Removable Media Best Practices

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Removable Media Best Practices"

Transcription

1 WHITE PAPER PART TWO Business-aligned Security Strategies and Advice

2 Introduction In part one of this two-part white paper, we looked at the reasons that removable media has posed such threat to data security, and why many organizations have struggled to enforce controls as sensitive data moves to such devices as USB flash drives. We also looked at the foundations of how to start building a policy on removable media, and how to communicate and train end-users on the importance of security for these devices. In this second part, we will look at what kinds of controls should be implemented, and how an ideal removable media encryption solution should function CREDANT Technologies, Inc. All rights reserved. PAGE 2 of 9 For more information contact

3 Implement controls Once policies regarding removable media security have been established and communicated, it is possible to begin implementing the controls necessary to enforce those policies and monitor the progress of the initiative. The controls put in place to manage devices will need to reflect both the organizational policy as well as the types of users and data to be managed. Such controls will necessarily vary in the degree of restriction placed on removable media and how they are used, ranging from complete lock-down of USB storage devices to allowing the end user to determine what, if anything, needs to be encrypted. Complete lock-down Controls may be put in place to prevent any use of USB storage devices at all. This highly restrictive approach has a number of security benefits, but will also have a potentially significant impact on end users and business processes. Without the ability to use any USB storage devices on the endpoint, the likelihood of a data breach or infection by USB-malware is significantly reduced. However, end-users who are accustomed to using company-issued USB storage devices, or their own, will be required to re-evaluate processes and procedures and without early business unit buy-in and education, this policy is almost certain to produce significant user resistance. As such, it should only be adopted in areas where the risk of very sensitive information being breached is high, or where special circumstances apply (such as a shared system in a public area acting as a kiosk, for example). Allow only pre-approved encrypted USB devices A number of commercially available, self-encrypting USB storage devices already exist and are available on the market. These products aim to provide the convenience of a USB drive with enforced encryption, which resides on the device itself. This approach certainly has some merits and may be appropriate for certain users who habitually need to handle and transfer sensitive data. However, for the broader user community such an approach is likely to be costprohibitive. Furthermore, with either set of users, the use of non-approved devices must still be managed. That is, the risk that a user still uses a non-encrypted device for convenience and as such exposes data should be considered and accounted for. As a result, although pre-encrypted USB devices represent a good second-line defense against a breach, they do not address the fundamental management challenge and cannot be relied upon by themselves. Allow some usage but enforce encryption A more secure approach is to allow users to utilize their own USB devices, and to enforce encryption on them. This approach enables users to continue to use USB devices that they own, but reduces the risk of a breach by ensuring that any data on them is encrypted. There are a number of considerations that must be taken into account, however, when deciding on how to implement this approach. Specifically these revolve around usage of USB storage devices on nonorganization PCs (for example, when the user takes the drive home with them) and what types of data to enforce encryption on. These are addressed below: Use of the device outside the corporate network Portable storage devices, especially those owned by employees, will often be used outside of the corporate network. While this may be entirely sensible for many users, it may be that for some, any drive that has been used within the network (and which therefore may contain highly sensitive information) should never be used externally. This reduces the risk of an employee copying sensitive information onto a 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 3 of 9 For more information contact

4 flash drive, for example, and then subsequently moving that information off the drive onto an unencrypted, unprotected system elsewhere. If this type of control is to be put in place, it is important to adequately educate users as to the implications of using a flash drive within the organizational network, as information on it will not be accessible elsewhere after that point. The alternative is to allow users to copy information onto a USB device, during which the information is encrypted, and then allow the user to choose whether to subsequently move that information onto a nonprotected system in the future. This approach, while providing the least impact to users, must be evaluated in the light of your organization s risk appetite, policy, the group of users in question, and the type of information that they are likely to be accessing. encryption of Non-corporate data Removable media storage devices belonging to users, which are likely to represent a significant portion if not the majority of the devices within your network, are also likely to hold information which is either not sensitive or may belong to the user themselves. As such, you may wish to put in place controls that will encrypt only new information added to the device. For example, a user who wishes to move a file from one system to another may insert a flash drive that also contains personal photographs, music files, etc. Forcing encryption of these files is unlikely to be necessary. Therefore, you may wish to allow users to retain personal, unencrypted information, and only require new information, copied from their corporate system, to be encrypted. Who encryption applies to If any of the above encryption controls are put in place, you must also decide which users the controls apply to. For example, you may wish to enforce a device encryption policy across the entire enterprise, or you may wish to only force encryption for certain types of users and/or data. Another alternative is that you may want some users to be allowed to choose for themselves. For example, you may wish to simply remind a user who inserts a flash drive into a system that this represents a risk of breach, and offer them the option to encrypt the information at that point. Clearly in this case, user education is essential especially if end users are being allowed to decide whether they want to encrypt potentially sensitive information. Also, should you adopt this approach, it is highly recommended that you are able to provide audit logs of the users decisions, should they become necessary for later forensic purposes. Such logs may also be useful in identifying potentially risky behavior, or even activities associated with an insider attack. In this case, integration with broader security processes and monitoring is recommended. It is also likely that you will have exceptions to any controls that you put in place. It may be that some users or administrators will have legitimate reasons to not want to encrypt information on a flash drive, or to use a flash drive in areas where other users would not be permitted. Generally, such exceptions should be role-based and administered in a consistent and welldocumented manner, ideally using an authoritative identity source such as Microsoft Active Directory. Monitoring and Reporting While protecting information on removable media is important, it is equally important to be able to prove that the information is protected, especially if a breach occurs. As such, one of the important considerations to address is to what degree removable media encryption reporting and auditing will be rolled up into broader, enterprise encryption reporting. If you have elected to allow some users to decide for themselves whether to encrypt data on their removable media devices, then it is strongly recommended that sufficient reporting be put in place to capture when and if a user elects not to encrypt information CREDANT Technologies, Inc. All rights reserved. PAGE 4 of 9 For more information contact

5 While this will not usually be a cause for concern, in the event of a breach, or if that user comes under suspicion of some form of insider attack, the ability to quickly determine if they have been routinely copying information to non-encrypted sources could be important. Furthermore, as a user is deprovisioned from the organization, knowing what, if any, non-encrypted information they may possess is very important to ensuring safe information management. What to look for in a solution Having discussed the concerns regarding removable media security and some of the types of technical controls and policies that can be put in place, it is worth reviewing what capabilities and features should be present in an ideal removable media encryption management solution in order to provide both the greatest degree of flexibility to integrate with existing security and operational processes and maximum security to prevent a breach. In this section, the capabilities discussed will be: Encryption strength Key management Key recovery Ease of use Ease of deployment Reliability Portability Device awareness Integration Remote Key Deletion Reporting and Auditing Each of these areas of capabilities is important and should be used in order to evaluate the suitability of a proposed solution. However, the relative importance of each of these areas will vary depending on your organizational structure, type of data to be secured, business expectations and needs, and regulatory pressures. Encryption Strength The capability to encrypt, and therefore protect, information on removable media is core to the operation of any encryption management solution. However, variations in encryption strength are unlikely to differ significantly between solutions. As a basic requirement, expect to see industry standard encryption algorithms such as AES (128 and 256), 3DES, or Rijndael (128 and 256). One consideration for US Federal Government agencies, or organizations that work with them, is to check for FIPS validation of the algorithm implementation. As the primary concern for removable media is that the device will be lost while containing sensitive information, the ability to perform remote key destruction (see later) may be more important than the specifics of the encryption solution as this will close the main vulnerability of most solutions. Key management Key management is ultimately the primary problem for all encryption programs. Keys must be readily available when needed by the legitimate data owner, but protected from illegal access. They must be securely stored, yet easily retrievable. Furthermore, in the event that the end user forgets their key, simple recovery of the data is a must. The ideal solution will enforce the appropriate key strength and provide centralized storage (escrow) of the keys. This will allow the end user to select his own key, but to have a copy of the key stored centrally. This central store has a number of benefits: 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 5 of 9 For more information contact

6 It ensures that a copy of the key is available if the user forgets it. It enables administrators to access the information if the user leaves the organization. The process of centrally storing the key ensures that an audit record is kept of the fact that the device has been encrypted. It alleviates the user from having to enter the key every time the device is used within the corporate network. If the key is centrally stored, the encryption management solution should be able to retrieve it automatically as soon as the device is attached to a computer, it will authenticate the user based on their network credentials, and then provide seamless access to the information while maintaining full security. Such seamless access goes a long way to alleviating some of the challenges to encryption projects discussed in part one of this white paper series. Key Recovery As previously mentioned, one of the advantages of centrally storing the encryption key is that it allows for simpler key recovery in the event that a user is off-site and has forgotten the key they assigned to that device. However, the ideal solution would also allow for a degree of key recovery to take place completely autonomously from the central help desk function. In this case, the user would be prompted with pre-selected questions that would enable a challenge-response key recovery. This provides the user with a significant degree of autonomy, it reassures the end user community that they can maintain access to their data in the event that they are remote and unable to remember their key, and it reduces the workload on the central helpdesk functions. An optional, but potentially important, function is to enable a partial or complete lock-out of the device in the event that the user fails to access it a certain number of times. In such a situation, a cool-down period should be enforced (to reduce the costeffectiveness of brute force attacks) or if a complete lock-out is desired, this is achieved by destroying the local key on-device. If the key is destroyed, then the data should still be recoverable if accessed within the organizational network (see the section on central key management.) In some circumstances, it may become important to determine who the owner of the device is in order to recover the information for example, when a device is found but the owner does not know it has been lost. In such a case key recovery is again facilitated by the use of the centrally managed key escrow services of a solution. In the event that a user still needs help accessing a removable device, the help desk team should be able to issue a one-time key that provides access to that device for one instance, to allow a password reset. This enables the end user to access information, while maintaining appropriate security (as the help desk staff cannot use that temporary access key at a later date.) Easy to use While the primary objective of any encryption project is to protect data, a secondary objective should be to minimize the impact on end-user operations wherever possible. As such, any removable media encryption product should be easy for end users to use. Primarily it should: Minimize their need for interaction with the encryption solution Wherever possible rely on central key stores to decrypt data Enable users (where appropriate) to maintain non-en CREDANT Technologies, Inc. All rights reserved. PAGE 6 of 9 For more information contact

7 crypted information on the removable media if allowed (such as music files, personal information, etc) Provide simple key recovery that the user can initiate themselves Provide fast encryption of data on the device Protect the user from accidentally corrupting information if they remove the device during encryption As much as possible, operate completely transparently Reducing end-user impact will go a long way to eliminating some of the problems that encryption programs have faced in the past, as discussed in the first part of this white paper series. Easy to manage and deploy While reducing the impact to end users is important, reducing and streamlining the workload for deploying and managing the removable media encryption solution is also an important consideration especially when administrator time is at a premium. Ideally, the removable media encryption should operate seamlessly within the broader framework of encryption management across the enterprise, including full disk encryption, mobile device encryption, OS-level encryption and so on. As discussed, central management of keys and user-enabled key recovery will reduce much of the typical day-to-day burden on administrators and help-desk staff. Likewise, robust and recoverable encryption processes that do not cause problems if interrupted by the user are also important to eliminate unnecessary calls to the support desk. Central, simple deployment of policies and software will also reduce the workload of enforcing data protection policies as will centralized reporting and auditing (as discussed later in this section.) Reliable for end users when encrypting their devices As end-users begin the encryption process for information on removable media, it is essential that the solution in place is sufficiently reliable in that it will: Ensure the enforcement of policies for removable media use, even if not connected to the corporate network Provide rapid and reliable encryption of data that is to be protected Be sufficiently resilient in the event that a user removes the device during the encryption process The last point is especially important. Users may decide to postpone encryption and simply pull the device out of the endpoint. If the encryption solution is not sufficiently robust and able to recover, this can result in the device becoming unreadable and all information on it will be lost. Portability Making information easy to transfer is the reason that users employ removable media. As such, it is necessary to provide an encryption solution that will enable access to the information in a variety of circumstances (depending on your organizational policy see part one of this whitepaper series for a discussion on policy choices.) Ideally the solution should support: Usage within the corporate network normal use of the device within the perimeter Usage external to the corporate network or use outside of the network perimeter, on non-protected systems such as home computers Blocking of access that is external to the corporate network the option to prevent access to a device on a non-protected endpoint, to reduce the risk of information loss on a third-party system Flexibility to enforce some or all of these options is highly desirable. As discussed earlier, different groups of users may require different access policies and it is likely that you will need to enforce some of the above 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 7 of 9 For more information contact

8 within different organizational groups to meet your goals. While portability of the data is important, another consideration is portability of the device itself. Many users will rely on dedicated USB flash drives however others may need to use such things as SD or XD cards. The encryption solution should be able to encrypt only the necessary information on the card without changing the fundamental operation of the storage device (which may render it unusable as a camera card etc.) Finally, cross-platform support may be desirable, supporting the need to take encrypted information from a Windows PC and move it to a Mac OS/X system seamlessly. Device aware Having an encryption solution that is device-aware is important in preventing accidental damage to mobile devices, which may appear as removable media. For example, some smartphones may connect through the USB interface and attempting to enforce encryption on them can result in damage to those systems that may be unrecoverable. The encryption management solution should be able to distinguish different types of device, and apply only those applicable policies to ensure minimum impact on the end-user. Integrated with broader encryption solutions Integration with the broader encryption management strategy has been mentioned a number of times already in this paper, but is worth discussing briefly here. By providing a centralized method for enforcing policy, managing encryption controls, and auditing and reporting, a single encryption management solution should be able to provide both a more complete view of organizational risk reduction and less workload in managing encryption. One central set of management tools provides the best way to ensure that no areas are left unmanaged, and therefore vulnerable, and that auditors and compliance offers have a greater degree of confidence that policy is being enforced wherever sensitive data resides. This is especially important in the event of a breach covered under regulations such as the US HIPAA/HITECH acts, which mandate what can be expensive breach disclosure requirements if the breached organization is unable to prove that the information was encrypted. Remote Key Deletion In the event that an end user loses a storage device, it is certainly desirable to ensure that the device is not amenable to attack. A couple of options have already been discussed under the section on key recovery namely to allow a limited number of tries to enter the key, after which either a cool-down period is enforced or the key is actually deleted entirely, rendering the information unreadable. While this latter option does provide better protection, it can also cause legitimate users to be unable to access their information. Ideally, the encryption management solution should allow for subsequent recovery even if the key is deleted. So if the device is recovered (or the user brings it in to the corporate environment,) the information on it can be unencrypted using the escrowed, centrally-stored key. Reporting and auditing Reporting is an essential element of any security solution the removable media encryption management solution should provide reporting capabilities sufficient to meet the requirements of your compliance officers and auditors. Such reporting should be able to provide at-a-glance information on devices encrypted and user activity (such as electing to not encrypt certain devices if that is permissible.) Furthermore, this reporting should be included in the broader encryption management reporting, in order 2010 CREDANT Technologies, Inc. All rights reserved. PAGE 8 of 9 For more information contact

9 to present auditors and senior stakeholders with as comprehensive a view as possible of organizationwide risk with respect to critical data. Conclusion With the ever-expanding mobility of the enterprise, data threats are introduced anywhere from the home office to the cyber café, causing exposure of highly sensitive corporate data. The demand for a highly mobile workplace is only going to increase, so implementation of removable media encryption is a must. As your corporation becomes more and more mobile, implementing removable media encryption, and following best practices in doing so, is becoming imperative in keeping your enterprise clear of potential data breach. For more information on how CREDANT Technologies can help you formulate and enforce policies to protect information on removable media, please visit our website at CREDANT Technologies Dallas Parkway, Suite 1420, Addison, Texas USA UK & EMEA, 88 Kingsway, London, WC2B 6AA, United Kingdom US: 866-CREDANT ( ) or UK: phone +44 (0) fax +44 (0) For more information: CREDANT Technologies, Inc. All rights reserved. CREDANT Technologies, CREDANT, We Protect What Matters, Intelligent Encryption, and the CREDANT logo are, or will be, registered trademarks of CREDANT Technologies, Inc. All other trademarks, service marks, and/or product names are the property of their respective owners. Product information is subject to change without notice.

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

Removable Media Best Practices

Removable Media Best Practices WHITE PAPER PART ONE Business-aligned Security Strategies and Advice WWW.CREDANT.COM Introduction The nature of business information technology is at a crossroads. On the one hand, pressure to enforce

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Mobile Data Security Essentials for Your Changing, Growing Workforce

Mobile Data Security Essentials for Your Changing, Growing Workforce Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

Kaspersky Lab s Full Disk Encryption Technology

Kaspersky Lab s Full Disk Encryption Technology Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Media Device Encryption

Media Device Encryption Media Device Encryption The age of portable media has brought us a plethora of mobile media devices that allow information to be easily transported from place to place. Though portable media devices like

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information

Navigating Endpoint Encryption Technologies

Navigating Endpoint Encryption Technologies Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE

TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at

More information

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise

More information

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the

More information

etoken Single Sign-On 3.0

etoken Single Sign-On 3.0 etoken Single Sign-On 3.0 Frequently Asked Questions Table of Contents 1. Why aren t passwords good enough?...2 2. What are the benefits of single sign-on (SSO) solutions?...2 3. Why is it important to

More information

Encryption Buyers Guide

Encryption Buyers Guide Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from

More information

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology 20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business

More information

Securing Data on Portable Media. www.roxio.com

Securing Data on Portable Media. www.roxio.com Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7

More information

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions. Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory

More information

White Paper: Whole Disk Encryption

White Paper: Whole Disk Encryption How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................

More information

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd. www.cryptomill.com

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd. www.cryptomill.com SEAhawk CryptoMill CryptoMill Technologies Ltd. www.cryptomill.com OVERVIEW S EAhawk is an endpoint and removable storage security solution for desktop PCs and laptops running the Microsoft Windows operating

More information

Aegis Padlock for business

Aegis Padlock for business Aegis Padlock for business Problem: Securing private information is critical for individuals and mandatory for business. Mobile users need to protect their personal information from identity theft. Businesses

More information

Samsung SED Security in Collaboration with Wave Systems

Samsung SED Security in Collaboration with Wave Systems Samsung SED Security in Collaboration with Wave Systems Safeguarding sensitive data with enhanced performance, robust security, and manageability Samsung Super-speed Drive Secure sensitive data economically

More information

Best Practices for Protecting Laptop Data

Best Practices for Protecting Laptop Data Laptop Backup, Recovery, and Data Security: Protecting the Modern Mobile Workforce Today s fast-growing highly mobile workforce is placing new demands on IT. As data growth increases, and that data increasingly

More information

AD Management Survey: Reveals Security as Key Challenge

AD Management Survey: Reveals Security as Key Challenge Contents How This Paper Is Organized... 1 Survey Respondent Demographics... 2 AD Management Survey: Reveals Security as Key Challenge White Paper August 2009 Survey Results and Observations... 3 Active

More information

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience IDENTITY & ACCESS Privileged Identity Management controlling access without compromising convenience Introduction According to a recent Ponemon Institute study, mistakes made by people Privilege abuse

More information

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization Understanding Northwestern University s contract with Symantec Symantec Solutions for Cost Reduction & Optimization Chris Hagelin and Shane Scholes Symantec Account Manager and Symantec Sales Engineer

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P: 222.333.4444 Working Together Managing and Securing Enterprise Mobility WHITE PAPER Larry Klimczyk Digital Defence P: 222.333.4444 Contents Executive Summary... 3 Introduction... 4 Security Requirements... 5 Authentication...

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Innovative Secure Boot System (SBS) with a smartcard.

Innovative Secure Boot System (SBS) with a smartcard. Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable

More information

IBM Data Security Services for endpoint data protection endpoint encryption solution

IBM Data Security Services for endpoint data protection endpoint encryption solution Protecting data on endpoint devices and removable media IBM Data Security Services for endpoint data protection endpoint encryption solution Highlights Secure data on endpoint devices Reap benefits such

More information

PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1

PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1 Executive Summary PORTABLE DATA STORAGE SECURITY INFORMATION FOR CIOs/CSOs Best Before November 2011 1 In today s business environment, managing and controlling access to data is critical to business viability

More information

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption OVERVIEW Data is one of the most important assets within organizations, second perhaps

More information

etoken TMS (Token Management System) Frequently Asked Questions

etoken TMS (Token Management System) Frequently Asked Questions etoken TMS (Token Management System) Frequently Asked Questions Make your strong authentication solution a reality with etoken TMS (Token Management System). etoken TMS provides you with full solution

More information

Protecting Data-at-Rest with SecureZIP for DLP

Protecting Data-at-Rest with SecureZIP for DLP Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED

More information

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved.

GoldKey Software. User s Manual. Revision 7.12. WideBand Corporation www.goldkey.com. Copyright 2007-2014 WideBand Corporation. All Rights Reserved. GoldKey Software User s Manual Revision 7.12 WideBand Corporation www.goldkey.com 1 Table of Contents GoldKey Installation and Quick Start... 5 Initial Personalization... 5 Creating a Primary Secure Drive...

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

PGP Universal Server 2.5 SmartLine DeviceLock 6.2 PGP Integration Guide October 2007 PGP Universal Server 2.5 SmartLine DeviceLock 6.2 Version 1.0 2 Table of Contents INTRODUCTION...3 STRUCTURE...3 CAVEATS...4 POLICY OVERVIEW...4 SPAN OF CONTROL...4 COMPUTER

More information

IRONKEY CASE STUDIES. Healthcare Solutions

IRONKEY CASE STUDIES. Healthcare Solutions IRONKEY CASE STUDIES Healthcare Solutions HEALTHCARE Business Problem Healthcare providers, insurers and pharmaceutical companies, have a lengthening list of regulations and standards on protecting confidential

More information

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012 SafeGuard Enterprise Web Helpdesk Product version: 6 Document date: February 2012 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Helpdesk

More information

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery.

For Managing Central Deployment, Policy Management, Hot Revocation, Audit Facilities, and Safe Central Recovery. Investment and Governance Division 614.995.9928 tel Ted Strickland, Governor 30 East Broad Street, 39 th Floor 614.644.9152 fax R. Steve Edmonson, Director / State Chief Information Officer Columbus, Ohio

More information

Kaseya IT Automation Framework

Kaseya IT Automation Framework Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation

More information

Addressing the Data Protection Requirements of the HITECH Act

Addressing the Data Protection Requirements of the HITECH Act Addressing the Data Protection Requirements of the HITECH Act Simplifying data protection for healthcare industry compliance with endpoint encryption Trend Micro, Incorporated A Trend Micro White Paper

More information

Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?

Do standard tools meet your needs when it comes to providing security for mobile PCs and data media? Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00

More information

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution NOTICE This Technology Brief may contain proprietary information protected by copyright. Information

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief RSA SecurID Authentication in Action: Securing Privileged User Access RSA SecurID solutions not only protect enterprises against access by outsiders, but also secure resources from internal threats The

More information

identity management in Linux and UNIX environments

identity management in Linux and UNIX environments Whitepaper identity management in Linux and UNIX environments EXECUTIVE SUMMARY In today s IT environments everything is growing, especially the number of users, systems, services, applications, and virtual

More information

BRING YOUR OWN DEVICE. Protecting yourself when employees use their own devices for business

BRING YOUR OWN DEVICE. Protecting yourself when employees use their own devices for business BRING YOUR OWN DEVICE Protecting yourself when employees use their own devices for business Bring Your Own Device: The new approach to employee mobility In business today, the value put on the timeliness

More information

A Comprehensive Plan to Simplify Endpoint Encryption

A Comprehensive Plan to Simplify Endpoint Encryption A Comprehensive Plan to Simplify Endpoint Encryption Managing SEDs, BitLocker, and FileVault Together from the Cloud Executive Summary Encryption is an essential component of any information security plan.

More information

Self-Encrypting Hard Disk Drives in the Data Center

Self-Encrypting Hard Disk Drives in the Data Center Technology Paper Self-Encrypting Hard Disk Introduction At least 35 U.S. states now have data privacy laws that state if you encrypt data-at-rest, you don t have to report breaches of that data. U.S. Congressional

More information

How Cloud Computing Can Accelerate Endpoint Encryption:

How Cloud Computing Can Accelerate Endpoint Encryption: How Cloud Computing Can Accelerate Endpoint Encryption: Managing Self-Encrypting Drives in the Cloud Executive Summary Cloud computing is transforming IT for businesses of all sizes, but not without significant

More information

Centralized Self-service Password Reset: From the Web and Windows Desktop

Centralized Self-service Password Reset: From the Web and Windows Desktop Centralized Self-service Password Reset: From the Web and Windows Desktop Self-service Password Reset Layer v.3.2-007 PistolStar, Inc. dba PortalGuard PO Box 1226 Amherst, NH 03031 USA Phone: 603.547.1200

More information

Service Overview CloudCare Online Backup

Service Overview CloudCare Online Backup Service Overview CloudCare Online Backup CloudCare s Online Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

WHITE PAPER Achieving Continuous Data Protection with a Recycle Bin for File Servers. by Dan Sullivan. Think Faster. Visit us at Condusiv.

WHITE PAPER Achieving Continuous Data Protection with a Recycle Bin for File Servers. by Dan Sullivan. Think Faster. Visit us at Condusiv. WHITE PAPER Achieving Continuous Data Protection with a Recycle Bin for File Servers by Dan Sullivan 01_20131025 Think Faster. Visit us at Condusiv.com WITH A RECYCLE BIN FOR FILE SERVERS 2 Article 1:

More information

Service Overview. Business Cloud Backup. Introduction

Service Overview. Business Cloud Backup. Introduction Service Overview Business Cloud Backup Techgate s Business Cloud Backup service is a secure, fully automated set and forget solution, powered by Attix5, and is ideal for organisations with limited in-house

More information

Managing BitLocker With SafeGuard Enterprise

Managing BitLocker With SafeGuard Enterprise Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

The problem with privileged users: What you don t know can hurt you

The problem with privileged users: What you don t know can hurt you The problem with privileged users: What you don t know can hurt you FOUR STEPS TO Why all the fuss about privileged users? Today s users need easy anytime, anywhere access to information and services so

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

A Strategic Approach to Enterprise Key Management

A Strategic Approach to Enterprise Key Management Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

9 Steps to Data Security

9 Steps to Data Security Sensitive data - from trade secrets to customer data - is more valuable and so more vulnerable than ever. The challenges are significant from the complexity of deployment, to managing PCs and Macs, to

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

White Paper. Keeping Your Private Data Secure

White Paper. Keeping Your Private Data Secure WHITE PAPER: Keeping Your Private Data Secure White Paper Keeping Your Private Data Secure Keeping Your Private Data Secure Contents Keeping Your Private Data Secure............................ 3 Why Encryption?......................................

More information

Why Digital Certificates Are Essential for Managing Mobile Devices

Why Digital Certificates Are Essential for Managing Mobile Devices WHITE PAPER: WHY CERTIFICATES ARE ESSENTIAL FOR MANAGING........... MOBILE....... DEVICES...................... Why Digital Certificates Are Essential for Managing Mobile Devices Who should read this paper

More information

Data Protection Simple. Compliant. Secure. CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co.

Data Protection Simple. Compliant. Secure. CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co. Data Protection Simple. Compliant. Secure CONTACT US Call: 020 3397 9026 Email: Support@jms-securedata.co.uk Visit: www.jms-securedata.co.uk COMPLEX CHALLENGES SIMPLE SOLUTIONS Backups Tricky but necessary

More information

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

Strengthen Security and Accountability of Multi-Vendor Voice Systems

Strengthen Security and Accountability of Multi-Vendor Voice Systems WhitePaper Strengthen Security and Accountability of Multi-Vendor Voice Systems HOW UNIFIED VOICE ADMINISTRATION CAN HELP REDUCE EXPOSURE TO CORPORATE SECURITY RISKS. Executive Summary Network security

More information

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing

More information

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery Overview Password Manager Pro offers a complete solution to control, manage, monitor and audit the entire life-cycle of privileged access. In a single package it offers three solutions - privileged account

More information

Blaze Vault Online Backup. Whitepaper Data Security

Blaze Vault Online Backup. Whitepaper Data Security Blaze Vault Online Backup Version 5.x Jun 2006 Table of Content 1 Introduction... 3 2 Blaze Vault Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 256-bit SSL communication... 4 2.2 Backup

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Built-in Security to Protect Sensitive Data without Sacrificing Performance What is an SED? A self-encrypting drive performs

More information

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme

Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme Compliance series Guide to meeting requirements of the UK Government Cyber Essentials Scheme avecto.com Contents Introduction to the scheme 2 Boundary firewalls and internet gateways 3 Secure configuration

More information

USB Portable Storage Device: Security Problem Definition Summary

USB Portable Storage Device: Security Problem Definition Summary USB Portable Storage Device: Security Problem Definition Summary Introduction The USB Portable Storage Device (hereafter referred to as the device or the TOE ) is a portable storage device that provides

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Top Four Considerations for Securing Microsoft SharePoint

Top Four Considerations for Securing Microsoft SharePoint Top Four Considerations for Securing by Chris McCormack, Product Marketing Manager, Sophos is now the standard for internal and external collaboration and content management in much the same way Microsoft

More information

RSA SecurID Two-factor Authentication

RSA SecurID Two-factor Authentication RSA SecurID Two-factor Authentication Today, we live in an era where data is the lifeblood of a company. Now, security risks are more pressing as attackers have broadened their targets beyond financial

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security

More information

Executive Summary P 1. ActivIdentity

Executive Summary P 1. ActivIdentity WHITE PAPER WP Converging Access of IT and Building Resources P 1 Executive Summary To get business done, users must have quick, simple access to the resources they need, when they need them, whether they

More information

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications SOLUTION BRIEF: PROTECTING ACCESS TO THE CLOUD........................................ How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications Who should read this

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

Keep Your Data Secure: Fighting Back With Flash

Keep Your Data Secure: Fighting Back With Flash Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up

More information

Email Archiving, Retrieval and Analysis The Key Issues

Email Archiving, Retrieval and Analysis The Key Issues Email Archiving, Retrieval and Analysis The "If you are going to find a smoking gun, you will find it in email." Abstract Organisations are increasingly dependent on email for conducting business, internally

More information

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview

Are You in Control? MaaS360 Control Service. Services > Overview MaaS360 Control Overview Services > Overview MaaS360 Control Overview Control Over Endpoints Ensure that patches and security software on laptops and distributed PCs are always up to date. Restart applications automatically. Block

More information

SafeGuard Enterprise Web Helpdesk

SafeGuard Enterprise Web Helpdesk SafeGuard Enterprise Web Helpdesk Product version: 5.60 Document date: April 2011 Contents 1 SafeGuard web-based Challenge/Response...3 2 Installation...5 3 Authentication...8 4 Select the Web Help Desk

More information