Whole Disk Encryption Policy Creation Jonathan Brain Cardinal

Whole Disk Encryption Policy Creation Jonathan Brain Cardinal Health 1 © 2008 Cardinal Health, Inc. or one of its subsidiaries. All rights reserved.

Reasons for WDE Health Insurance Portability and Accountability Act (HIPAA) State regulations Massachusetts’ - 201 CMR 17. 00 Nevada – NRS 603 a Thou shalt not “Move any data storage device containing personal information beyond the logical or physical controls of the data collector or its data storage contractor unless the data collector uses encryption to ensure the security of the information. ” Brand Image and shareholder value 2 © 2008 Cardinal Health, Inc. or one of its subsidiaries. All rights reserved.

Policy setup Determine where your data is Determine the scope • File level • Email • WDE • USB Storage Determine how users will interact • Authentication • System tray options Build policies with broad strokes GET MANAGEMENT BACKING 3 © 2008 Cardinal Health, Inc. or one of its subsidiaries. All rights reserved.

Build out / Roll out Initial deployment and testing to key support teams Begin preparing users for imminent encryption Advanced notification User education materials Insert into imaging processes Enterprise roll out by department 4 © 2008 Cardinal Health, Inc. or one of its subsidiaries. All rights reserved.

Hurdles New processes for users – learning curve Support challenges Chances for data loss 5 © 2008 Cardinal Health, Inc. or one of its subsidiaries. All rights reserved.