-
Endpoint & Media Encryption
BillKyrouz,SeniorApplicationsManager
BinghamMcCutchenLLP
ILTABostonCityRep(CR)
#SOSPG4
TimGolden,PrincipalArchitectEnterpriseArchitecture&ITGovernance
McGuireWoodsLLP
-
#SOSPG4
-
201CMR17 (Massachusetts Data Security Regulations)
Personal information, a Massachusetts resident's first name and
last name or first initial and last name in combination with any
one or more of the following data elements that relate to such
resident: (a) Social Security number; (b) driver's license number
or state-issued identification card number; or (c) financial
account number, or credit or debit card number, with or without any
required security code, access code, personal identification number
or password, that would permit access to a residents financial
account; provided, however, that Personal information
shall not include information that is lawfully obtained from
publicly available information, or from federal, state or local
government records lawfully made available to the general
public.
[201 CMR 17.02]
#SOSPG4
-
201CMR17 (Massachusetts Data Security Regulations)
(a)SocialSecuritynumber;(b)driver'slicensenumberorstate
issuedidentificationcardnumber;or(c)financialaccount
number,orcreditordebitcardnumber
These need to be protected while:Stored on laptops or portable
mediaTransmitted over public networks such as the
InternetTransmitted wirelessly
#SOSPG4
-
Attorney-Client PrivilegeSecuring our clients Intellectual
Property & Competitive Intelligence
We have a great deal of data that is treated as sensitive and in
need of encryption in a variety of media...
but as a law firm, we answer to higher authorities:
#SOSPG4
-
The only safe assumption that a company can make to avoid the
consequences of a data breach and disclosure is to assume that a
mobile device contains sensitive data. It is impractical to attempt
to classify
either the
devices or the information on them, encrypting some devices but
not others.
Gartner,2009
Oops.
OklahomaDepartmentofHumanServices(DHS),2009
#SOSPG4
-
Laptop & Portable Media Help Forming Your Shortlist
General Services Administration Data at Rest
Encryption Awardees (www.gsa.gov)
Office of Management and Budget, US Department of Defense and
GSA teamed up to identify products government agencies could
use
to protect sensitive, unclassified data residing on government
laptops, other mobile computing devices and removable storage media
devices
[Warning
this is getting dated!]
SANS What Works program (www.sans.org/whatworks)5.2 Mobile Data
Protection and Storage Encryption
#SOSPG4
http://images.google.com/imgres?imgurl=http://sctnowonthecampus.files.wordpress.com/2009/07/uncle-sam.jpg&imgrefurl=http://sctnowonthecampus.wordpress.com/2009/07/&usg=__SM_nV0d6YHH8PX998kbooyOF-YM=&h=473&w=343&sz=48&hl=en&start=2&sig2=t41_shNHUX9fEALjA1sB6A&itbs=1&tbnid=RXtlZ9w4Uz-uGM:&tbnh=129&tbnw=94&prev=/images?q=uncle+sam&gbv=2&hl=en&ei=41MyS66YAYPnlAeMheGsBwhttp://www.sans.org/whatworks
-
Selecting Encryption Solutions
#SOSPG4
Full Disk Encryption
File & Folder EncryptionVS
-
Selecting Encryption Solutions
#SOSPG4
SystemPerformance
End User Experience
-
Selecting Encryption Solutions
Encryption Management Capabilities#SOSPG4
-
Selecting Encryption Solutions
#SOSPG4
Now Patching Now PatchingNow Patching Password:??
Maintenance Windows
-
Checkpoint (PointSec)
Credant
Mobile Guardian
McAfee SafeBoot
Mobile Armor Data Armor
SPYRUS Talisman
Symantec Endpoint Encryption
Utimaco
PGP (now Symantec)
GuardianEdge (now Symantec)
Microsoft Bitlocker
Secure Computing
Fiberlink
Info Security Corp Secret Agent
SafeNet ProtectDrive
WinMagic SecurDoc
SecurStar DriveCrypt
7-zip
FreeOTFE
TrueCrypt
Encryption Solutions SkyLOCK
Dekart Private Disk
Beachhead Solutions
Laptop & Portable Media A sample playing field
BOLD items are in Gartners leaders quadrant for endpoint data
protection
#SOSPG4
-
ILTA Survey Results
0% 5% 10% 15% 20% 25%
N/A
Bitlocker
Credant
Other
SymantecPGP
TrueCrypt
#SOSPG4
-
Laptop & Portable Media RFP/Issues to consider
Encrypt all our users data
Robust encryption algorithm(s)
User friendly (read: seamless)
Easy Deployment
Removable drive encryption
Minimal (or no noticeable) performance hit
No interference with shared computers
No conflicts with our existing environment
Ease of management (PW resets, etc.) & integration with
Active
Directory
No interference with our desktop deployment or
desktop/laptop
maintenance procedures (Dell OMCI, WoL, etc.)#SOSPG4
-
Laptop & Portable Media Bill & Tims Shortlist
Checkpoint PointSec
Credant
Mobile Guardian
Trend Micro Mobile Armor Data Armor
Symantec Endpoint Encryption (formerly Guardian Edge)
Sophos
Utimaco
SafeGuard
TrueCrypt
#SOSPG4
BOLD items are in Gartners leaders quadrant for endpoint data
protection
-
Your endpoint encryption charter has made it through the finance
committee!
We adjusted your budget to $0.
#SOSPG4
-
Laptop & Portable Media Low or No Budget Options
Inexpensive viable options may include:
But take note:Commercial software is available to access a
Bitlocker
encrypted file
Some regulations take the size of the organization into
consideration:
[You must maintain physical and technical security safeguards]
that are appropriate to (a) the size, scope and type of business of
the person obligated to safeguard the personal information under
such comprehensive information security program (201 CMR 17.03)
#SOSPG4
MS BitLocker TrueCrypt
-
How to deploy?
Start with IT
Use a Risk Based
ApproachEventually Hit
Everyone#SOSPG4
-
Handheld Devices
Thisisanonnegotiablecostofdoingbusiness.Encryptionmayexempt
youfromsecuritydisclosurelawsintheeventoflossortheftofadevice.
#SOSPG4
-
One Policy to Rule Them All
Binghams requirements:
Email - MessagesPolicy Enforcement - Device EncryptionPolicy
Enforcement - LockoutPolicy Enforcement Password ComplexityPolicy
Enforcement - Remote PWD ResetPolicy Enforcement - Remote
WipePolicy Enforcement - Transport EncryptionPolicy Enforcement -
Wipe on Bad PWD [10 strikes and youre out]System - Works with
existing Bingham technologies (m)
#SOSPG4
-
Reach Bill at:[email protected]@Kyrouz on Twitter
Reach Tim at:[email protected]@Tim_Golden on Twitter
#SOSPG4
mailto:[email protected]:[email protected]
-
#SOSPG4
-
Secure File Transfer
Internal server, appliance or virtual applianceSFTPAccellion
SFTBiscom
BDSAllardSoft Filetransfer
Pros/ConsWindows vs Non-windows.. important features...
subscription model versus not... hardware versus software versus
virtual appliance...
#SOSPG4
-
Secure File Transfer
Hosted Solutions
www.yousendit.com
(limit 2GB)sendthisfile.com
free for files up to 2GBoptional features include dedicated
server, dedicated bandwidthNo anti-virus
What to look for:SSL protected interface (its not a
given!)anti-virus
#SOSPG4
http://www.yousendit.com/
-
Is this you?
#SOSPG4
-
Better (and free!) alternatives
KeePasshttp://keepass.info
Password Safe (Demo)http://passwordsafe.sourceforge.net
#SOSPG4
Endpoint & Media Encryption Slide Number 2201CMR17
(Massachusetts Data Security Regulations)201CMR17 (Massachusetts
Data Security Regulations)but as a law firm, we answer to higher
authorities:Slide Number 6Laptop & Portable MediaHelp Forming
Your ShortlistSelecting Encryption SolutionsSelecting Encryption
SolutionsSelecting Encryption SolutionsSelecting Encryption
SolutionsSlide Number 12ILTA Survey ResultsLaptop & Portable
MediaRFP/Issues to considerLaptop & Portable MediaBill &
Tims ShortlistSlide Number 16Slide Number 17How to deploy?Handheld
DevicesOne Policy to Rule Them AllSlide Number 21Slide Number
22Secure File TransferSecure File TransferIs this you?Better (and
free!) alternatives
