• No results found

Endpoint & Media Encryption

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Endpoint & Media Encryption"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

Endpoint & Media Encryption

(2)
(3)

201CMR17

(Massachusetts Data Security Regulations)

Personal information, a Massachusetts resident's first name and last name

or first initial and last name in combination with any one or more of the following data elements that relate to such resident: (a) Social Security number; (b) driver's license number or state-issued identification card number; or (c) financial account number, or credit or debit card number, with or without any required security code, access code, personal identification number or password, that would permit access to a resident’s financial account; provided, however, that “Personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

(4)

201CMR17

(Massachusetts Data Security Regulations)

(a) Social Security number; (b) driver's license number or state‐ issued identification card number; or (c) financial account 

number, or credit or debit card number

These need to be protected while:

•Stored on laptops or portable media

•Transmitted over public networks such as the

Internet

(5)

Attorney-Client Privilege

Securing our client’s Intellectual

Property & Competitive Intelligence

We have a great deal of data that is

treated as sensitive and in need of

encryption in a variety of media...

…but as a law firm,

(6)

“The only safe assumption that a company can

make to avoid the consequences of a data

breach and disclosure is to assume that a

mobile device contains sensitive data. It is

impractical to attempt to ‘classify’

either the

devices or the information on them, encrypting

some devices but not others. “

Gartner, 2009

“Oops.“

(7)

Laptop & Portable Media

Help Forming Your Shortlist

General Services Administration “Data at Rest” Encryption Awardees (www.gsa.gov)

Office of Management and Budget, US Department of Defense and GSA teamed up to identify products government agencies could use to protect “sensitive, unclassified data residing on government

laptops, other mobile computing devices and removable storage media devices” [Warning – this is getting dated!]

SANS What Works program (www.sans.org/whatworks) 5.2 Mobile Data Protection and Storage Encryption

(8)

Selecting Encryption Solutions

Full Disk

Encryption

File & Folder

Encryption

(9)

Selecting Encryption Solutions

System

Performance

End User

Experience

(10)

Selecting Encryption Solutions

(11)

Selecting Encryption Solutions

Now Patching Now Patching Now Patching Password:??

(12)

Checkpoint (PointSec) Credant Mobile Guardian McAfee SafeBoot

Mobile Armor Data Armor SPYRUS Talisman

Symantec Endpoint Encryption Utimaco

PGP (now Symantec)

GuardianEdge (now Symantec) Microsoft Bitlocker

Secure Computing

Fiberlink

Info Security Corp Secret Agent SafeNet ProtectDrive WinMagic SecurDoc SecurStar DriveCrypt 7-zip FreeOTFE TrueCrypt

Encryption Solutions SkyLOCK Dekart Private Disk

Beachhead Solutions

Laptop & Portable Media

A sample playing field

(13)

ILTA Survey Results

N/A

Bitlocker

Credant

Other

Symantec PGP

TrueCrypt

(14)

Laptop & Portable Media

RFP/Issues to consider

 Encrypt all our user’s data

 Robust encryption algorithm(s)  User friendly (read: seamless)

 Easy Deployment

 Removable drive encryption

 Minimal (or no noticeable) performance hit  No interference with shared computers  No conflicts with our existing environment

 Ease of management (PW resets, etc.) & integration with Active Directory

(15)

Laptop & Portable Media

Bill & Tim’s Shortlist

Checkpoint PointSec

Credant

Mobile Guardian

Trend Micro Mobile Armor Data Armor

Symantec Endpoint Encryption (formerly Guardian Edge)

Sophos

Utimaco

SafeGuard

(16)

Your endpoint

encryption charter

has made it through

the finance

committee!

We adjusted your

budget to $0.

(17)

Laptop & Portable Media

Low or No Budget Options

Inexpensive viable options may include:

Some regulations take the size of the organization into consideration:

[You must maintain physical and technical security safeguards] that are appropriate to (a) the size, scope and type of business of the person obligated to safeguard the personal information under such comprehensive information security program” (201 CMR 17.03)

(18)

How to deploy?

Start with IT

Use a Risk

(19)
(20)

One Policy to Rule Them All

Bingham’s requirements:

Email - Messages

Policy Enforcement - Device Encryption Policy Enforcement - Lockout

Policy Enforcement – Password Complexity Policy Enforcement - Remote PWD Reset Policy Enforcement - Remote Wipe

Policy Enforcement - Transport Encryption

Policy Enforcement - Wipe on Bad PWD [10 strikes and you’re out] System - Works with existing Bingham technologies (m)

(21)

Reach Bill at:

[email protected]

@Kyrouz on Twitter

Reach Tim at:

[email protected]

(22)
(23)

Secure File Transfer

Internal server, appliance or virtual appliance

SFTP

Accellion SFT Biscom BDS

AllardSoft Filetransfer

Pros/Cons

Windows vs Non-windows.. important features...

subscription model versus not... hardware versus software versus virtual appliance...

(24)

Secure File Transfer

Hosted Solutions

www.yousendit.com (limit 2GB) sendthisfile.com

free for files up to 2GB

optional features include dedicated server, dedicated bandwidth

No anti-virus What to look for:

SSL protected interface (it’s not a given!) anti-virus

(25)
(26)

Better (and free!) alternatives

KeePass

http://keepass.info

Password Safe (Demo)

References

Download now ( PDF - 26 Page - 1.11 MB )

Related documents

Written Information Security Plan (WISP) for. HR Knowledge, Inc. This document has been approved for general distribution.

For purposes of this Plan, “personal information” means a Massachusetts resident's first name and last name or first initial and last name in combination with any one or

Section 18 SEARCHSOFT. Applicant Tracking System

Click on Create New Account Button and enter the following information: first name, middle initial, last name, social security number, email address, personal homepage,

BUSINESS LOAN APPLICATION

NAME TITLE OWNERSHIP % SOCIAL SECURITY NUMBER DRIVER’S LICENSE NUMBER DATE OF BIRTH 2?. NAME TITLE OWNERSHIP % SOCIAL SECURITY NUMBER DRIVER’S LICENSE NUMBER DATE OF BIRTH

2010 HIPAA Security Environment

first name or initial and last name of an individual driver's license number Social Security number credit card or debit card number Statutory Notice Requirement Affected

God s and Government

Your first name and middle initial Last name Your social security number If joint return, spouse’s first name and middle initial Last name Spouse’s social security number

CONNECTICUT RIVER WATERSHED COUNCIL, INC. DOCUMENT MANAGEMENT & WRITTEN INFORMATION SECURITY POLICY

For purposes of this WISP, “personal information” means an individual’s first name and last name or first initial and last name in combination with any one or more of the

Last Name First Name MI Social Security Number

However, if you do a rollover to an IRA or to an employer plan that is not a governmental section 457(b) plan, a later distribution made before age 59 1/2 will be subject to the

Last name First name Middle initial Social Security number (required)

I understand and agree that coverage does not begin until Premera accepts this application and assigns an effective date of coverage and that receipt of my money (cash, check or