Embed Size (px)
Citation preview
Dell Security Webinar Featuring Seagate FDE Drives
The WORLD’S MOST SECURE NOTEBOOKPerfect Solution for lost and stolen PC
Dell offers exceptional encryption solutions to protect against internal and external threats with an industry-first combination of:
Dell Latitude and Precision Seagate Hardware Encryption HDD Wave Systems Management Solution
Information SecurityBroad set of information security challenges
• Safekeeping of customer data Loss of data could expose personal information of thousands, or even
millions, of customers, placing them at risk for identity theft
• Protecting corporate intellectual property Fundamental requirement of management’s job
• Maintaining regulatory compliance Compliance is a mandate, whether you want to do it or not
• Ensuring internal security policies Organizational check and balance against maintaining compliance
There is no such thing as bad publicity ! “British retailers ordered to encrypt all laptop hard drives”
“Doctors to face steep fines £5,000+ if they compromise patients personal information”
“Directive issued to encrypt laptops leaving Whitehall containing personal data”
“Leading building society find almost £1M by FSA over lost laptop”
Why Don’t Organizations Encrypt today? The primary reasons cited for not encrypting sensitive or confidential
information according to the survey:
*Ponemon Institute’s 2005 National Encryption Survey
SystemPerformance
Complexity
Cost
69%
44%
25%
Wave Embassy Remote Administration Server
Dell Data Security SolutionFor Mobile Users Dell Latitude D531, D630, D631, D830, E4300, E5400, E5500, E6400, E6400 ATG and E6500Dell Precision M2300, M2400, M4300, M4400,
M6300 and M6400
Seagate Momentus 5400 FDE.2 HDDWave Client Trusted Drive Manager
Seagate Momentus 5400 FDE.2Solution for lost and stolen notebooks
Industry Leading Storage 80, 120 or 160 GB 5400 & 7200 RPM 2.5-inch form factor SATA
DriveTrust™ Technology Hardware encryption – AES 128 bit Integrated access control Protected storage partitions
Momentus 5400 FDE.2 Drive “Always-On” encryption High performance encryption Strong hardware security Instant Cryptographic Erase
+
=
Trusted Drive operating in ATA Mode Default mode when embedded Security is Un-initialized
8
Drive Controller
Encryption
DataEncrypted
In ATA mode the encryption key has no access control
Boot Block
ATA Mode Operation
When drive security is not enabled the drive functions as a normal ATA drive. At power-up the drive executes the code in the boot block and then execute normal windows boot-up from the drive.
Wave Software: Initialization of Trusted Drive embedded security
All these steps can be remotely managed from a Domain console with the Embassy Remote Administration Server. 9
Drive Controller
Authentication
Encryption
DataEncrypted
Provision pre-boot
Enroll Users / Admin
TDM: Pre-boot authentication process
© 2007 Wave Systems Corp. Confidential. All Rights Reserved. UNDER CONSTRUCTION 10
Drive Controller
Authentication
Boot
Clr TXT
Crdtl
Crdtl
Encrptd
Wave Systems Corporationwww.wave.com
Trusted Drive #3PL0RYRH, the system primary HDD, is protected by a password authentication system. You cannot access data on this hard drive without a correct password.
Please use <TAB> to select a user, type in the hard drive password and press <Enter>
mydomain\joes
Enter Password:
Encryption
DataEncrypted
DELL CONFIDENTIAL INTERNAL ONLY
Hardware vs. Software Encryption Dell Hard Drive
Encryption Software
Encryption
Computer Memory Resources Consumption No Yes
CPU Cycles Consumption No Yes
Encryption Key Access No Yes
Encryption Key Generation Risk No Yes
Turn Off Possibility No Yes
Decryption need for OS Maintenance No Sometimes
IT Deployement and Management Easy Moderate to Difficult
Secure and instant Erase Yes No
Recovery password Yes Sometimes
Windows Password Synchronization Yes Sometimes
Compliance Certification NSA approved FIPS 140-2
Remote Management Yes Yes
Specific Drive need Yes No
Non-Microsoft OS support No Sometimes
The Trusted Drive Solution
Seagate®
DriveTrust™
Technology
Strong pre-boot access control
Simple user interface
Advanced administrative controls
Centralizedremote management
Activity logs for auditing and compliance validation
FDE recovery password system
Embassy®
Trusted DriveManager
Embassy®
RemoteAdministrationServer
EMBASSY Trusted Drive Manager• Initialize DriveTrust functions
Add user Delete user Unlock drive
• Security Policy Management Lock enable/disable Instant cryptographic erase Backup/recovery passwords Reset drive Windows Password Synchro Single Sign-On Remember Last User
• Pre-boot authentication
• Compatible with Embassy Remote Administration Server
14
Dell FDE Remote Management ServerWave Embassy Remote Administration Server (ERAS)
FDE remote management FDE Drive Initialization
Add/delete user credentials Lock enable/disable Instant cryptographic erase Recovery Password Windows Password Synchronization Single Sign-On Remember Last User Conformance checking / logging
TPM remote management
Needs Windows Server 2003 with Active Directory and MSQL 2005
© 2007 Wave Systems Corp. Confidential. All Rights Reserved. 15
Are you interested in the Dell FDE Solution?Do you need to protect data on laptop computers?Do you need to encrypt your laptops HD to be compatible with your
enterprise security policies?Are you running Microsoft® Windows XP or Vista?Do you plan to purchase new laptops in the near term?Are you concerned about system performance impact and
installation overhead (time & resources)?Did you already have problems using SW encryption solutions?Would you be interested to be able to certify* that all hard drive data
is encrypted either for compliance or corporate policy reasons?
*Note: requires Wave Embassy Remote Administration Server software
How do you get it?Use your Dell contactDell notebooks, with Seagate FDE drives and Wave’s EMBASSY
Trusted Drive Manager, are currently available on Dell Latitude and Mobile Precision
The ERAS Server is available today from your Dell account team
Call your Dell sales representative to express your interest in having FDE drives and Wave management software
Ask for the Dell FDE evaluation
Adaptasoft (Payroll software solutions)– “As providers of software and services for payroll providers, we
understand the importance of keeping client and employee information secure. We evaluated data protection solutions from other vendors, but early on we were sold on the inherent advantages of hardware based encryption for our mobile data. That’s why the clear choice was Wave—their product was in a class above all others,” noted David Virkler, Chief Information Officer at AdaptaSoft Inc. “All of our future laptops will include Wave’s software, FDE hard drives from Seagate. With Wave’s EMBASSY Remote Administration Server, we’ve been able to manage Seagate’s drives. We chose Wave because they had the enterprise infrastructure in mind when they designed their solution, thus enabling a low-touch, fully functional, data protection solution.”
© 2008 Wave Systems Corp. Confidential. All Rights Reserved. 17
Customer References
Customer References CBI (Canadian Back Institute)
– “As one of the largest healthcare services and management providers in all of Canada, with more than 2,300 clinical and support providers on staff, it’s our obligation to safeguard our patients’ information and take proactive measures to mitigate the risk of data breach. Wave offers a technically progressive solution that was compelling when compared to the other market offerings.” said Ken Waring, Director of IT at CBI Health. “We chose Wave because of its ease of use, low total cost of ownership and their strategic relationship with Dell.”
CBI was an acquisition account and selected Dell primarily due to the Wave solution being shipped as standard. This solution is now part of the standards within CBI for all future buys.
© 2008 Wave Systems Corp. Confidential. All Rights Reserved. 18
Wave Enterprise Customers
Information Resources Data Protection white paper TDM and ERAS walkthrough guide
Visit us online: – www.dell.com/security – www.wave.com/products – www.seagate.com
