1 / 24

Rob MacIntosh West Coast Sales Director Utimaco Safeware, Inc

Rob MacIntosh West Coast Sales Director Utimaco Safeware, Inc. Endpoint Encryption: Evolution and Trends in Data Security. Agenda. Data theft and loss Analysis of Full Disk Encryption solutions Software OS HDD-based Chipset Q&A. Data Security Business Drivers. Securing….

savannah-sargent
Download Presentation

Rob MacIntosh West Coast Sales Director Utimaco Safeware, Inc

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Rob MacIntosh West Coast Sales Director Utimaco Safeware, Inc Endpoint Encryption: Evolution and Trends in Data Security

  2. Agenda • Data theft and loss • Analysis of Full Disk Encryption solutions • Software • OS • HDD-based • Chipset • Q&A

  3. Data Security Business Drivers. Securing…

  4. Data Loss Or Theft Is ExpensiveRecent Surveys Say… Data Is The Target

  5. Compliance Regs. Mandate Data SecurityProtection Of Confidential and/or Private Data • Federal • GLBA, HIPAA, PCI • States: 44/50 require “Reasonable measures” • CA: Breach notification (personal, medical). Encryption exempt • OR: Similar to CA (personal). Fines for delayed disclose • WA: Similar to CA • States (“Specific measures”) • NV: Encrypt PII data in transit outside the enterprise • MA: Encrypt all personal information • Canada • PIPEDA: Protect personal info. – collected, used, disclosed. Technologies: e.g., passwords, encryption

  6. Data Breach Headlines to be Avoided • TJX • In store communications intercepted? • Data for 94 million customers lost • Reported on October 24, 2007 • Source: www.msnbc.com 245 Million Data Records of U.S. Residents Exposed Since 2005 Source: www.privacyrights.org

  7. Data Security Is Top Issue On The Agenda68% Of Firms Consider It To Be Very Important Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009

  8. Full Disk Encryption Is A Top InitiativeTop Client Security Tech. For Near-Term Pilot Or Adoption Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009

  9. Laptop Theft/Fraud No. 3 Concern – 42%CSI Computer Crime & Security Survey (October 2008 )

  10. Loss of Private, Confidential Information2008 Data Breach Investigations Report -- Verizon Business

  11. Data Security Solution RequirementsUtimaco Customer Surveys…Encryption, And More… • Define security roles and responsibilities • Enforce consistent polices • Provide transparent security to end-users • Enable secure data sharing and recovery • Allow easy deployment and administration • Facilitate quick, on-demand audits

  12. Full Disk Encryption (FDE)ForLaptops, Desktops and Servers • Encrypts and secures all data on HDD • Enforces pre-boot authentication for users • Secure protection: Power-off, hibernation • Confidentiality of IP • Protection of privacy • Compliance w/ policy & regulations •  •  • 

  13. FDE Requirements • Protect all data on HDD • Integrate into existing IT environment (e.g., tokens) • Easy roll-out across enterprise • Emergency procedures -- forgotten passwords, lost tokens • Transparent encryption, minimal end-user training • Easy central management • Logging, reporting and audit

  14. Existing and Emerging FDE Solutions • S/W based • Early 1990s • e.g. Utimaco / SafeGuard • O/S based • November 2006 • e.g. Microsoft / BitLocker™ Drive Encryption • Self-encrypting HDDs • 2006 • e.g. Seagate Momentus5400 FDE.2 • PC board Chipset-based • Not yet released

  15. Software-based FDE • Full / partial HDD encryption, independent of file system • Multi-user support • Mature (millions of seats worldwide) • Enterprise class manageability, data/password recovery • Wide platform support (OS, h/w) • Additional s/w solution required on PC •  •  •  • 

  16. OS-based FDE -- BitLocker • Fully encrypts Windows OS volume on HDD • Verifies integrity of early boot components, config. Data • Bundled in Windows Vista™ Enterprise & Ultimate • H/w & S/w upgrade (compatible TPM, BIOS) for wide rollout • Narrow management, password-reset capabilities •  •  • 

  17. Self-Encrypting HDDs – e.g., Seagate, Hitachi • Data encrypted by the HDD • Encryption keys stored in HDD chip • Fast encryption • Secure – h/w based. Key not stored in RAM • On-the-fly drive erasure for fast, thorough erasing • Limited key- and user-management • Requires HDD h/w upgrade for full rollout •  •  •  •  • 

  18. PC-Board Chipset based FDE • Data encrypted by the chipset when written to HDD • Fast encryption • Secure – h/w based. Key not stored in RAM • Limited key- and user-management • Requires major h/w upgrade for full rollout •  •  •  • 

  19. Full Disk EncryptionRequirements v functionality

  20. Sample Enterprise Scenario: 500 PCs Achieving full data encryption in mixed environments • Desktops, laptops with 3 OS versions • Win 2000 (on desktop PCs) • Win Vista Business (for all laptop users) • Win Vista Ultimate (mgmt laptops) • Differing PC h/w configs. • 4 types of HDDs(incl. Seagate, Hitachi, Samsung) • 7 chipset types (incl. Intel, AMD)

  21. Challenges with Emerging Solutions • Emergency procedures – password recovery, lost tokens • Integrate w/existing IT environment: AD, PKI, tokens • Central Administration & key management • Using existing definitions (e.g. users, keys, roles) • Separation of duties • Limited logs and reports for audits • Securing data stored on other media: encryption of • Removable media (incl. USB sticks, CD/DVD) • Files stored on servers, • Emails

  22. Encryption Solutions SurveyEnterprise-class Management is Required Source: PonemonInstitute 2007 Annual Study: U.S. Enterprises Encryption Trends

  23. Data Loss/Theft From a Porous Infrastructure Personal, Medical, Financial, Intellectual Property, Non-public Data File Share Partners, Customers Central Management Server Email Gateway Remote Users Local Users Removable Media Email Encryption Security Admins. Email gateway Internet Data Thieves

  24. Thank you. Q & A Rob MacIntosh robert.macintosh@utimaco.com 480-726-0020

More Related