Endpoint Encryption Evolution and Trends in Data Security
- Slides: 24
Endpoint Encryption: Evolution and Trends in Data Security Rob Mac. Intosh West Coast Sales Director Utimaco Safeware, Inc Company Confidential - Internal Use Only
Agenda u Data theft and loss u Analysis of Full Disk Encryption solutions w w Software OS HDD-based Chipset u Q&A Copyright © Utimaco Safeware, Inc 2
Data Security Business Drivers. Securing… 3. Brand 4. Critical Infrastructure 2. Compliance 1. Intellectual Property Copyright © Utimaco Safeware, Inc Data Security 5. National Security 3
Data Loss Or Theft Is Expensive Recent Surveys Say… Data Is The Target Laptop Theft • Top 3 threats (CSI Survey, 10/08) • Cost of Lost/Stolen record (Ponemon $4. 6 m / Company • Avg. intellectual property loss (CERIAS, “All Data Driven!” • Malware, Botnets, Cyber crime / warfare, Vo. IP/mobile device threats $202 Institute, 02/09) Purdue Univ. 01/09) (Georgia Tech Info. Sec Center, 10/08) Copyright © Utimaco Safeware, Inc 4
Compliance Regs. Mandate Data Security Protection Of Confidential and/or Private Data u Federal w GLBA, HIPAA, PCI u States: 44/50 require “Reasonable measures” w CA: Breach notification (personal, medical). Encryption exempt w OR: Similar to CA (personal). Fines for delayed disclose w WA: Similar to CA u States (“Specific measures”) w NV: Encrypt PII data in transit outside the enterprise w MA: Encrypt all personal information u Canada w PIPEDA: Protect personal info. – collected, used, disclosed. Technologies: e. g. , passwords, encryption 5 Copyright © Utimaco Safeware, Inc
Data Breach Headlines to be Avoided d? e t ep st c r te rs lo n i s me 007 X n J T tio usto 4, 2 a c ni on c er 2 om u m illi tob bc. c m o 4 m Oc msn c e r 9 on ww. r o t fo ted ce: w s a -In -Dat por Sour e -R Copyright © Utimaco Safeware, Inc n ide 5 24 M s Re. U. S 5 f o 00. org s d r ce 2 ghts o ec Sin cyri R a ata osed. priv D n xp ww li lio E e: w urc So 6 ts
Data Security Is Top Issue On The Agenda 68% Of Firms Consider It To Be Very Important Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009 Copyright © Utimaco Safeware, Inc 7
Full Disk Encryption Is A Top Initiative Top Client Security Tech. For Near-Term Pilot Or Adoption Source: Forrester Research - The State Of Enterprise IT Security: 2008 To 2009 Copyright © Utimaco Safeware, Inc 8
Laptop Theft/Fraud No. 3 Concern – 42% CSI Computer Crime & Security Survey (October 2008 ) Copyright © Utimaco Safeware, Inc 9
Loss of Private, Confidential Information 2008 Data Breach Investigations Report Copyright © Utimaco Safeware, Inc -- Verizon Business 10
Data Security Solution Requirements Utimaco Customer Surveys…Encryption, And More… 1. Define security roles and responsibilities 2. Enforce consistent polices 3. Provide transparent security to end-users 4. Enable secure data sharing and recovery 5. Allow easy deployment and administration 6. Facilitate quick, on-demand audits Copyright © Utimaco Safeware, Inc 11
Full Disk Encryption (FDE) For Laptops, Desktops and Servers u Encrypts and secures all data on HDD u Enforces pre-boot authentication for users u Secure protection: Power-off, hibernation w Confidentiality of IP w Protection of privacy w Compliance w/ policy & regulations Copyright © Utimaco Safeware, Inc 12
FDE Requirements Protect all data on HDD Integrate into existing IT environment (e. g. , tokens) Easy roll-out across enterprise Emergency procedures -- forgotten passwords, lost tokens Transparent encryption, minimal end-user training Easy central management Logging, reporting and audit Copyright © Utimaco Safeware, Inc 13
Existing and Emerging FDE Solutions u S/W based w Early 1990 s w e. g. Utimaco / Safe. Guard u O/S based w November 2006 w e. g. Microsoft / Bit. Locker™ Drive Encryption u Self-encrypting HDDs w 2006 w e. g. Seagate Momentus 5400 FDE. 2 u PC board Chipset-based w Not yet released Copyright © Utimaco Safeware, Inc 14
Software-based FDE u Full / partial HDD encryption, independent of file system u Multi-user support w Mature (millions of seats worldwide) w Enterprise class manageability, data/password recovery w Wide platform support (OS, h/w) w Additional s/w solution required on PC Copyright © Utimaco Safeware, Inc 15
OS-based FDE -- Bit. Locker u Fully encrypts Windows OS volume on HDD u Verifies integrity of early boot components, config. Data w Bundled in Windows Vista™ Enterprise & Ultimate w H/w & S/w upgrade (compatible TPM, BIOS) for wide rollout w Narrow management, password-reset capabilities Copyright © Utimaco Safeware, Inc 16
Self-Encrypting HDDs – e. g. , Seagate, Hitachi u Data encrypted by the HDD u Encryption keys stored in HDD chip w Fast encryption w Secure – h/w based. Key not stored in RAM w On-the-fly drive erasure for fast, thorough erasing w Limited key- and user-management w Requires HDD h/w upgrade for full rollout Copyright © Utimaco Safeware, Inc 17
PC-Board Chipset based FDE u Data encrypted by the chipset when written to HDD w Fast encryption w Secure – h/w based. Key not stored in RAM w Limited key- and user-management w Requires major h/w upgrade for full rollout Copyright © Utimaco Safeware, Inc 18
Full Disk Encryption Requirements v functionality S/W OS Chipset HDD Secure all data on HDD Integrate into existing IT environment -- e. g. tokens Easy roll-out across network Emergency procedures -- recover passwords, lost tokens Transparent encryption – minimal end-user training Secure & easy central management Logging, reporting and audit Secure data on other media No major h/w upgrade Copyright © Utimaco Safeware, Inc 19
Sample Enterprise Scenario: 500 PCs Achieving full data encryption in mixed environments u Desktops, laptops with 3 OS versions w Win 2000 (on desktop PCs) w Win Vista Business (for all laptop users) w Win Vista Ultimate (mgmt laptops) u Differing PC h/w configs. w 4 types of HDDs (incl. Seagate, Hitachi, Samsung) w 7 chipset types (incl. Intel, AMD) Copyright © Utimaco Safeware, Inc 20
Challenges with Emerging Solutions 1. Emergency procedures – password recovery, lost tokens 2. Integrate w/ existing IT environment: AD, PKI, tokens 3. Central Administration & key management w w Using existing definitions (e. g. users, keys, roles) Separation of duties 4. Limited logs and reports for audits 5. Securing data stored on other media: encryption of w w w Removable media (incl. USB sticks, CD/DVD) Files stored on servers, Emails Copyright © Utimaco Safeware, Inc 21
Encryption Solutions Survey Enterprise-class Management is Required Source: Ponemon Institute 2007 Annual Study: U. S. Enterprises Encryption Trends Copyright © Utimaco Safeware, Inc 22
Data Loss/Theft From a Porous Infrastructure Personal, Medical, Financial, Intellectual Property, Non-public Data Core LAN DMZ Edge & Beyond Internet Removable Media Central Management Server File Share Email gateway Local Users Gateway Remote Users Internet Security Admins. Copyright © Utimaco Safeware, Inc Email Encryption Email Partners, Customers Data Thieves 23
Thank you. Q & A Rob Mac. Intosh robert. macintosh@utimaco. com 480 -726 -0020 Copyright © Utimaco Safeware, Inc 24
- Find endpoint from midpoint and endpoint
- Hard endpoint vs soft endpoint
- Functional encryption
- Private securit
- Google mapia
- Avira endpoint
- Quick heal endpoint security
- 819 mod 26
- Modern block cipher in cryptography
- International data encryption algorithm
- Data encryption standard exercice corrigé
- Data encryption standard
- Des in information security
- Csrc nist
- Data encryption standard history
- Authenticated encryption with associated data (aead)
- Trendlines and regression analysis
- Wireless security in cryptography and network security
- Electronic commerce security
- Difference between endpoint and kinetic method
- Difference between end point and kinetic reaction
- End point and equivalence point
- Difference between endpoint and equivalence point
- Placement of encryption function
- El gamal algorithm