-
Endpoint & Media Encryption
BillKyrouz,SeniorApplicationsManager
BinghamMcCutchenLLP
ILTABostonCityRep(CR)
#SOSPG4
TimGolden,PrincipalArchitectEnterpriseArchitecture&ITGovernance
McGuireWoodsLLP
-
#SOSPG4
-
201CMR17 (Massachusetts Data Security Regulations)
Personal information, a Massachusetts resident's first name and last name or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a residents financial account; provided, however, that Personal information
shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.
[201 CMR 17.02]
#SOSPG4
-
201CMR17 (Massachusetts Data Security Regulations)
(a)SocialSecuritynumber;(b)driver'slicensenumberorstate
issuedidentificationcardnumber;or(c)financialaccount
number,orcreditordebitcardnumber
These need to be protected while:Stored on laptops or portable mediaTransmitted over public networks such as the InternetTransmitted wirelessly
#SOSPG4
-
Attorney-Client PrivilegeSecuring our clients Intellectual Property & Competitive Intelligence
We have a great deal of data that is treated as sensitive and in need of encryption in a variety of media...
but as a law firm, we answer to higher authorities:
#SOSPG4
-
The only safe assumption that a company can make to avoid the consequences of a data breach and disclosure is to assume that a mobile device contains sensitive data. It is impractical to attempt to classify
either the
devices or the information on them, encrypting some devices but not others.
Gartner,2009
Oops.
OklahomaDepartmentofHumanServices(DHS),2009
#SOSPG4
-
Laptop & Portable Media Help Forming Your Shortlist
General Services Administration Data at Rest
Encryption Awardees (www.gsa.gov)
Office of Management and Budget, US Department of Defense and GSA teamed up to identify products government agencies could use
to protect sensitive, unclassified data residing on government laptops, other mobile computing devices and removable storage media devices
[Warning
this is getting dated!]
SANS What Works program (www.sans.org/whatworks)5.2 Mobile Data Protection and Storage Encryption
#SOSPG4
http://images.google.com/imgres?imgurl=http://sctnowonthecampus.files.wordpress.com/2009/07/uncle-sam.jpg&imgrefurl=http://sctnowonthecampus.wordpress.com/2009/07/&usg=__SM_nV0d6YHH8PX998kbooyOF-YM=&h=473&w=343&sz=48&hl=en&start=2&sig2=t41_shNHUX9fEALjA1sB6A&itbs=1&tbnid=RXtlZ9w4Uz-uGM:&tbnh=129&tbnw=94&prev=/images?q=uncle+sam&gbv=2&hl=en&ei=41MyS66YAYPnlAeMheGsBwhttp://www.sans.org/whatworks
-
Selecting Encryption Solutions
#SOSPG4
Full Disk Encryption
File & Folder EncryptionVS
-
Selecting Encryption Solutions
#SOSPG4
SystemPerformance
End User Experience
-
Selecting Encryption Solutions
Encryption Management Capabilities#SOSPG4
-
Selecting Encryption Solutions
#SOSPG4
Now Patching Now PatchingNow Patching Password:??
Maintenance Windows
-
Checkpoint (PointSec)
Credant
Mobile Guardian
McAfee SafeBoot
Mobile Armor Data Armor
SPYRUS Talisman
Symantec Endpoint Encryption
Utimaco
PGP (now Symantec)
GuardianEdge (now Symantec)
Microsoft Bitlocker
Secure Computing
Fiberlink
Info Security Corp Secret Agent
SafeNet ProtectDrive
WinMagic SecurDoc
SecurStar DriveCrypt
7-zip
FreeOTFE
TrueCrypt
Encryption Solutions SkyLOCK
Dekart Private Disk
Beachhead Solutions
Laptop & Portable Media A sample playing field
BOLD items are in Gartners leaders quadrant for endpoint data protection
#SOSPG4
-
ILTA Survey Results
0% 5% 10% 15% 20% 25%
N/A
Bitlocker
Credant
Other
SymantecPGP
TrueCrypt
#SOSPG4
-
Laptop & Portable Media RFP/Issues to consider
Encrypt all our users data
Robust encryption algorithm(s)
User friendly (read: seamless)
Easy Deployment
Removable drive encryption
Minimal (or no noticeable) performance hit
No interference with shared computers
No conflicts with our existing environment
Ease of management (PW resets, etc.) & integration with Active
Directory
No interference with our desktop deployment or desktop/laptop
maintenance procedures (Dell OMCI, WoL, etc.)#SOSPG4
-
Laptop & Portable Media Bill & Tims Shortlist
Checkpoint PointSec
Credant
Mobile Guardian
Trend Micro Mobile Armor Data Armor
Symantec Endpoint Encryption (formerly Guardian Edge)
Sophos
Utimaco
SafeGuard
TrueCrypt
#SOSPG4
BOLD items are in Gartners leaders quadrant for endpoint data protection
-
Your endpoint encryption charter has made it through the finance committee!
We adjusted your budget to $0.
#SOSPG4
-
Laptop & Portable Media Low or No Budget Options
Inexpensive viable options may include:
But take note:Commercial software is available to access a Bitlocker
encrypted file
Some regulations take the size of the organization into consideration:
[You must maintain physical and technical security safeguards] that are appropriate to (a) the size, scope and type of business of the person obligated to safeguard the personal information under such comprehensive information security program (201 CMR 17.03)
#SOSPG4
MS BitLocker TrueCrypt
-
How to deploy?
Start with IT
Use a Risk Based
ApproachEventually Hit
Everyone#SOSPG4
-
Handheld Devices
Thisisanonnegotiablecostofdoingbusiness.Encryptionmayexempt
youfromsecuritydisclosurelawsintheeventoflossortheftofadevice.
#SOSPG4
-
One Policy to Rule Them All
Binghams requirements:
Email - MessagesPolicy Enforcement - Device EncryptionPolicy Enforcement - LockoutPolicy Enforcement Password ComplexityPolicy Enforcement - Remote PWD ResetPolicy Enforcement - Remote WipePolicy Enforcement - Transport EncryptionPolicy Enforcement - Wipe on Bad PWD [10 strikes and youre out]System - Works with existing Bingham technologies (m)
#SOSPG4
-
Reach Bill at:[email protected]@Kyrouz on Twitter
Reach Tim at:[email protected]@Tim_Golden on Twitter
#SOSPG4
-
#SOSPG4
-
Secure File Transfer
Internal server, appliance or virtual applianceSFTPAccellion
SFTBiscom
BDSAllardSoft Filetransfer
Pros/ConsWindows vs Non-windows.. important features... subscription model versus not... hardware versus software versus virtual appliance...
#SOSPG4
-
Secure File Transfer
Hosted Solutions
www.yousendit.com
(limit 2GB)sendthisfile.com
free for files up to 2GBoptional features include dedicated server, dedicated bandwidthNo anti-virus
What to look for:SSL protected interface (its not a given!)anti-virus
#SOSPG4
http://www.yousendit.com/
-
Is this you?
#SOSPG4
-
Better (and free!) alternatives
KeePasshttp://keepass.info
Password Safe (Demo)http://passwordsafe.sourceforge.net
#SOSPG4
Endpoint & Media Encryption Slide Number 2201CMR17 (Massachusetts Data Security Regulations)201CMR17 (Massachusetts Data Security Regulations)but as a law firm, we answer to higher authorities:Slide Number 6Laptop & Portable MediaHelp Forming Your ShortlistSelecting Encryption SolutionsSelecting Encryption SolutionsSelecting Encryption SolutionsSelecting Encryption SolutionsSlide Number 12ILTA Survey ResultsLaptop & Portable MediaRFP/Issues to considerLaptop & Portable MediaBill & Tims ShortlistSlide Number 16Slide Number 17How to deploy?Handheld DevicesOne Policy to Rule Them AllSlide Number 21Slide Number 22Secure File TransferSecure File TransferIs this you?Better (and free!) alternatives