Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

The Ultimate Security Solution For Data At Rest

Agenda

Introduction

•

Information Security Challenges

•

Dell Simplifies Security

Trusted Drive Technology

•

Seagate Momentus® 5400 FDE.2 Disc Drives

Information Security

The need for data protection at the endpoint

•

Virtually all companies are vulnerable to loss of data

¾ Data is “the company”, and increasingly, data can be put anywhere

¾ The client device is becoming the main threat vector for security

•

Diverse mobile workforce

¾ Users need real-time access to data, sometimes sensitive data

¾ Variety of users with access to critical data that cannot be exposed

•

Lost information on client devices

¾ Laptop thefts have become an epidemic

Information Security

Broad set of information security challenges

•

Maintaining regulatory compliance

¾ Compliance is a mandate, whether you want to do it or not

•

Safekeeping of customer data

¾ Loss of data could expose personal information of thousands, or even millions, of customers, placing them at risk for identity theft

•

Ensuring internal security policies

¾ Organizational check and balance against maintaining compliance

•

Protecting corporate intellectual property

Regulatory Compliance

Navigating the sea of regulations and standards

Source: Gartner, Inc. “Hype Cycle for Regulations and Related Standards 2007” by French Caldwell et al, January 15, 2007

Regulations and

standards on the rise

•

Personal Privacy

•

Corporate Governance

¾ J-SOX, Euro SOX

•

International Trade

Regulatory Compliance

A closer look at data protection legislation

Sample of State “Notice of Breach” Laws

State Law

Potential Safe harbor for encrypted data

Arkansas A.C.A. 4-110-105, SB 1167 Yes

California Cal. Civ. Code 1798.82, SB 1368 Yes

Connecticut Conn. Gen Stat. 36A701(b) Yes

Illinois 815 Ill. Comp. Stat. 530/I Yes

Minnesota Minn. Stat 325E.61, HF 2121 Yes

Nevada Nev. Rev. Stat. 603 A.220, SB 347 Yes

New York N.Y. Gen Bus. Law 899-aaA-4254, A-3492 Yes

For general information only. Always consult an attorney for advice regarding compliance with these laws ¾ Many states have potential safe harbor rules for Notice of Breach laws

“Encryption of all sensitive information on

notebooks should be considered mandatory”

Gartner, Inc. “Windows Vista BitLocker: Good, but Not Great” by Jeffrey Wheatman and Neil MacDonald, January 5, 2007

Companies should select systems that provide

centralized policy management, comprehensive

reporting and automated policy enforcement.

Aberdeen, 2006

“Given that ‘encryption’ everywhere will

shortly become a reality, the issue then

becomes one of managing the encryption

infrastructure”

The 451 Group, Dec 2006

Why Don’t Organizations

Encrypt?

y

The primary reasons cited for not encrypting sensitive or

confidential information according to the survey:

* Ponemon Institute’s 2005 National Encryption Survey

System Performance Complexity Cost 69% 44% 25%

¾ FDE software places a heavy processing burden on the hard drive and CPU

¾ Installation and maintenance can be a complex and time consuming process

Dell Data Protection:

Different Constituents, Different Needs

C Level ExecutiveC Level Executive

Dell Simplifies Data Security

1

_{in the industry to deliver a managed}

end-to-end hardware encrypting solution

•

Performance

¾ By integrating the encryption process on the drive controller itself, there is no performance penalty for the end user

•

Ease of Use

¾ Easy to set up, always turned on, and easy to provide audit reporting for compliance purposes

•

Strength of security

¾ By placing the encryption keys in the hardware, the keys simply do not exist outside of the hard drive

•

Lower ownership costs

Implementation of Dell’s Security Best Practices Wave Embassy Remote Administration Server

Seagate Momentus 5400 FDE.2 HDD Wave Trusted Drive Manager

Dell Data Security Solution

For Mobile Users

Dell Latitude or Precision Notebook

Hardware Encrypting Drives

Hardware Integration

Vista® _BitLocker™ _{/ EFS}

OS Integration

Evolution of Data Protection:

Migration to Hardware

Software FDE

Application Layer

Fast, Simple, Low Cost!

Seagate Momentus

5400 FDE.2 Disc Drives

Protecting Your Data Where It Lives

Industry Leading Storage

• 80GB & 120GB 2.5” Disc Drive

• Perpendicular recording technology

• SATA 1.5 Gb/s

DriveTrust

_Technology

• Hardware encryption – AES 128 bit

• Integrated access control

• Protected storage partitions

Momentus 5400 FDE.2 Drive

• Solution for lost or stolen notebooks

• High performance encryption

• Strong hardware security – ideal closed cryptographic storage system

The Trusted Drive Solution

Seagate®

DriveTrust™

Technology

Wave Software Delivers

• Strong pre-boot access control

• Simple user interface

• Advanced administrative controls • Centralized remote management

EMBASSY Trusted Drive Manager

Life Cycle Management of FDE Drives

• Initialize DriveTrust functions

• User management

¾ Add user

¾ Delete user

¾ Unlock drive

• Security Policy Management

¾ Lock enable/disable

¾ Instant cryptographic erase

¾ Backup/recovery passwords ¾ Reset drive • Pre-boot authentication • Remote/Automated functions ¾ Remote management/initialization ¾ Recovery agent

Simple User Experience

•

Drive is locked at power up

•

Authentication screen is

displayed

•

User selects their User ID and

enters Password

•

Drive unlocks and Windows

boots normally

FDE Drive Authentication Screen

Benefit:

EMBASSY Remote Admin Server

Centralized management and policy control

MIB ERAS Server Engine GUI Scripts ERAS

Active Directory Group Policy Objects

Enterprise WMI Infrastructure

Organizational Unit

Organizational Unit

Organizational Unit

Organizational Unit

• Integration with identity, policy, and management

infrastructures

• Zero Touch remote management

• Supports FDE drives and TPMs

• Audit and

y

On-Site Training + Wave ERAS server = Simplified

Deployment of Hardware Encryption Solution

y

Configuration and Training package includes…

• 20 User license of Wave Embassy Remote Administration Server

• One day on-site training & support from a Wave engineer ¾ Configuration of 20 clients

¾ Training to install & configure the Trusted Drive Manager and ERAS software for additional clients

¾ Instructions for ordering additional software licenses from Dell ¾ Guidelines on how to get software support from Wave Systems

Simplify Solution Deployment

ERAS Software Configuration Bundle

Benefit:

How do I get it?

•

Dell notebooks, with Seagate FDE drives and Wave’s EMBASSY

Trusted Drive Manager, are currently available on Dell Latitude

D531, D630, ATG, D830 and Precision Mobile M4300 and M6300

models.

•

The Wave Embassy Remote Administration Server software, and

ERAS Software Configuration Bundle, are available today from

your Dell account team.