Company Confidential - Internal Use Only 1 Rob MacIntosh West Coast Sales Director Utimaco Safeware,...

Company Confidential - Internal Use Only 1

Rob MacIntoshWest Coast Sales DirectorUtimaco Safeware, Inc

Endpoint Encryption: Evolution and Trends in Data Security

Copyright © Utimaco Safeware, Inc 2

Agenda

Data theft and loss

Analysis of Full Disk Encryption solutions Software OS HDD-based Chipset

Q&A


Data Security Business Drivers. Securing…

Data Security

1. Intellectual Property

2. Compliance3. Brand4. Critical Infrastructure

5. National Security


Data Loss Or Theft Is ExpensiveRecent Surveys Say… Data Is The Target

Laptop Theft • Top 3 threats (CSI Survey, 10/08)

$202 • Cost of Lost/Stolen record (Ponemon Institute, 02/09)

$4.6m / Company • Avg. intellectual property loss (CERIAS, Purdue Univ. 01/09)

“All Data Driven!” • Malware, Botnets, Cyber crime / warfare, VoIP/mobile device threats (Georgia Tech InfoSec Center, 10/08)


Compliance Regs. Mandate Data SecurityProtection Of Confidential and/or Private Data

Federal GLBA, HIPAA, PCI

States: 44/50 require “Reasonable measures” CA: Breach notification (personal, medical). Encryption exempt OR: Similar to CA (personal). Fines for delayed disclose WA: Similar to CA

States (“Specific measures”) NV: Encrypt PII data in transit outside the enterprise MA: Encrypt all personal information

Canada PIPEDA: Protect personal info. – collected, used, disclosed.

Technologies: e.g., passwords, encryption


Data Breach Headlines to be Avoided

TJX

- In store communications

intercepted?

- Data for 94 million customers lost

- Reported on October 24, 2007

Source: www.msnbc.com

245 Million Data Records of U.S. Residents

Exposed Since 2005

Source: www.privacyrights.org


Data Security Is Top Issue On The Agenda68% Of Firms Consider It To Be Very Important

Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009


Full Disk Encryption Is A Top InitiativeTop Client Security Tech. For Near-Term Pilot Or Adoption

Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009


Laptop Theft/Fraud No. 3 Concern – 42%CSI Computer Crime & Security Survey (October 2008 )


Loss of Private, Confidential Information2008 Data Breach Investigations Report -- Verizon Business


Data Security Solution RequirementsUtimaco Customer Surveys…Encryption, And More…

1. Define security roles and responsibilities

2. Enforce consistent polices

3. Provide transparent security to end-users

4. Enable secure data sharing and recovery

5. Allow easy deployment and administration

6. Facilitate quick, on-demand audits


Full Disk Encryption (FDE)For Laptops, Desktops and Servers

Encrypts and secures all data on HDD

Enforces pre-boot authentication for users

Secure protection: Power-off, hibernation

Confidentiality of IP Protection of privacy Compliance w/ policy & regulations


FDE Requirements

Protect all data on HDD

Integrate into existing IT environment (e.g., tokens)

Easy roll-out across enterprise

Emergency procedures -- forgotten passwords, lost tokens

Transparent encryption, minimal end-user training

Easy central management

Logging, reporting and audit


Existing and Emerging FDE Solutions S/W based

Early 1990s e.g. Utimaco / SafeGuard

O/S based November 2006 e.g. Microsoft / BitLocker™ Drive Encryption

Self-encrypting HDDs 2006 e.g. Seagate Momentus 5400 FDE.2

PC board Chipset-based Not yet released


Software-based FDE

Full / partial HDD encryption, independent of file system

Multi-user support

Mature (millions of seats worldwide)

Enterprise class manageability, data/password recovery

Wide platform support (OS, h/w)

Additional s/w solution required on PC


OS-based FDE -- BitLocker Fully encrypts Windows OS volume on HDD

Verifies integrity of early boot components, config. Data

Bundled in Windows Vista™ Enterprise & Ultimate

H/w & S/w upgrade (compatible TPM, BIOS) for wide rollout

Narrow management, password-reset capabilities


Self-Encrypting HDDs – e.g., Seagate, Hitachi

Data encrypted by the HDD

Encryption keys stored in HDD chip

Fast encryption

Secure – h/w based. Key not stored in RAM

On-the-fly drive erasure for fast, thorough erasing

Limited key- and user-management

Requires HDD h/w upgrade for full rollout


PC-Board Chipset based FDE

Data encrypted by the chipset when written to HDD

Fast encryption

Secure – h/w based. Key not stored in RAM

Limited key- and user-management

Requires major h/w upgrade for full rollout


Full Disk EncryptionRequirements v functionality

S/W OS Chipset HDDSecure all data on HDD Integrate into existing IT environment -- e.g. tokens Easy roll-out across network Emergency procedures -- recover passwords, lost tokens Transparent encryption – minimal end-user training Secure & easy central management Logging, reporting and audit Secure data on other media No major h/w upgrade


Sample Enterprise Scenario: 500 PCs Achieving full data encryption in mixed environments

Desktops, laptops with 3 OS versions Win 2000 (on desktop PCs) Win Vista Business (for all laptop users) Win Vista Ultimate (mgmt laptops)

Differing PC h/w configs. 4 types of HDDs

(incl. Seagate, Hitachi, Samsung) 7 chipset types (incl. Intel, AMD)


Challenges with Emerging Solutions

1. Emergency procedures – password recovery, lost tokens

2. Integrate w/ existing IT environment: AD, PKI, tokens

3. Central Administration & key management Using existing definitions (e.g. users, keys, roles) Separation of duties

4. Limited logs and reports for audits

5. Securing data stored on other media: encryption of Removable media (incl. USB sticks, CD/DVD) Files stored on servers, Emails


Encryption Solutions SurveyEnterprise-class Management is Required

Source: Ponemon Institute 2007 Annual Study: U.S. Enterprises Encryption Trends


File Share

Security Admins.

Internet

Local Users

Removable Media

Central Management Server

Partners, Customers

Remote UsersEmail Encryption

Core LAN DMZ Internet Edge & Beyond

Data Loss/Theft From a Porous InfrastructurePersonal, Medical, Financial, Intellectual Property, Non-public Data

Email gateway

Email Gateway

Data Thieves


Thank you. Q & A

Rob MacIntosh

[email protected]

480-726-0020

mailto:[email protected]

Company Confidential - Internal Use Only 1 Rob MacIntosh West Coast Sales Director Utimaco Safeware,...

Documents

Transcript of Company Confidential - Internal Use Only 1 Rob MacIntosh West Coast Sales Director Utimaco Safeware,...