180 likes | 416 Views
SHI-State of Arkansas Technology Meeting. State of Arkansas Sales Team David Rounds– Senior Account Executive Chris Hampton – Systems Integration Consultant David Elam– Services Executive 9/2/2009. Agenda. Introduction and Executive Overview of SHI
E N D
SHI-State of ArkansasTechnology Meeting State of Arkansas Sales Team David Rounds– Senior Account Executive Chris Hampton – Systems Integration Consultant David Elam– Services Executive 9/2/2009
Agenda • Introduction and Executive Overview of SHI • SHI’s Core Offerings – product fulfillment • SHI’s Service offering • Why Encryption? • Q&A Session SHI Government Solutions Headquarters – Austin, TX
Executive Overview Global provider of IT products, services and solutions 20-Year Anniversary in 2009! • 1989 – regional software-only reseller Financially strong, stable and consistently profitable • Every quarter, every year $3.7 billion in sales in 2008* • Topped 1,200+ employees Most experienced field sales force • Average tenure at SHI: • Field rep: 6+ years • Management team: 12 years *Sales and transaction volume supported
Executive Overview 2008 - $3.7 billion represents • 13% growth from 2007 Highest Growth Segments • Mid-Size Corporate • Public Sector • Canada, EMEA, Asia Globalization Continues • 10% of Sales outside U.S. Long-term Goal • Become the #1 strategic IT partner for all organizations
Presentation Overview • Encryption Defined • Encryption Algorithms • Common Uses • What should be encrypted? • Why is encryption important? • Data-Centric Security • Protecting Unstructured Data
What is encryption? • Encryption is the process of making readable information unreadable to anyone… except those that possess the key • Originated in ancient times to keep information secret • Caesar cipher – transposition of alphabet shifted certain number of places (A becomes D, B becomes E, etc.) • Protect courier information between Rome and armies • Used to protect confidentiality of information • Commonly deployed in data at rest (hard drives, USB drive) and data in transit (VPN, SSL)
Encryption Algorithms • Several encryption algorithms used today • Advanced Encryption Standard (AES) • Triple DES (3DES) • Blowfish • WEP, LEAP, PEAP, WPA • SSL, S/MIME • Kerberos, PKI • Each offer different levels of encryption (i.e. size of encryption key) • AES (128, 192, and 256 bit keys) • 3DES (56, 112, and 168 bit keys) • Blowfish (32-448 bit keys, 128 bit default) • Larger key means better level of protection • Algorithm used should depend on sensitivity of data being encrypted
Common Encryption Uses • Data at rest • Protect data should physical security measures fail • Encrypted hard drive (laptops), external hard drive • 32% of all data breaches in 2008 were due to lost or stolen laptop, mobile phone, or other portable media device (Src: laptoptheft.org) • USB flash drive • Employees often take (sensitive) work-related documents home • Small and easy to misplace • Data in transit • In 2007 US government report showed that 71% of companies surveyed used some form of encryption for securing data in transit (Src: wikipedia.org) • VPN (remote employee access for email, system administration) • SSL (ex. Secure banking website, online merchants) • Wireless access point (WEP, WPA)
What should be Encrypted? • Laptop • Desktop • USB key (thumb drive/flash drive) • External hard drive • Mobile devices (cell phone, PDA, pocket pc, tablet) • Hard drives • Email • Files • Databases • Connection Media (between servers, VOIP lines, Portals) • Web Applications
Why is encryption important? • Confidentiality of data must be maintained • Compliance Regulations (HIPAA, PCI, SOX, GLBA, etc…) • Sensitive data must be protected (not just company’s data, but customers’ as well) • Credit card numbers • Social Security numbers • Health records • HR employee records • Company financial data • Proprietary company information accessed by remote employees • VPN should be used for remote access to email, system administration *** Email, remote administration sessions, and configurations risk INTERCEPTION if not encrypted ***
Why is encryption important? (cont.) • Attackers are constantly trying to gain access to sensitive data • Encrypted data deters would-be attackers as the time and effort required to defeat encryption methods is exponentially higher • Older forms of encryption have already proven to be insecure due to continually increasing computing power • WEP keys can be cracked in as little as 1 minute • MD2 shown to be vulnerable to attack in 2004 Encryption is necessary to prevent both planned and accidental loss!
Why is encryption important? (cont.) • Statistics (Src: wikipedia.org, laptoptheft.org, watchyourend.com, privacyrights.org) • Laptop Theft • 48% rise in laptop thefts from 2007-2008 (73,700 to 109,000) • File server and several laptops stolen from AIG that stored private data of 970,000 customers in 2006 • Laptop containing debit card info & SSNs of 65,000 stolen from a YMCA office in 2006 • Stolen UC Berkeley laptop contained personal data of almost 100,000 in 2005 • USB Flash Drive • Countrywide lost 2 million records in 2008 when an employee copied 20,000 records at a time to flash drive • 4,150 employee names and SSNs lost by Erlanger Health System in 2006 when USB drive stolen form locked office • In 2006 Cal State LA employee lost USB drive in stolen purse containing 2,534 containing student and faculty records, including SSNs and user credentials
Data-Centric Security Data-Centric Security • Applies to many types of data, residing on multiple devices and platforms, accessed by varied classes of users. • There’s no single type of data and there’s no single solution to data-centric protection. • The solution is a phased, prioritized approach that matches protection to the specific data-types and use cases.
Data-Centric Security (cont.) Effective data-centric security requires multiple initiatives. The four primary initiatives in a data-centric security program are: • Information Classification • Encryption and Digital Rights Management • Re-architecting the Infrastructure • Information Leak Prevention (ILP) a.k.a. Data Leak Prevention (DLP) “Encryption is a key initiative in a Data-Centric solution”
Protecting Unstructured Data • What is unstructured data? • Data such as Word and Excel documents, images, emails and instant messages. • 70-90% of most organization’s data is unstructured • Recent research indicates that only 23% of organizations feel this data is properly protected (Src: Brian Fonseca, ComputerWorld, July 1, 2008) • Protecting unstructured data with encryption • Transit Only protection • SSL • VPNs • Rest Only protection • Native database encryption (encrypts data before its stored) • Full-disk encryption (encrypts entire contents of hard drive) • Transit and Rest protection • File and data encryption (only sensitive files are encrypted) • Less invasive • Protection follows the data