Removable Media Best Practices
|
|
- Arabella Owens
- 8 years ago
- Views:
Transcription
1 WHITE PAPER PART TWO Business-aligned Security Strategies and Advice
2 Introduction In part one of this two-part white paper, we looked at the reasons that removable media has posed such threat to data security, and why many organizations have struggled to enforce controls as sensitive data moves to such devices as USB flash drives. We also looked at the foundations of how to start building a policy on removable media, and how to communicate and train end-users on the importance of security for these devices. In this second part, we will look at what kinds of controls should be implemented, and how an ideal removable media encryption solution should function CREDANT Technologies, Inc. All rights reserved. PAGE 2 of 9 For more information contact
3 Implement controls Once policies regarding removable media security have been established and communicated, it is possible to begin implementing the controls necessary to enforce those policies and monitor the progress of the initiative. The controls put in place to manage devices will need to reflect both the organizational policy as well as the types of users and data to be managed. Such controls will necessarily vary in the degree of restriction placed on removable media and how they are used, ranging from complete lock-down of USB storage devices to allowing the end user to determine what, if anything, needs to be encrypted. Complete lock-down Controls may be put in place to prevent any use of USB storage devices at all. This highly restrictive approach has a number of security benefits, but will also have a potentially significant impact on end users and business processes. Without the ability to use any USB storage devices on the endpoint, the likelihood of a data breach or infection by USB-malware is significantly reduced. However, end-users who are accustomed to using company-issued USB storage devices, or their own, will be required to re-evaluate processes and procedures and without early business unit buy-in and education, this policy is almost certain to produce significant user resistance. As such, it should only be adopted in areas where the risk of very sensitive information being breached is high, or where special circumstances apply (such as a shared system in a public area acting as a kiosk, for example). Allow only pre-approved encrypted USB devices A number of commercially available, self-encrypting USB storage devices already exist and are available on the market. These products aim to provide the convenience of a USB drive with enforced encryption, which resides on the device itself. This approach certainly has some merits and may be appropriate for certain users who habitually need to handle and transfer sensitive data. However, for the broader user community such an approach is likely to be costprohibitive. Furthermore, with either set of users, the use of non-approved devices must still be managed. That is, the risk that a user still uses a non-encrypted device for convenience and as such exposes data should be considered and accounted for. As a result, although pre-encrypted USB devices represent a good second-line defense against a breach, they do not address the fundamental management challenge and cannot be relied upon by themselves. Allow some usage but enforce encryption A more secure approach is to allow users to utilize their own USB devices, and to enforce encryption on them. This approach enables users to continue to use USB devices that they own, but reduces the risk of a breach by ensuring that any data on them is encrypted. There are a number of considerations that must be taken into account, however, when deciding on how to implement this approach. Specifically these revolve around usage of USB storage devices on nonorganization PCs (for example, when the user takes the drive home with them) and what types of data to enforce encryption on. These are addressed below: Use of the device outside the corporate network Portable storage devices, especially those owned by employees, will often be used outside of the corporate network. While this may be entirely sensible for many users, it may be that for some, any drive that has been used within the network (and which therefore may contain highly sensitive information) should never be used externally. This reduces the risk of an employee copying sensitive information onto a 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 3 of 9 For more information contact
4 flash drive, for example, and then subsequently moving that information off the drive onto an unencrypted, unprotected system elsewhere. If this type of control is to be put in place, it is important to adequately educate users as to the implications of using a flash drive within the organizational network, as information on it will not be accessible elsewhere after that point. The alternative is to allow users to copy information onto a USB device, during which the information is encrypted, and then allow the user to choose whether to subsequently move that information onto a nonprotected system in the future. This approach, while providing the least impact to users, must be evaluated in the light of your organization s risk appetite, policy, the group of users in question, and the type of information that they are likely to be accessing. encryption of Non-corporate data Removable media storage devices belonging to users, which are likely to represent a significant portion if not the majority of the devices within your network, are also likely to hold information which is either not sensitive or may belong to the user themselves. As such, you may wish to put in place controls that will encrypt only new information added to the device. For example, a user who wishes to move a file from one system to another may insert a flash drive that also contains personal photographs, music files, etc. Forcing encryption of these files is unlikely to be necessary. Therefore, you may wish to allow users to retain personal, unencrypted information, and only require new information, copied from their corporate system, to be encrypted. Who encryption applies to If any of the above encryption controls are put in place, you must also decide which users the controls apply to. For example, you may wish to enforce a device encryption policy across the entire enterprise, or you may wish to only force encryption for certain types of users and/or data. Another alternative is that you may want some users to be allowed to choose for themselves. For example, you may wish to simply remind a user who inserts a flash drive into a system that this represents a risk of breach, and offer them the option to encrypt the information at that point. Clearly in this case, user education is essential especially if end users are being allowed to decide whether they want to encrypt potentially sensitive information. Also, should you adopt this approach, it is highly recommended that you are able to provide audit logs of the users decisions, should they become necessary for later forensic purposes. Such logs may also be useful in identifying potentially risky behavior, or even activities associated with an insider attack. In this case, integration with broader security processes and monitoring is recommended. It is also likely that you will have exceptions to any controls that you put in place. It may be that some users or administrators will have legitimate reasons to not want to encrypt information on a flash drive, or to use a flash drive in areas where other users would not be permitted. Generally, such exceptions should be role-based and administered in a consistent and welldocumented manner, ideally using an authoritative identity source such as Microsoft Active Directory. Monitoring and Reporting While protecting information on removable media is important, it is equally important to be able to prove that the information is protected, especially if a breach occurs. As such, one of the important considerations to address is to what degree removable media encryption reporting and auditing will be rolled up into broader, enterprise encryption reporting. If you have elected to allow some users to decide for themselves whether to encrypt data on their removable media devices, then it is strongly recommended that sufficient reporting be put in place to capture when and if a user elects not to encrypt information CREDANT Technologies, Inc. All rights reserved. PAGE 4 of 9 For more information contact
5 While this will not usually be a cause for concern, in the event of a breach, or if that user comes under suspicion of some form of insider attack, the ability to quickly determine if they have been routinely copying information to non-encrypted sources could be important. Furthermore, as a user is deprovisioned from the organization, knowing what, if any, non-encrypted information they may possess is very important to ensuring safe information management. What to look for in a solution Having discussed the concerns regarding removable media security and some of the types of technical controls and policies that can be put in place, it is worth reviewing what capabilities and features should be present in an ideal removable media encryption management solution in order to provide both the greatest degree of flexibility to integrate with existing security and operational processes and maximum security to prevent a breach. In this section, the capabilities discussed will be: Encryption strength Key management Key recovery Ease of use Ease of deployment Reliability Portability Device awareness Integration Remote Key Deletion Reporting and Auditing Each of these areas of capabilities is important and should be used in order to evaluate the suitability of a proposed solution. However, the relative importance of each of these areas will vary depending on your organizational structure, type of data to be secured, business expectations and needs, and regulatory pressures. Encryption Strength The capability to encrypt, and therefore protect, information on removable media is core to the operation of any encryption management solution. However, variations in encryption strength are unlikely to differ significantly between solutions. As a basic requirement, expect to see industry standard encryption algorithms such as AES (128 and 256), 3DES, or Rijndael (128 and 256). One consideration for US Federal Government agencies, or organizations that work with them, is to check for FIPS validation of the algorithm implementation. As the primary concern for removable media is that the device will be lost while containing sensitive information, the ability to perform remote key destruction (see later) may be more important than the specifics of the encryption solution as this will close the main vulnerability of most solutions. Key management Key management is ultimately the primary problem for all encryption programs. Keys must be readily available when needed by the legitimate data owner, but protected from illegal access. They must be securely stored, yet easily retrievable. Furthermore, in the event that the end user forgets their key, simple recovery of the data is a must. The ideal solution will enforce the appropriate key strength and provide centralized storage (escrow) of the keys. This will allow the end user to select his own key, but to have a copy of the key stored centrally. This central store has a number of benefits: 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 5 of 9 For more information contact
6 It ensures that a copy of the key is available if the user forgets it. It enables administrators to access the information if the user leaves the organization. The process of centrally storing the key ensures that an audit record is kept of the fact that the device has been encrypted. It alleviates the user from having to enter the key every time the device is used within the corporate network. If the key is centrally stored, the encryption management solution should be able to retrieve it automatically as soon as the device is attached to a computer, it will authenticate the user based on their network credentials, and then provide seamless access to the information while maintaining full security. Such seamless access goes a long way to alleviating some of the challenges to encryption projects discussed in part one of this white paper series. Key Recovery As previously mentioned, one of the advantages of centrally storing the encryption key is that it allows for simpler key recovery in the event that a user is off-site and has forgotten the key they assigned to that device. However, the ideal solution would also allow for a degree of key recovery to take place completely autonomously from the central help desk function. In this case, the user would be prompted with pre-selected questions that would enable a challenge-response key recovery. This provides the user with a significant degree of autonomy, it reassures the end user community that they can maintain access to their data in the event that they are remote and unable to remember their key, and it reduces the workload on the central helpdesk functions. An optional, but potentially important, function is to enable a partial or complete lock-out of the device in the event that the user fails to access it a certain number of times. In such a situation, a cool-down period should be enforced (to reduce the costeffectiveness of brute force attacks) or if a complete lock-out is desired, this is achieved by destroying the local key on-device. If the key is destroyed, then the data should still be recoverable if accessed within the organizational network (see the section on central key management.) In some circumstances, it may become important to determine who the owner of the device is in order to recover the information for example, when a device is found but the owner does not know it has been lost. In such a case key recovery is again facilitated by the use of the centrally managed key escrow services of a solution. In the event that a user still needs help accessing a removable device, the help desk team should be able to issue a one-time key that provides access to that device for one instance, to allow a password reset. This enables the end user to access information, while maintaining appropriate security (as the help desk staff cannot use that temporary access key at a later date.) Easy to use While the primary objective of any encryption project is to protect data, a secondary objective should be to minimize the impact on end-user operations wherever possible. As such, any removable media encryption product should be easy for end users to use. Primarily it should: Minimize their need for interaction with the encryption solution Wherever possible rely on central key stores to decrypt data Enable users (where appropriate) to maintain non-en CREDANT Technologies, Inc. All rights reserved. PAGE 6 of 9 For more information contact
7 crypted information on the removable media if allowed (such as music files, personal information, etc) Provide simple key recovery that the user can initiate themselves Provide fast encryption of data on the device Protect the user from accidentally corrupting information if they remove the device during encryption As much as possible, operate completely transparently Reducing end-user impact will go a long way to eliminating some of the problems that encryption programs have faced in the past, as discussed in the first part of this white paper series. Easy to manage and deploy While reducing the impact to end users is important, reducing and streamlining the workload for deploying and managing the removable media encryption solution is also an important consideration especially when administrator time is at a premium. Ideally, the removable media encryption should operate seamlessly within the broader framework of encryption management across the enterprise, including full disk encryption, mobile device encryption, OS-level encryption and so on. As discussed, central management of keys and user-enabled key recovery will reduce much of the typical day-to-day burden on administrators and help-desk staff. Likewise, robust and recoverable encryption processes that do not cause problems if interrupted by the user are also important to eliminate unnecessary calls to the support desk. Central, simple deployment of policies and software will also reduce the workload of enforcing data protection policies as will centralized reporting and auditing (as discussed later in this section.) Reliable for end users when encrypting their devices As end-users begin the encryption process for information on removable media, it is essential that the solution in place is sufficiently reliable in that it will: Ensure the enforcement of policies for removable media use, even if not connected to the corporate network Provide rapid and reliable encryption of data that is to be protected Be sufficiently resilient in the event that a user removes the device during the encryption process The last point is especially important. Users may decide to postpone encryption and simply pull the device out of the endpoint. If the encryption solution is not sufficiently robust and able to recover, this can result in the device becoming unreadable and all information on it will be lost. Portability Making information easy to transfer is the reason that users employ removable media. As such, it is necessary to provide an encryption solution that will enable access to the information in a variety of circumstances (depending on your organizational policy see part one of this whitepaper series for a discussion on policy choices.) Ideally the solution should support: Usage within the corporate network normal use of the device within the perimeter Usage external to the corporate network or use outside of the network perimeter, on non-protected systems such as home computers Blocking of access that is external to the corporate network the option to prevent access to a device on a non-protected endpoint, to reduce the risk of information loss on a third-party system Flexibility to enforce some or all of these options is highly desirable. As discussed earlier, different groups of users may require different access policies and it is likely that you will need to enforce some of the above 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 7 of 9 For more information contact
8 within different organizational groups to meet your goals. While portability of the data is important, another consideration is portability of the device itself. Many users will rely on dedicated USB flash drives however others may need to use such things as SD or XD cards. The encryption solution should be able to encrypt only the necessary information on the card without changing the fundamental operation of the storage device (which may render it unusable as a camera card etc.) Finally, cross-platform support may be desirable, supporting the need to take encrypted information from a Windows PC and move it to a Mac OS/X system seamlessly. Device aware Having an encryption solution that is device-aware is important in preventing accidental damage to mobile devices, which may appear as removable media. For example, some smartphones may connect through the USB interface and attempting to enforce encryption on them can result in damage to those systems that may be unrecoverable. The encryption management solution should be able to distinguish different types of device, and apply only those applicable policies to ensure minimum impact on the end-user. Integrated with broader encryption solutions Integration with the broader encryption management strategy has been mentioned a number of times already in this paper, but is worth discussing briefly here. By providing a centralized method for enforcing policy, managing encryption controls, and auditing and reporting, a single encryption management solution should be able to provide both a more complete view of organizational risk reduction and less workload in managing encryption. One central set of management tools provides the best way to ensure that no areas are left unmanaged, and therefore vulnerable, and that auditors and compliance offers have a greater degree of confidence that policy is being enforced wherever sensitive data resides. This is especially important in the event of a breach covered under regulations such as the US HIPAA/HITECH acts, which mandate what can be expensive breach disclosure requirements if the breached organization is unable to prove that the information was encrypted. Remote Key Deletion In the event that an end user loses a storage device, it is certainly desirable to ensure that the device is not amenable to attack. A couple of options have already been discussed under the section on key recovery namely to allow a limited number of tries to enter the key, after which either a cool-down period is enforced or the key is actually deleted entirely, rendering the information unreadable. While this latter option does provide better protection, it can also cause legitimate users to be unable to access their information. Ideally, the encryption management solution should allow for subsequent recovery even if the key is deleted. So if the device is recovered (or the user brings it in to the corporate environment,) the information on it can be unencrypted using the escrowed, centrally-stored key. Reporting and auditing Reporting is an essential element of any security solution the removable media encryption management solution should provide reporting capabilities sufficient to meet the requirements of your compliance officers and auditors. Such reporting should be able to provide at-a-glance information on devices encrypted and user activity (such as electing to not encrypt certain devices if that is permissible.) Furthermore, this reporting should be included in the broader encryption management reporting, in order 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 8 of 9 For more information contact
9 to present auditors and senior stakeholders with as comprehensive a view as possible of organizationwide risk with respect to critical data. Conclusion With the ever-expanding mobility of the enterprise, data threats are introduced anywhere from the home office to the cyber café, causing exposure of highly sensitive corporate data. The demand for a highly mobile workplace is only going to increase, so implementation of removable media encryption is a must. As your corporation becomes more and more mobile, implementing removable media encryption, and following best practices in doing so, is becoming imperative in keeping your enterprise clear of potential data breach. For more information on how CREDANT Technologies can help you formulate and enforce policies to protect information on removable media, please visit our website at CREDANT Technologies Dallas Parkway, Suite 1420, Addison, Texas USA UK & EMEA, 88 Kingsway, London, WC2B 6AA, United Kingdom US: 866-CREDANT ( ) or UK: phone +44 (0) fax +44 (0) For more information: info@credant.com 2010 CREDANT Technologies, Inc. All rights reserved. CREDANT Technologies, CREDANT, We Protect What Matters, Intelligent Encryption, and the CREDANT logo are, or will be, registered trademarks of CREDANT Technologies, Inc. All other trademarks, service marks, and/or product names are the property of their respective owners. Product information is subject to change without notice.
Managing BitLocker Encryption
Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationCHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationHow Endpoint Encryption Works
WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint
More informationDriveLock and Windows 8
Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationMedia Device Encryption
Media Device Encryption The age of portable media has brought us a plethora of mobile media devices that allow information to be easily transported from place to place. Though portable media devices like
More informationAssessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives
Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents
More informationScoMIS Encryption Service
Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend
More informationScoMIS Encryption Service
Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationEncryption Buyers Guide
Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationetoken Single Sign-On 3.0
etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationGlobal security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise
Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise
More informationTOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE
TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at
More informationS E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd. www.cryptomill.com
SEAhawk CryptoMill CryptoMill Technologies Ltd. www.cryptomill.com OVERVIEW S EAhawk is an endpoint and removable storage security solution for desktop PCs and laptops running the Microsoft Windows operating
More informationYOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.
YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the
More informationWhite Paper: Whole Disk Encryption
How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................
More informationSecuring Data on Portable Media. www.roxio.com
Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7
More informationUnderstanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization
Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationSamsung SED Security in Collaboration with Wave Systems
Samsung SED Security in Collaboration with Wave Systems Safeguarding sensitive data with enhanced performance, robust security, and manageability Samsung Super-speed Drive Secure sensitive data economically
More informationAegis Padlock for business
Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses
More informationetoken TMS (Token Management System) Frequently Asked Questions
etoken TMS (Token Management System) Frequently Asked Questions Make your strong authentication solution a reality with etoken TMS (Token Management System). etoken TMS provides you with full solution
More informationAddressing the Data Protection Requirements of the HITECH Act
Addressing the Data Protection Requirements of the HITECH Act Simplifying data protection for healthcare industry compliance with endpoint encryption Trend Micro, Incorporated A Trend Micro White Paper
More informationIBM Data Security Services for endpoint data protection endpoint encryption solution
Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such
More informationAD Management Survey: Reveals Security as Key Challenge
Contents How This Paper Is Organized... 1 Survey Respondent Demographics... 2 AD Management Survey: Reveals Security as Key Challenge White Paper August 2009 Survey Results and Observations... 3 Active
More informationIDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience
IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse
More informationGoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.
GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...
More informationComparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationIRONKEY CASE STUDIES. Healthcare Solutions
IRONKEY CASE STUDIES Healthcare Solutions HEALTHCARE Business Problem Healthcare providers, insurers and pharmaceutical companies, have a lengthening list of regulations and standards on protecting confidential
More informationWorking Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444
Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...
More informationInnovative Secure Boot System (SBS) with a smartcard.
Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable
More informationBest Practices for Protecting Laptop Data
Laptop Backup, Recovery, and Data Security: Protecting the Modern Mobile Workforce Today s fast-growing highly mobile workforce is placing new demands on IT. As data growth increases, and that data increasingly
More informationProtecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption
Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption OVERVIEW Data is one of the most important assets within organizations, second perhaps
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationRSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief
RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The
More informationSamsung Mobile Security
Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise
More informationProtecting Data-at-Rest with SecureZIP for DLP
Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED
More informationDo "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?
Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00
More informationUsing Entrust certificates with VPN
Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark
More informationDriving Company Security is Challenging. Centralized Management Makes it Simple.
Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationBRING YOUR OWN DEVICE. Protecting yourself when employees use their own devices for business
BRING YOUR OWN DEVICE Protecting yourself when employees use their own devices for business Bring Your Own Device: The new approach to employee mobility In business today, the value put on the timeliness
More informationFor Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.
Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio
More informationManaging BitLocker With SafeGuard Enterprise
Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption
More information9 Steps to Data Security
Sensitive data - from trade secrets to customer data - is more valuable and so more vulnerable than ever. The challenges are significant from the complexity of deployment, to managing PCs and Macs, to
More informationSelf-Encrypting Hard Disk Drives in the Data Center
Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional
More informationUNCLASSIFIED. UK Email Archiving powered by Mimecast Service Description
UNCLASSIFIED 11/12/2015 v2.2 UK Email Archiving powered by Mimecast Service Description Cobweb s UK Email Archiving, powered by Mimecast, provides businesses with a secure, scalable cloud-based message
More informationPORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1
Executive Summary PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1 In today s business environment, managing and controlling access to data is critical to business viability
More informationThe problem with privileged users: What you don t know can hurt you
The problem with privileged users: What you don t know can hurt you FOUR STEPS TO Why all the fuss about privileged users? Today s users need easy anytime, anywhere access to information and services so
More informationKaseya IT Automation Framework
Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation
More informationHow Drive Encryption Works
WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................
More informationSecuring Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution
Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution NOTICE This Technology Brief may contain proprietary information protected by copyright. Information
More informationManagement of Hardware Passwords in Think PCs.
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
More informationGoogle Identity Services for work
INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new
More informationA Comprehensive Plan to Simplify Endpoint Encryption
A Comprehensive Plan to Simplify Endpoint Encryption Managing SEDs, BitLocker, and FileVault Together from the Cloud Executive Summary Encryption is an essential component of any information security plan.
More informationHow Cloud Computing Can Accelerate Endpoint Encryption:
How Cloud Computing Can Accelerate Endpoint Encryption: Managing Self-Encrypting Drives in the Cloud Executive Summary Cloud computing is transforming IT for businesses of all sizes, but not without significant
More informationHow to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications
SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationA Strategic Approach to Enterprise Key Management
Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption
More informationPGP Universal Server 2.5 SmartLine DeviceLock 6.2
PGP Integration Guide October 2007 PGP Universal Server 2.5 SmartLine DeviceLock 6.2 Version 1.0 2 Table of Contents INTRODUCTION...3 STRUCTURE...3 CAVEATS...4 POLICY OVERVIEW...4 SPAN OF CONTROL...4 COMPUTER
More informationHIPAA Security Alert
Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information
More informationEmail Archiving, Retrieval and Analysis The Key Issues
Email Archiving, Retrieval and Analysis The "If you are going to find a smoking gun, you will find it in email." Abstract Organisations are increasingly dependent on email for conducting business, internally
More informationCentralized Self-service Password Reset: From the Web and Windows Desktop
Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200
More informationSafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012
SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationWhite Paper. Keeping Your Private Data Secure
WHITE PAPER: Keeping Your Private Data Secure White Paper Keeping Your Private Data Secure Keeping Your Private Data Secure Contents Keeping Your Private Data Secure............................ 3 Why Encryption?......................................
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationWhy Digital Certificates Are Essential for Managing Mobile Devices
WHITE PAPER: WHY CERTIFICATES ARE ESSENTIAL FOR MANAGING........... MOBILE....... DEVICES...................... Why Digital Certificates Are Essential for Managing Mobile Devices Who should read this paper
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationThe Top 5 Federated Single Sign-On Scenarios
The Top 5 Federated Single Sign-On Scenarios Table of Contents Executive Summary... 1 The Solution: Standards-Based Federation... 2 Service Provider Initiated SSO...3 Identity Provider Initiated SSO...3
More informationWhite paper December 2008. IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview
White paper December 2008 IBM Tivoli Access Manager for Enterprise Single Sign-On: An overview Page 2 Contents 2 Executive summary 2 The enterprise access challenge 3 Seamless access to applications 4
More informationidentity management in Linux and UNIX environments
Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual
More informationThe CIO s Guide to HIPAA Compliant Text Messaging
The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially
More informationPrivileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery
Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account
More informationSecuring data at rest white paper
Securing data at rest white paper An enterprise strategy for data encryption and key management Introduction: The data security imperative... 2 Enterprise data-at-rest security landscape today... 2 Challenges
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationService Overview CloudCare Online Backup
Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house
More informationProtecting Data at Rest
Protecting Data at Rest What to Consider When Selecting a Solution for Hard Drive Encryption Authors: Daniel Nilsson & Jeff Sherwood April 18, 2011 Content Overview... 3 Approaches to data at rest protection...
More informationConvenience and security
Convenience and security ControlSphere is a computer security and automation solution designed to protect user data and automate most of authentication tasks for the user at work and home environments.
More informationHow to enable Disk Encryption on a laptop
How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data
More informationHow To Use Attix5 Pro For A Fraction Of The Cost Of A Backup
Service Overview Business Cloud Backup Techgate s Business Cloud Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house
More informationTop Four Considerations for Securing Microsoft SharePoint
Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft
More informationRSA SecurID Two-factor Authentication
RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial
More informationCompliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme
Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration
More informationUSER-MANAGED FILE SERVER BACKUP:
USER-MANAGED FILE SERVER BACKUP: An ineffective solution to Business Data Protection WHITE PAPER www.cibecs.com 2 EXECUTIVE SUMMARY In their latest report on endpoint user data backup (ID #: G00211731),
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationWhitePaper. Private Cloud Computing Essentials
Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....
More informationPointsec Enterprise Encryption and Access Control for Laptops and Workstations
Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing
More information