company confidential - internal use only 1 rob macintosh west coast sales director utimaco safeware,...
DESCRIPTION
Copyright © Utimaco Safeware, Inc 3 Data Security Business Drivers. Securing… Data Security 1. Intellectual Property 2. Compliance3. Brand 4. Critical Infrastructure 5. National SecurityTRANSCRIPT
Company Confidential - Internal Use Only 1
Rob MacIntoshWest Coast Sales DirectorUtimaco Safeware, Inc
Endpoint Encryption: Evolution and Trends in Data Security
Copyright © Utimaco Safeware, Inc 2
Agenda
Data theft and loss
Analysis of Full Disk Encryption solutions Software OS HDD-based Chipset
Q&A
Copyright © Utimaco Safeware, Inc 3
Data Security Business Drivers. Securing…
Data Security
1. Intellectual Property
2. Compliance3. Brand4. Critical Infrastructure
5. National Security
Copyright © Utimaco Safeware, Inc 4
Data Loss Or Theft Is ExpensiveRecent Surveys Say… Data Is The Target
Laptop Theft • Top 3 threats (CSI Survey, 10/08)
$202 • Cost of Lost/Stolen record (Ponemon Institute, 02/09)
$4.6m / Company • Avg. intellectual property loss (CERIAS, Purdue Univ. 01/09)
“All Data Driven!” • Malware, Botnets, Cyber crime / warfare, VoIP/mobile device threats (Georgia Tech InfoSec Center, 10/08)
Copyright © Utimaco Safeware, Inc 5
Compliance Regs. Mandate Data SecurityProtection Of Confidential and/or Private Data
Federal GLBA, HIPAA, PCI
States: 44/50 require “Reasonable measures” CA: Breach notification (personal, medical). Encryption exempt OR: Similar to CA (personal). Fines for delayed disclose WA: Similar to CA
States (“Specific measures”) NV: Encrypt PII data in transit outside the enterprise MA: Encrypt all personal information
Canada PIPEDA: Protect personal info. – collected, used, disclosed.
Technologies: e.g., passwords, encryption
Copyright © Utimaco Safeware, Inc 6
Data Breach Headlines to be Avoided
TJX
- In store communications
intercepted?
- Data for 94 million customers lost
- Reported on October 24, 2007
Source: www.msnbc.com
245 Million Data Records of U.S. Residents
Exposed Since 2005
Source: www.privacyrights.org
Copyright © Utimaco Safeware, Inc 7
Data Security Is Top Issue On The Agenda68% Of Firms Consider It To Be Very Important
Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009
Copyright © Utimaco Safeware, Inc 8
Full Disk Encryption Is A Top InitiativeTop Client Security Tech. For Near-Term Pilot Or Adoption
Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009
Copyright © Utimaco Safeware, Inc 9
Laptop Theft/Fraud No. 3 Concern – 42%CSI Computer Crime & Security Survey (October 2008 )
Copyright © Utimaco Safeware, Inc 10
Loss of Private, Confidential Information2008 Data Breach Investigations Report -- Verizon Business
Copyright © Utimaco Safeware, Inc 11
Data Security Solution RequirementsUtimaco Customer Surveys…Encryption, And More…
1. Define security roles and responsibilities
2. Enforce consistent polices
3. Provide transparent security to end-users
4. Enable secure data sharing and recovery
5. Allow easy deployment and administration
6. Facilitate quick, on-demand audits
Copyright © Utimaco Safeware, Inc 12
Full Disk Encryption (FDE)For Laptops, Desktops and Servers
Encrypts and secures all data on HDD
Enforces pre-boot authentication for users
Secure protection: Power-off, hibernation
Confidentiality of IP Protection of privacy Compliance w/ policy & regulations
Copyright © Utimaco Safeware, Inc 13
FDE Requirements
Protect all data on HDD
Integrate into existing IT environment (e.g., tokens)
Easy roll-out across enterprise
Emergency procedures -- forgotten passwords, lost tokens
Transparent encryption, minimal end-user training
Easy central management
Logging, reporting and audit
Copyright © Utimaco Safeware, Inc 14
Existing and Emerging FDE Solutions S/W based
Early 1990s e.g. Utimaco / SafeGuard
O/S based November 2006 e.g. Microsoft / BitLocker™ Drive Encryption
Self-encrypting HDDs 2006 e.g. Seagate Momentus 5400 FDE.2
PC board Chipset-based Not yet released
Copyright © Utimaco Safeware, Inc 15
Software-based FDE
Full / partial HDD encryption, independent of file system
Multi-user support
Mature (millions of seats worldwide)
Enterprise class manageability, data/password recovery
Wide platform support (OS, h/w)
Additional s/w solution required on PC
Copyright © Utimaco Safeware, Inc 16
OS-based FDE -- BitLocker Fully encrypts Windows OS volume on HDD
Verifies integrity of early boot components, config. Data
Bundled in Windows Vista™ Enterprise & Ultimate
H/w & S/w upgrade (compatible TPM, BIOS) for wide rollout
Narrow management, password-reset capabilities
Copyright © Utimaco Safeware, Inc 17
Self-Encrypting HDDs – e.g., Seagate, Hitachi
Data encrypted by the HDD
Encryption keys stored in HDD chip
Fast encryption
Secure – h/w based. Key not stored in RAM
On-the-fly drive erasure for fast, thorough erasing
Limited key- and user-management
Requires HDD h/w upgrade for full rollout
Copyright © Utimaco Safeware, Inc 18
PC-Board Chipset based FDE
Data encrypted by the chipset when written to HDD
Fast encryption
Secure – h/w based. Key not stored in RAM
Limited key- and user-management
Requires major h/w upgrade for full rollout
Copyright © Utimaco Safeware, Inc 19
Full Disk EncryptionRequirements v functionality
S/W OS Chipset HDDSecure all data on HDD Integrate into existing IT environment -- e.g. tokens Easy roll-out across network Emergency procedures -- recover passwords, lost tokens Transparent encryption – minimal end-user training Secure & easy central management Logging, reporting and audit Secure data on other media No major h/w upgrade
Copyright © Utimaco Safeware, Inc 20
Sample Enterprise Scenario: 500 PCs Achieving full data encryption in mixed environments
Desktops, laptops with 3 OS versions Win 2000 (on desktop PCs) Win Vista Business (for all laptop users) Win Vista Ultimate (mgmt laptops)
Differing PC h/w configs. 4 types of HDDs
(incl. Seagate, Hitachi, Samsung) 7 chipset types (incl. Intel, AMD)
Copyright © Utimaco Safeware, Inc 21
Challenges with Emerging Solutions
1. Emergency procedures – password recovery, lost tokens
2. Integrate w/ existing IT environment: AD, PKI, tokens
3. Central Administration & key management Using existing definitions (e.g. users, keys, roles) Separation of duties
4. Limited logs and reports for audits
5. Securing data stored on other media: encryption of Removable media (incl. USB sticks, CD/DVD) Files stored on servers, Emails
Copyright © Utimaco Safeware, Inc 22
Encryption Solutions SurveyEnterprise-class Management is Required
Source: Ponemon Institute 2007 Annual Study: U.S. Enterprises Encryption Trends
Copyright © Utimaco Safeware, Inc 23
File Share
Security Admins.
Internet
Local Users
Removable Media
Central Management Server
Partners, Customers
Remote UsersEmail Encryption
Core LAN DMZ Internet Edge & Beyond
Data Loss/Theft From a Porous InfrastructurePersonal, Medical, Financial, Intellectual Property, Non-public Data
Email gateway
Email Gateway
Data Thieves
Copyright © Utimaco Safeware, Inc 24
Thank you. Q & A
Rob MacIntosh
480-726-0020