Implementation of Device encryption for the enterprise
description
Transcript of Implementation of Device encryption for the enterprise
![Page 1: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/1.jpg)
IMPLEMENTING DEVICE
ENCRYPTION IN THE ENTERPRISE
George Mason’s role out of Utimaco’s SafeGuard Easy
Enterprise
![Page 2: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/2.jpg)
Some History
Whole disk encryption seen as the only solution
Product evaluation in 2005 led to the selection of Utimaco Safeguard Easy
Safeguard Easy stand alone solution was deployed in 2006 to a limited number of laptops
![Page 3: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/3.jpg)
The Environment
MESA – Mason Enterprise Services Architecture The newly deploy Active Directory - Open
Source SMS for deployment and support
Only XP or Vista Clients - At risk systems are exclusively Windows XP or Vista with bitlocker
![Page 4: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/4.jpg)
Project Goals
Leverage existing deployment and management systems
Allow for some delegated control
Provide audit trail
Minimize impact on end clients
Ensure a simple, robust & redundant support structure
![Page 5: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/5.jpg)
Project Scope
At first, it was the laptops….
Policies changed requiring encryption at rest for all sensitive workstation with data stores.
The targets for encryption changed to workstations in all business units that routinely work with sensitive data.
![Page 6: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/6.jpg)
The Technology
SafeGuard Easy Enterprise (SGN) v5.2 The Management Server
VMWare ESX hosted Windows 2003 server MS SQL 2005 IIS for client server communication
The Deployment Vehicle A Scripted install for unmanaged XP clients MSI install packages for managed clients
Administrative Interface- Heavy client connects over MS SQL ports to
server
![Page 7: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/7.jpg)
The Support Roles
Roles Master Security Officer
Manage Roles, Create Security Officer
Security Officer Everything but MSO function
Help Desk Officer Challenge/ Response Process View policies , directories and event logs
![Page 8: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/8.jpg)
Client Recovery Methods
Challenge Response
PE or Bart PE Recovery boot media For in the field recovery
Slaving the Hard drive for OS Recovery Security office supported
![Page 9: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/9.jpg)
Configuration Choices
Policies driven configuration Encryption Protocol AES256 What Key to use for system encryption
The default computer To synchronize pre-boot authentication
with OS authentication or not To allow for additional device encryption To allow for external boot media
for recovery
![Page 10: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/10.jpg)
Communication
Communication pieces for Departmental business and technical leads End Clients Support Center Recovery technicians
Training for Support Staff Technical overview Challenge Response process Device recovery process
![Page 11: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/11.jpg)
Deployment Process
Ringed Deployment
Security Office Debug and verify install
ITU internal group Support testing and client feedback
Pilot external group Easy sell to groups who had experienced
exposure All identified external group
![Page 12: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/12.jpg)
Lessons Learned
Password resets can be confusing Watch Utimaco knowledge base for
known issues. SafeGuard Easy client lags major patch
releases Creates complexity that needs to be
managed and communicated clearly. Clearly written support documentation is
critical
![Page 13: Implementation of Device encryption for the enterprise](https://reader033.fdocuments.in/reader033/viewer/2022061210/548daf10b4795956138b47f2/html5/thumbnails/13.jpg)
System Overview