using portable devices to take confidential data out of the business every week5 The importance of data has increased its access and mobility requirements making it more difficult to secure and protect 77% of CEOs reported a corporate data breaches3 INCREASED DATA BREACHES As data and its mobility grow, the amount of data breaches and data exposure has also grown 25% of malware attacks are spread by unencrypted USB devices3 REGULATIONS INCREASING Increased data exposure has resulted in increased regulations and reporting requirements globally 2010 cost per record3 US: $214 UK: £64 Germany: €132 France: €89 COST OF DATA BREACHES GROWS Increased reporting requirements and increased data breaches results in increased breach costs 1Source: IDC – The Diverse and Exploding Universe – March 2008 2Source: Identity Theft Resource Center – 2010 Data Breach Stats January 3, 2011 3Source: Ponemon Institute - 2010 Annual Study: U.S. Cost of a Data Breach – March 2011 4Source: IDC Report 2009 5Source: McAfee Survey 13
KEY CONCERNS OF SECURITY PROFESSIONALS Trends in Removable Device Security Explosive Growthof Mobile Devices Escalating Privacy Regulations Public Embarrassment and Disclosure Cost USB Memory Sticks Sold Units BlackBerrySmartPhone + Palm/Treo PocketPC Laptops Desktops 1995 2000 2005 2010 Loss of customer data or intellectual property = fines and loss of reputation Data Protection: Top IT Priority Today • Removable device control, protection & management has become a key issue for IT Security Staff • Many security professionals are focusing on a layered security approach
CUSTOMER TARGETS GOVERNMENTS, ENTERPRISE & SMBs 15
BUSINESS REQUIREMENTS • Regulatory Compliance • Data Loss Prevention • Costs of breaches • Negative brand publicity • Disaster Recovery • Minimise impact of adverse conditions • Minimise risk of lost and stolen devices • Productivity • Restricted use of USB devices • Too many passwords • Secure Mobility • Secure users and assets • Teleworking and temporary personnel • Secure Workspace
SOLUTIONS OVERVIEW Imation Mobile Security solutions secure data, identities and workspaces - anywhere, anytime • Data Security • Secure data encryption • Secure user authentication • Secure data protection • Identity Security • Secure user and network authentication • Secure network and resources access • Secure communication • Workspace Security • Secure data encryption and applications • Secure user authentication • Secure portable computing 87% of organizations do not encrypt USB or portable media devices 75% of organizations have suffered data loss from negligent insiders 51% of enterprise users stored confidential data on flash drives (Ponemon Institute 2009) 1 in 4 malware attacks are spread by infected USB devices
SEGMENT & PORTFOLIO MAP IMATION HAS A ROBUST SECURITY & PROTECTION PORTFOLIO ACROSS MARKET SEGMENTS IMATION PORTFOLIO USER REQUIREMENTS • FIPS 140-2, Level 3 Validation • AES 256-bit Hardware Encryption • Multiple Factor Authentication • DOD, CAPS, AIVD, NATO Certified • Digital Certificates • Enterprise Management Solutions with Auditing and Remote kill • Port and Device Control • Hippa, Hitech, SOX Compliance,Basel II, ICO • FIPS 140-2. Level 1 & 3 Validation • AES 256-bit Software Encryption • Cost Effective • Single-Factor Authentication • EHDD & Flash: F100, F150, F200 + Biometric, H100 & H200 + Biometric, S200, D200 • StealthZONE • Access Enterprise Management Console • IronKey Enterprise • IronKey Management Enterprise Service • Defender Collection Software Suite: Server, Client & Applet • Defender Optical & F50 Flash • IronKey Basic & Personal, S200, D200
Optical CD, DVD & Blu-Ray F50 Pivot 2GB - 32GB 700MB, 4.7GB & 25GB HARDWARE OVERVIEW FIPS 140-2 LEVEL 3 (HW)TWO-FACTOR F200, Biometric + StealthZONE Enterprise & Personal S200 + D200 H200 + Biometric 250GB – 750GB (1TB) 1GB – 32GB 1GB – 32GB 1GB – 64GB FIPS 140-2 LEVEL 3 (HW)ONE-FACTOR F100 & F150 H100 Basic S200 + D200 1GB - 64GB 250GB – 750GB (1GTB) FIPS 140-2 LEVEL 1 (SW) ONE-FACTOR
HARDWARE FEATURES FIPS 140-2, Level 1256-bit AES SW Encryption FIPS 140-2, Level 3256-bit AES HW Encryption Enterprise & Personal S200 + D200 H200 + Biometric 250GB – 750GB (1TB) 1GB – 32GB F200, Biometric + StealthZONE Optical CD & DVD F50 Pivot 700MB – 4.7GB 2 - 32GB 1GB – 64GB
PORTABLE COMPUTING • Secure, portable workspace • Boot-from-USB, full host computer isolation • Fully hardware encrypted • Strong user authentication • Manageable • Fast, full Windows desktop • Zero client footprint • No network access required • No virtualisation
MANAGEMENT OVERVIEW Data Leakage Prevention (DLP) Extreme/High-Security (FIPS L3 HW) Device Management ACCESS ENTERPRISE™ • Forensic Auditing • Device/Port Control • Encrypt third party devices(existing investment) • File-level blocking • No Mac or Linux support • On-premise server • StealthZone & ACCESS Identity (current/future plans) • HDD and Bio Device Support • Active Directory • Custom images • Multi-factor authentication (Bio) • Limited Linux support • McAfee ePO Customers • Free AV on McAfee devices • NTFS on HDD • No Internet-based management • Multi-factor authentication (Bio, CAC/PIV) • Limited Mac, no Linux support • Hosted Service (outsourced management) • Existing IK user • RSA SecurID • IK Apps incl. secure browser • Supports fastest Flash Devices • Strongest Linux support Optical, F50, generic removable storage F150, F200, HD 100, HD200, MXI, McAfee MXI, McAfee (soon F150, F200, HD100, HD200) IronKey 200-Series (soon 400-Series)
MANAGEMENT SOLUTIONS OVERVIEW ACCESS STANDARD ACCESS ACCESS ENTERPRISE™ MANAGER ENTERPRISE™ SERVER Imation Mobile Security management on-premise and cloud-based solutions provide provisioning, policy enforcement, management, and auditing and reporting. Customers have a choice of best-fit solutions: • ACCESS Standard:Designed for smaller organizations, who wish to individually manage devices • ACCESS Enterprise Manager:Ideal for larger organizations, who require centralized management and policy enforcement • ACCESS Enterprise Server:Designed for those that require distributed provisioning and the most robust security features including reporting and remote revocation • IRONKEY Enterprise Service: Designed for those that requirecloud-based provisioning, management and the most robust security features including reporting and remote device access
ACCESS STANDARD FEATURES & BENEFITS: Factory Installed: Devices are pre-configured with necessary tools to setup users and policies Optional Administrator Role: Smaller organizations can have an administrator individually pre-configure devices for password policy and authentication rules, or recycle devices for use by another employee Strong Password and Authentication Rules: Define rules for password length, special characters, retry attempts, re-use, etc. For biometric devices define single-factor or multi-factor authentication Device Wipe: Optionally configure devices to wipe data if a password authentication retry attempt value has been exceeded Portability: ACCESS runs directly from the device from any PC (does not require Admin rights) or Mac, with no trace left behind. Note: Beta support for select versions of Linux currently available Upgradable to Central Management: Individual devices can be upgrade in the future to work with ACCESS Enterprise Manager or Server for centralized control by a network administrator ACCESS STANDARD Factory-installed tools for individuals and small groups to configure devices and policies
ACCESS ENTERPRISE MANAGER FEATURES & BENEFITS: Policy Control: Lets you administer industry-leading authentication, password structure, password usage, and device recovery policies from a centralized console. Centralized Management:Allows administrators to configure policies once, then deploy to individual devices during provisioning Active Directory Integration:Makes defining group policies simple for large organizations Optional Anti-Virus:Choose to have anti-virus software loaded onto the devices during setup for additional protection of your storage device and host system Multiple Templates & Profiles:Define different configurations, policies and content based on the device or user. Reporting Capabilities: Pre-configured reports now provide auditing data and information regarding devices, users and deployment status. Self-Management: Once initialized by the administrator, users can set up their devices following predefined security policies On-Premise Security: Runs inside your corporate IT environment, for the utmost in control and security Portable Content Manager: Allows IT administrators to simply drag and drop corporate applications that can be pre-loaded onto employee portable devices. ACCESS ENTERPRISE™ MANAGER Central Management Tools to simplify provisioning, configure devices, and enforce password and authentication policies
ACCESS ENTERPRISE SERVER FEATURES & BENEFITS (includes AE Manager features): Distributed Provisioning: When a user receives a device, it connects to the server to obtain policies and updates, while administrators retain centralized control—and can create groups and specify policies through integration with Active Directory. Remote Revocation:When necessary, an administrator can revoke user privileges remotely. This capability provides a reliable means of taking additional security measures on short notice, such as lost or stolen drives, or employee termination. Administrators can reinstate user privileges the same way. Remote Policy Updates: updated in-network, or over the internet Improved Data Rescue:Users can regain access to blocked device using their Windows Log-in credentials. ACCESS ENTERPRISE™ SERVER Server-based Central Management Tools for streamlined provisioning, device configuration, and most robust security features
IRONKEY ENTERPRISE SERVICE FEATURES & BENEFITS: Policy Control: Lets you administer industry-leading authentication, password structure, password usage, and device recovery policies from a centralized console. Centralized Management:Allows administrators to configure policies once, then deploy to individual devices during provisioning Anti-Malware Service:Choose to have anti-virus/Malware software loaded onto the devices during setup for additional protection of your storage device and host system Multiple Templates & Profiles:Define different configurations, policies and content based on the device or user. Reporting Capabilities: Pre-configured reports now provide auditing data and information regarding devices, users and deployment status. Self-Management: Once initialized by the administrator, users can set up their devices following predefined security policies Cloud Based Security: Runs cloud based IT environment, for the utmost in control and security and ease of management and set up costs Remote Management and Silver Bullet:When necessary, an administrator can revoke user privileges remotely. This capability provides a reliable means of taking additional security measures on short notice, such as lost or stolen drives, or employee termination. Administrators can reinstate user privileges the same way. IronKey Enterprise Service Policy Reporting Anti- Malware Password Assistance Silver Bullet Secure Sessions Cloud-based Central Management Console for provisioning, device configuration, management, policy enforcement, and auditing and reporting Hardware Encryption Secure Backup Rugged Design RSA SecurID High-Performance Password Manager Cross-Platform Secure Browser
CONTROL FAMILY OVERVIEW Imation Control Software solutions provide tools for device management, software encryption, file-blocking and forensic auditing Customers have a choice of best-fit solutions: • Control Server:Central Management tool to define usage policies and controls around virtually any removable storage device • Control Client:Installed on individual PCs to enforce policies defined in control server, including white-list/black-list, file blocking. Also used to deploy device controls on individual removable media devices • Device Controls:“Applets” loaded onto individual devices to enforcepolicies defined in control server, track audit details, and optionally provide encryption, file hiding, and anti-virus tools for individual devicesF50 Pivot and Defender Optical media have pre-loaded Device ControlsNOTE: Control family currently compatible with Windows only – no Mac or Linux
CONTROL SERVER FEATURES & BENEFITS: Policy Management:Offers policy management controls such as password creation and enforcement, length, special characters, re-authorization interval settings, and automatic drive authorization and encryption. Define Policies & Rules: Set policies by device type, brand, model or serial number – use with Control Client to set unique policies by device type, brand, model, VID, PID or serial number. Forensic Audit Tracking: Retains audit trails of what files are stored and used on removable drives and media, plus details on where files are copied to from the removable device; audit trail contains metadata about drive and media contents, easily searched for reporting purposes. Remote Revocation: Allows administrators to remotely revoke devices and optionally shred contents if device is lost or stolen. Remote Recovery: Helps administrators assist users remotely recover lost or forgotten passwords, without exposing the passwords to the help desk administrators. Master Key Enablement: Allows highest level administrators (typically Chief Security Officer) to access protected devices. Centrally control, manage and audit virtually ALL the removable data storage devices & media in your organization
CONTROL CLIENT FEATURES & BENEFITS: Device Blocking: Block the use of unauthorized devices on protected PCs and networks. File Control: Restrict files names and file types from being copied from the corporate network to removable devices Automatic Encryption: Automatically encrypt approved devices if encryption policy is set; transparently decrypt files from devices if they have been encrypted. Deploy Device Controls: Policy based deployment of Device Controls onto devices to enable encryption, remote revocation and forensic auditing and reporting. Enforces the types of removable storage devices that can be used on a specific PC and how they can be used. Set unique policies by device type, brand, model, VID, PID or serial number. Virus Protection (optional): Protect PCs and the corporate network from accidental infection from viruses. Deployment of antivirus or forced scans prior to reading a device. Control Server: Use Control Client in conjunction with Control Server to centrally control, manage and audit virtually all the removable data storage devices and media in your organization. Policy based control, management and protection of sensitive information on devices connected to individual computers
DEVICE CONTROL FEATURES & BENEFITS: Encryption: Add AES 256 bit software encryption for virtually all removable storage device types and brands. Intuitive user interface for multiple file and folder encryption and decryption with easy to use, drag-and-drop functionality. Automatic detection and encryption of files written or copied to the drive. FIPS Validated: FIPS 140-2 level 1 validated encryption algorithms for device and file encryption -certification #343, #347, #563, #819. Password Recovery: Built in user-based password recovery. Virus & Malware Protection: Optional virus and malware scanning detects, blocks and deletes any viruses or malware that have infected a removable drive. You can also scan the contents of an untrusted or unprotected “host” PC prior to copying files onto your device File Hiding: Optional file hiding ensures that file and folder names are not visible unless the correct password is provided by the device. Zip Compression: Optional integrated Zip compression improves drive storage capacity. Portability: Device Control runs directly from the device; allows access to protected information from any PC, with no admin rights or install. Extend the end-point: Controls follow the device(s) off the network, and continue to provide encryption/decryption and file auditing Portable, easy-to-use encryption and management applications that can be loaded on virtually any removable data storage device