1 / 18

SHI-State of Arkansas Technology Meeting

SHI-State of Arkansas Technology Meeting. State of Arkansas Sales Team David Rounds– Senior Account Executive Chris Hampton – Systems Integration Consultant David Elam– Services Executive 9/2/2009. Agenda. Introduction and Executive Overview of SHI

lunea-clark
Download Presentation

SHI-State of Arkansas Technology Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SHI-State of ArkansasTechnology Meeting State of Arkansas Sales Team David Rounds– Senior Account Executive Chris Hampton – Systems Integration Consultant David Elam– Services Executive 9/2/2009

  2. Agenda • Introduction and Executive Overview of SHI • SHI’s Core Offerings – product fulfillment • SHI’s Service offering • Why Encryption? • Q&A Session SHI Government Solutions Headquarters – Austin, TX

  3. Executive Overview Global provider of IT products, services and solutions 20-Year Anniversary in 2009! • 1989 – regional software-only reseller Financially strong, stable and consistently profitable • Every quarter, every year $3.7 billion in sales in 2008* • Topped 1,200+ employees Most experienced field sales force • Average tenure at SHI: • Field rep: 6+ years • Management team: 12 years *Sales and transaction volume supported

  4. Executive Overview 2008 - $3.7 billion represents • 13% growth from 2007 Highest Growth Segments • Mid-Size Corporate • Public Sector • Canada, EMEA, Asia Globalization Continues • 10% of Sales outside U.S. Long-term Goal • Become the #1 strategic IT partner for all organizations

  5. SHI Core Competencies

  6. Core Offerings - Product Fulfillment

  7. Presentation Overview • Encryption Defined • Encryption Algorithms • Common Uses • What should be encrypted? • Why is encryption important? • Data-Centric Security • Protecting Unstructured Data

  8. What is encryption? • Encryption is the process of making readable information unreadable to anyone… except those that possess the key • Originated in ancient times to keep information secret • Caesar cipher – transposition of alphabet shifted certain number of places (A becomes D, B becomes E, etc.) • Protect courier information between Rome and armies • Used to protect confidentiality of information • Commonly deployed in data at rest (hard drives, USB drive) and data in transit (VPN, SSL)

  9. Encryption Algorithms • Several encryption algorithms used today • Advanced Encryption Standard (AES) • Triple DES (3DES) • Blowfish • WEP, LEAP, PEAP, WPA • SSL, S/MIME • Kerberos, PKI • Each offer different levels of encryption (i.e. size of encryption key) • AES (128, 192, and 256 bit keys) • 3DES (56, 112, and 168 bit keys) • Blowfish (32-448 bit keys, 128 bit default) • Larger key means better level of protection • Algorithm used should depend on sensitivity of data being encrypted

  10. Common Encryption Uses • Data at rest • Protect data should physical security measures fail • Encrypted hard drive (laptops), external hard drive • 32% of all data breaches in 2008 were due to lost or stolen laptop, mobile phone, or other portable media device (Src: laptoptheft.org) • USB flash drive • Employees often take (sensitive) work-related documents home • Small and easy to misplace • Data in transit • In 2007 US government report showed that 71% of companies surveyed used some form of encryption for securing data in transit (Src: wikipedia.org) • VPN (remote employee access for email, system administration) • SSL (ex. Secure banking website, online merchants) • Wireless access point (WEP, WPA)

  11. What should be Encrypted? • Laptop • Desktop • USB key (thumb drive/flash drive) • External hard drive • Mobile devices (cell phone, PDA, pocket pc, tablet) • Hard drives • Email • Files • Databases • Connection Media (between servers, VOIP lines, Portals) • Web Applications

  12. Why is encryption important? • Confidentiality of data must be maintained • Compliance Regulations (HIPAA, PCI, SOX, GLBA, etc…) • Sensitive data must be protected (not just company’s data, but customers’ as well) • Credit card numbers • Social Security numbers • Health records • HR employee records • Company financial data • Proprietary company information accessed by remote employees • VPN should be used for remote access to email, system administration *** Email, remote administration sessions, and configurations risk INTERCEPTION if not encrypted ***

  13. Why is encryption important? (cont.) • Attackers are constantly trying to gain access to sensitive data • Encrypted data deters would-be attackers as the time and effort required to defeat encryption methods is exponentially higher • Older forms of encryption have already proven to be insecure due to continually increasing computing power • WEP keys can be cracked in as little as 1 minute • MD2 shown to be vulnerable to attack in 2004 Encryption is necessary to prevent both planned and accidental loss!

  14. Why is encryption important? (cont.) • Statistics (Src: wikipedia.org, laptoptheft.org, watchyourend.com, privacyrights.org) • Laptop Theft • 48% rise in laptop thefts from 2007-2008 (73,700 to 109,000) • File server and several laptops stolen from AIG that stored private data of 970,000 customers in 2006 • Laptop containing debit card info & SSNs of 65,000 stolen from a YMCA office in 2006 • Stolen UC Berkeley laptop contained personal data of almost 100,000 in 2005 • USB Flash Drive • Countrywide lost 2 million records in 2008 when an employee copied 20,000 records at a time to flash drive • 4,150 employee names and SSNs lost by Erlanger Health System in 2006 when USB drive stolen form locked office • In 2006 Cal State LA employee lost USB drive in stolen purse containing 2,534 containing student and faculty records, including SSNs and user credentials

  15. Data-Centric Security Data-Centric Security • Applies to many types of data, residing on multiple devices and platforms, accessed by varied classes of users. • There’s no single type of data and there’s no single solution to data-centric protection. • The solution is a phased, prioritized approach that matches protection to the specific data-types and use cases.

  16. Data-Centric Security (cont.) Effective data-centric security requires multiple initiatives. The four primary initiatives in a data-centric security program are: • Information Classification • Encryption and Digital Rights Management • Re-architecting the Infrastructure • Information Leak Prevention (ILP) a.k.a. Data Leak Prevention (DLP) “Encryption is a key initiative in a Data-Centric solution”

  17. Protecting Unstructured Data • What is unstructured data? • Data such as Word and Excel documents, images, emails and instant messages. • 70-90% of most organization’s data is unstructured • Recent research indicates that only 23% of organizations feel this data is properly protected (Src: Brian Fonseca, ComputerWorld, July 1, 2008) • Protecting unstructured data with encryption • Transit Only protection • SSL • VPNs • Rest Only protection • Native database encryption (encrypts data before its stored) • Full-disk encryption (encrypts entire contents of hard drive) • Transit and Rest protection • File and data encryption (only sensitive files are encrypted) • Less invasive • Protection follows the data

  18. Questions?

More Related