Navigating Endpoint Encryption Technologies

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Navigating Endpoint Encryption Technologies"

Transcription

1 Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND.

2 Introduction With so many options for endpoint encryption, which one is the right one for your organization? Understand the difference between the technologies to find the right solution for your environment and understand the benefits and drawbacks of each. Learn about Dell s new encryption solution, Dell Data Protection Encryption, that helps enable high levels of protection with low levels of impact on your infrastructure and processes. Most of today s endpoint encryption technologies can generally be divided into three categories: Software full disk encryption File and folder encryption Self-encrypting drives In this whitepaper, we ll explain, at a high level, how each of these technologies work and give you guidelines to evaluate encryption solutions so you understand which one may be right for your organization. Software full disk encryption Software full disk encryption (FDE) is a type of encryption that usually encrypts all sectors of a hard drive, except critical files required for boot processes. There are many versions of the technology, but the goal is to protect data from unauthorized users. Implementations of FDE all rely on one consistent boot method used since the introduction of the original IBM PC. In order to boot without a unique BIOS assisted method, there must be a master boot record (MBR) located at a defined side-track-sector on a designated active and bootable disk to initiate a traditional BIOS boot. This MBR (a 512-byte sector on the drive) is responsible for initiating the boot loader. Control is passed to the boot loader that loads a kernel to initiate the file system manager and activate a set of device drivers capable of communicating with basic boot and user interface devices. Implementations vary, but the earliest point at which encryption could begin is within the boot loader, meaning that the MBR remains unencrypted in most implementations of encryption. However, the amount of un-encrypted space on the boot drive varies by implementation. Typically, software FDE implementations load a Linux operating system as part of a real time operating system (RTOS) to enable a degree of customization in the boot process and a less vulnerable attack target. However, the boot method doesn t change. The master boot record of the user operating system is replaced by the encrypting operating system s master boot record and the requirements of the boot operating system s MBR are no different than the user operating system s MBR. The boot operating system then loads the encrypted user operating system. As the user operating system loads, the boot operating system may act as a filter for the user operating system storage transactions by intercepting storage device requests and encrypting or decrypting as required. Other implementations may install hooks on key user operating system APIs, kernel components and/or drivers during the installation of the product. Methods of accomplishing the initial encryption vary by implementation. Most occur as a background task and encrypt silently. Software FDE usually encrypts 100 percent of the drive, minus what is required for the boot process. Implementations are seldom partition aware. If multiple operating system support is required, ensure that the FDE solution supports both operating systems. Also, there is frequently an installation order requirement. While encryption is taking place, some FDE solutions have a small window of data corruption potential. A typical encryption sequence first builds a progress table. The encryption process then reads an unencrypted sector, encrypts the sector and writes it to the storage device, changes the file system link(s), updates the progress table and repeats until end of disk. If the system is in use, system requested sector reads and writes are compared against the progress mark for encryption requirements. Vendors corruption window will vary by the success of methods used to abate the corruption potential. A best 2

3 practice is to enable the encryption and schedule the initial encryption for a time when the system will be unused and allowed to complete in one session. Available solutions frequently include value-add features such as user authentication capabilities for fingerprint, smartcards, multi-factor, facial recognition and other technologies not commonly available from out-of-the-box operating systems. When choosing an FDE solution, authentication methods and management for authentication recovery and migration, forgotten passwords and lost access tokens must be considered. FDE solutions may make it difficult to manage the user operating system because the FDE software must be configured to enable management of the user operating system. The management interface for FDE is usually proprietary and requires a separate vendor console to manage it. Recovery and migration have unique implementations and requirements as there are no industry standards for FDE. Key management varies based on the implementation and may or may not support specific enterprise key management architectures. It is also recommended that customers defragment their hard drives and run Checkdisk several times to ensure smoother deployments. 1 File and folder encryption File and folder encryption differs from FDE in that only user files and folders are encrypted, while applications and the operating system are not encrypted. Though simple in concept, implementation can be daunting. Temporary files created by applications, file and folder copy and paste, print to file, screen copy and paste, back-up files and page and swap files must also be encrypted as these all contain user data. File and folder encryption is attractive in that it enables features not found in FDE solutions. Flexible key policies can be defined on a per folder, file type, base user or user basis. Keys are only required to remain in memory for as long as the file is open and are then discarded. When files are backed up to a secondary drive, those files can also be encrypted. Performance on a file and folder encrypted drive is typically higher than the performance of a software FDE solution. Management of the file and folder drive is simplified because there is no additional encryption of the operating system or applications to authenticate to and manage. Authentication in the file and folder solution is frequently native to the operating system and encryption is conducted as a background task. Unlike FDE, only sectors allocated to user files and data are encrypted so sectors that are never used for data storage will not be encrypted. Since the file system tables are not encrypted, the file and folder susceptibility to a corrupted file system is much smaller compared to FDE and can frequently be repaired without the user ever knowing there may have been a problem. With file-based encryption, it is also possible to protect removable media with the same solution you use to protect data on the system s main disk. Self-encrypting drives (SED) Self-encrypting drives represent a class of storage devices where encryption capability is internal to the device using an encryption accelerator that handles encryption processes. The standard interface for these devices is defined by the Trusted Computing Group s Opal Security Subsystem Class Specification 1.0. These devices support the standard SATA or Opal interface. If the encrypted mode is enabled, communicating with the drive requires a slightly different path initially, but once unlocked, the interface is standard SATA. Opal specifies either 128 or 256 bit AES encryption support and the encryption key is contained within the drive electronics and never released

4 To enable SED, commands are sent to the drive to configure it for encrypted operation. A small partition on the drive is created or enabled to store the boot code, which authenticates the user to the drive. At set-up time, vendor-specific software is loaded that allows a remote or local management console to administer encryption policies and audit capabilities. The Opal specification does not define the interface to this boot code, only the interface between the code and the drive. During BIOS boot, communication is between the vendor SED boot code and BIOS, not BIOS and the operating system s master boot record. The boot code authenticates the user to the drive then transitions to normal boot operation. Typically, there is no performance degradation using SED drives as hardware encryption acceleration outperforms drive performance. Since the encryption key never leaves the drive, there is no key backup. Authentication back-up must be used in place of key backup and restore tools must be capable of restoring the SED authentication sequence. Restore tools, features, method, management and capabilities are specific to the SED management vendors. Also, SEDs currently command a hefty premium. Encryption auditing capabilities No matter which implementation of encryption your organization deploys, make sure that audit capability is part of the management console. As a requirement of governance law (Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act and/or state and local requirements), special attention must be given to obtaining proof of data encryption for the purpose of exemption from breach disclosure notification. 2 The management console should have the capability to run a report against the database to determine whether or not a specific system s data was encrypted. Dell Data Protection Encryption Dell recently introduced Dell Data Protection Encryption (DDPE), a file-based encryption implementation that adds the best features of FDE and file and folder encryption. From the FDE solution, DDPE implements the richness of a Microsoft Windows authentication process without the overhead of a RTOS. DDPE does not encrypt the files necessary for booting the Windows environment, as with other encryption implementations. This means you don t have to manage a RTOS in addition to Windows administration processes. It also makes patch management easier and observes the Windows user/administrator rights and privileges hierarchy natively. The authentication of users prior to the boot process (outside of the Windows authentication environment), a self-encrypting drive feature, is accomplished using Dell s pre-boot authentication options that originate from within BIOS using Dell Security Manager. Dell has a rich solution space that not only enables passwords, but also token and biometric devices. Wizards available within the Windows environment will walk you through the set-up and enablement process or can be remotely managed. Token and biometric devices can be set up to log the user in from within a BIOS environment all the way through and into Windows. DDPE offers an interesting hybrid software FDE model of file based encryption. The model uses two set of encryption keys a common key for the operating system and unique key tied to the end user for data. It allows IT to authenticate to the common key for the OS to patch and repair any issues without exposing the user data. When the end user authenticates to a system, both keys are released giving that individual full access to their system and data. With this hybrid model, it is easier to manage the operating system or applications without unique encryption management requirements. When an encrypted drive is attached to a separate system as a secondary storage device, all data but the boot files are protected, same as the FDE environment. This provides a double layer of security, where if a possible attacker got through the common key, the user 2 D0B0998A3BDCF381/SED%20Solutions%20for%20Data%20Security_May pdf 4

5 data is still protected with a key that is unique to the end user. The hybrid model is also capable of using different data keys for different users as determined at authentication. System performance for this hybrid model is similar to that of an FDE environment. The management console has advanced options that allow customers to create and enforce policies based on their needs. From a file and folder implementation, DDPE implements file encryption and there is no need to consume time and system resources encrypting empty sectors. As sectors are consumed, they are encrypted appropriately and deleted file data remains encrypted. You can choose to encrypt all data on the drive (minus the MBR) if that is the level of protection required using advanced template options within the management console. Factory recovery and diagnostics partitions are, by default, not encrypted. If needed, advanced options enable you to modify this implementation feature. The common misperception of file-based encryption is that there may be end user intervention required to encrypt data. With DDPE, there is no end user intervention required. DDPE implements a file system filter that interacts with Windows at the file system level and when Windows sends a request to either access or create a file (or data), it goes through the filter. That is the layer where policy is enforced. It encrypts all file types that contain data, including source files and temporary files created by applications, file and folder copy and paste, print to file, screen copy and paste, back-up files and page, and swap files. In addition to protecting the system disk, DDPE can also encrypt removable media, or basically any drive that Windows reads as a drive letter, including optical media. The implementation provides customers the capability to enforce policies for how removable media is handled: Enforce password and password strength for sharing Enforce number of times a password can be tried before locking it down Do not allow media sharing Scan media to enforce encryption Set read-only policies Audit encryption state Compliance is a top concern for customers and DDPE helps make it easy with templates that allow customers to quickly setup policies based on their needs. These are designed for customers that may have little or no IT resource and as a starting point for power users who can customize the templates further. The levels of protection include: Basic Protection for system, fixed and/or removable drives: Encrypt using a common key all or some of fixed drives and system drive with a prompt to encrypt removable media. Aggressive Protection for All Drives: Application and data are encrypted with a user key (vs. common key). HIPAA Targeted: Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare organizations implement a number of technical safeguards to protect the confidentiality and integrity of all individually identifiable health information. All Fixed Drives are protected using System Data Encryption (SDE) policies and Application and User Data are encrypted with a common Key. This template enables Removable Storage policies. Data Breach Regulatory Targeted: The Sarbanes-Oxley Act requires adequate controls for financial information. Because much of this information resides in electronic format, encryption is a key control point when this data is stored or transferred. The Gramm-Leach-Bliley (GLB) Act (also known as the Financial Services Modernization Act) guidelines do not require encryption. However, the Federal Financial Institutions Examination Council (FFIEC) recommends that, "Financial institutions should employ encryption to mitigate the risk of disclosure or alteration of sensitive information in storage and transit." California Senate Bill 1386 (California's Database Security Breach Notification Act) aims to protect California residents from identity theft by requiring organizations that have had computer security breaches to notify all affected individuals. The only way an organization can avoid notifying customers is to be able to prove all personal information was encrypted prior to a security breach. All Fixed Drives are protected 5

6 using System Data Encryption (SDE) policies. Application and User Data is encrypted with the Common Key. This template enables Removable Storage policies. PCI Data Security Standard Targeted: Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design, and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data. All Fixed Drives are protected using System Data Encryption (SDE) policies. Application and User Data is encrypted with the Common Key. This template enables Removable Storage policies. The right solution for you Now that we have explored the various technologies you can use to protect your systems and removable media, which one is right for you? There are critical four factors to consider: Legacy system support: You need to consider what you have to support in your environment. FDE and file-and-folder encryption will work with new and legacy systems. SED requires more consideration because in medium-to-large environments there may not be 100 percent penetration of SEDs across the deployment. You may have to deploy a SED implementation and a different FDE or file and folder implementation with separate management consoles to support SED and non-sed drives. If you never deploy 100 percent SED, you may need to use two solutions indefinitely. Deployment: Also consider the ease of deployment. With FDE, most vendors recommend running Checkdisk and defrag to produce contiguous files where possible to prevent possible deployment stalls or system errors. With file-based solutions, like DDPE, you simply deploy an agent and enforce policy in a way that transparent to end users. Removable media: FDE and SED solutions may require a separate solution for protecting removable media so it is important to understand the risk that external storage poses to your organization. DDPE can provide a similar level of protection as FDEs and also provides protection for the system drive and removable media. Flexibility: Generally speaking, there is one choice for FDE and SED encryption policy enforcement encrypt or not. With file-based solutions, like DDPE, there are numerous options for handling policy enforcement based on user, data sensitivity, user groups and more. That same flexibility carries over to removable media as well. Management, audit and enforcement capability: Ensure that the tool you use has comprehensive management, reporting and enforcement capability so that you create a policy, detect devices, enforce the policy and audit encryption state of a device or data. Also make sure you evaluate the solution to find out if there are any alterations to the way you manage your assets today (patch management, authentication, etc.). There may be solutions that require a change to your current processes, so make sure you understand that aspect of the solution. With DDPE there may be no changes to the way you manage your current environment. By following the above guidelines, you should have a good idea of what solution will work best for your environment. 6

Data At Rest Protection

Data At Rest Protection Data At Rest Protection Dell Data Protection Encryption Full Volume Encryption Whitepaper October 2011 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL

More information

Kaspersky Lab s Full Disk Encryption Technology

Kaspersky Lab s Full Disk Encryption Technology Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more

More information

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest Full Disk Encryption Drives & Management Software The Ultimate Security Solution For Data At Rest Agenda Introduction Information Security Challenges Dell Simplifies Security Trusted Drive Technology Seagate

More information

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015 Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is

More information

How Drive Encryption Works

How Drive Encryption Works WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................

More information

SecureD Technical Overview

SecureD Technical Overview WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD

More information

DriveLock and Windows 7

DriveLock and Windows 7 Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

White Paper: Whole Disk Encryption

White Paper: Whole Disk Encryption How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................

More information

EMC DATA DOMAIN ENCRYPTION A Detailed Review

EMC DATA DOMAIN ENCRYPTION A Detailed Review White Paper EMC DATA DOMAIN ENCRYPTION A Detailed Review Abstract The proliferation of publicized data loss, coupled with new governance and compliance regulations, is driving the need for customers to

More information

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org

Windows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes

More information

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Pointsec Enterprise Encryption and Access Control for Laptops and Workstations Overview of PC Security Since computer security has become increasingly important, almost all of the focus has been on securing

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

DriveLock and Windows 8

DriveLock and Windows 8 Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise

More information

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise Global security intelligence YoUR DAtA UnDeR siege: DeFenD it with encryption #enterprisesec kaspersky.com/enterprise Contents Your Data Under Siege: Defend it with Encryption 3 Steps Taken to Minimise

More information

Disk Encryption. Aaron Howard IT Security Office

Disk Encryption. Aaron Howard IT Security Office Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance

More information

New Drive Technologies Enable Strong Data Protection Strategies: Managing Self-Encrypting Drives in the Enterprise

New Drive Technologies Enable Strong Data Protection Strategies: Managing Self-Encrypting Drives in the Enterprise New Drive Technologies Enable Strong Data Protection Strategies: Managing Self-Encrypting Drives in the Enterprise Contents Addressing Common Encryption Issues... 2 Always-On Encryption... 2 Timesavings...

More information

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge

More information

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment

Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment Lesson Plans Microsoft s Managing and Maintaining a Microsoft Windows Server 2003 Environment (Exam 70-290) Table of Contents Table of Contents... 1 Course Overview... 2 Section 0-1: Introduction... 4

More information

Firmware security features in HP Compaq business notebooks

Firmware security features in HP Compaq business notebooks HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot

More information

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012

SafeGuard Easy Administrator help. Product version: 6 Document date: February 2012 SafeGuard Easy Administrator help Product version: 6 Document date: February 2012 Contents 1 About Sophos SafeGuard (SafeGuard Easy)...4 2 Getting started...9 3 Installation...16 4 Log on to SafeGuard

More information

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology 20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business

More information

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution 1 Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution Table of Contents What s New? Target Customers Customer Benefits Competitive Positioning Technical Sales Questions General Sales

More information

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege. Defend it with Encryption. 1.0 Keeping up with the

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to implement the ScoMIS Encryption Service for a secondary school. We recommend that the software should be installed onto the laptop by ICT staff; they will then spend

More information

How Endpoint Encryption Works

How Endpoint Encryption Works WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint

More information

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009

Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications

More information

Symantec Drive Encryption for Windows

Symantec Drive Encryption for Windows Symantec Drive Encryption for Windows Technical Note 10.3 Released January 2014. Legal Notice Copyright (c) 2014 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo,

More information

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016 ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government

More information

Did you know your security solution can help with PCI compliance too?

Did you know your security solution can help with PCI compliance too? Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment

More information

WHITE PAPER. Altiris Recovery Products for DELL Customers. Produced By Product Management Altiris. August 6, 2003.

WHITE PAPER. Altiris Recovery Products for DELL Customers. Produced By Product Management Altiris. August 6, 2003. Altiris Recovery Products for DELL Customers Produced By Product Management Altiris August 6, 2003 By Todd Mitchell 2003 Altiris, Inc. All Rights Reserved Altiris Recovery Solution 5.7 Page 2 Notice The

More information

Managing BitLocker Encryption

Managing BitLocker Encryption Managing BitLocker Encryption WWW.CREDANT.COM Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate

More information

Management of Hardware Passwords in Think PCs.

Management of Hardware Passwords in Think PCs. Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction

More information

SecureDoc Disk Encryption Cryptographic Engine

SecureDoc Disk Encryption Cryptographic Engine SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the

More information

Full Drive Encryption Security Problem Definition - Encryption Engine

Full Drive Encryption Security Problem Definition - Encryption Engine 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles

More information

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security

More information

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn

Viewfinity Privilege Management Integration with Microsoft System Center Configuration Manager. By Dwain Kinghorn 4 0 0 T o t t e n P o n d R o a d W a l t h a m, M A 0 2 4 5 1 7 8 1. 8 1 0. 4 3 2 0 w w w. v i e w f i n i t y. c o m Viewfinity Privilege Management Integration with Microsoft System Center Configuration

More information

Security White Paper The Goverlan Solution

Security White Paper The Goverlan Solution Security White Paper The Goverlan Solution The Goverlan Administration Suite (which includes the following modules: Administration & Diagnostics, Remote Control, Scope Actions, and WMIX) is a powerful

More information

Comprehensive Endpoint Security

Comprehensive Endpoint Security Comprehensive Endpoint Security Protecting Data-at-Rest Compliance with data and security regulations Joseph Belsanti Director, Marketing WinMagic Inc. Agenda Key Messages Company Snapshot Evaluation Criteria

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012

Sophos Disk Encryption License migration guide. Product version: 5.61 Document date: June 2012 Sophos Disk Encryption License migration guide Product version: 5.61 Document date: June 2012 Contents 1 About this guide...3 2 Add encryption to an existing Sophos security solution...5 3 SDE/SGE 4.x

More information

UEFI on Dell BizClient Platforms

UEFI on Dell BizClient Platforms UEFI on Dell BizClient Platforms Authors: Anand Joshi Kurt Gillespie This document is for informational purposes only and may contain typographical errors and technical inaccuracies. The content is provided

More information

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer

DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE. By Libby McTeer DELL POWERVAULT LIBRARY-MANAGED ENCRYPTION FOR TAPE By Libby McTeer CONTENTS ABSTRACT 3 WHAT IS ENCRYPTION? 3 WHY SHOULD I USE ENCRYPTION? 3 ENCRYPTION METHOD OVERVIEW 4 LTO4 ENCRYPTION BASICS 5 ENCRYPTION

More information

Hyper-V Protection. User guide

Hyper-V Protection. User guide Hyper-V Protection User guide Contents 1. Hyper-V overview... 2 Documentation... 2 Licensing... 2 Hyper-V requirements... 2 2. Hyper-V protection features... 3 Windows 2012 R1/R2 Hyper-V support... 3 Custom

More information

SafeGuard Enterprise Tools guide

SafeGuard Enterprise Tools guide SafeGuard Enterprise Tools guide Product version: 5.60 Document date: April 2011 Contents 1 About this guide...3 2 Displaying the system status with SGNState...3 3 Reverting an unsuccessful installation

More information

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed

More information

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions Security and Encryption Overview... 2 1. What is encryption?... 2 2. What is the AES encryption standard?... 2 3. What is key management?...

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

Windows BitLocker and Paragon s Backup Solutions

Windows BitLocker and Paragon s Backup Solutions PARAGON Software GmbH Heinrich-von-Stephan-Str. 5c 79100 Freiburg, Germany Tel. +49 (0) 761 59018201 Fax +49 (0) 761 59018130 Internet www.paragon-software.com Email sales@paragon-software.com Windows

More information

SafeGuard Easy startup guide. Product version: 7

SafeGuard Easy startup guide. Product version: 7 SafeGuard Easy startup guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 About Sophos SafeGuard (SafeGuard Easy)...4 2.1 About Sophos SafeGuard (SafeGuard Easy) 7.0...6

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance

An Oracle White Paper June 2009. Oracle Database 11g: Cost-Effective Solutions for Security and Compliance An Oracle White Paper June 2009 Oracle Database 11g: Cost-Effective Solutions for Security and Compliance Protecting Sensitive Information Information ranging from trade secrets to financial data to privacy

More information

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Built-in Security to Protect Sensitive Data without Sacrificing Performance What is an SED? A self-encrypting drive performs

More information

A Guide to Managing Microsoft BitLocker in the Enterprise

A Guide to Managing Microsoft BitLocker in the Enterprise 20140410 A Guide to Managing Microsoft BitLocker in the Enterprise TABLE OF CONTENTS Introduction 2 Why You Can t Ignore Effective FDE 3 BitLocker by Default 4 BitLocker s Total Cost of Ownership 5 SecureDoc

More information

Data Security Using TCG Self-Encrypting Drive Technology

Data Security Using TCG Self-Encrypting Drive Technology Data Security Using TCG Self-Encrypting Drive Technology June 11, 2013 2:00PM EDT Copyright 2013 Trusted Computing Group 1 Copyright 2013 Trusted Computing Group 2 Tom Coughlin, Founder, Coughlin Associates.

More information

solutions Biometrics integration

solutions Biometrics integration Biometrics integration Challenges Demanding access control and identity authentication requirements drive the need for biometrics. Regulations such as Sarbanes-Oxley (SOX), Health Insurance Portability

More information

Installing and Upgrading to Windows 7

Installing and Upgrading to Windows 7 Installing and Upgrading to Windows 7 Before you can install Windows 7 or upgrade to it, you first need to decide which version of 7 you will use. Then, you should check the computer s hardware to make

More information

1. System Requirements

1. System Requirements BounceBack Data Transfer 14.2 User Guide This guide presents you with information on how to use BounceBack Data Transfer 14.2. Contents 1. System Requirements 2. Attaching Your New Hard Drive To The Data

More information

Choosing an SSO Solution Ten Smart Questions

Choosing an SSO Solution Ten Smart Questions Choosing an SSO Solution Ten Smart Questions Looking for the best SSO solution? Asking these ten questions first can give your users the simple, secure access they need, save time and money, and improve

More information

Encryption Buyers Guide

Encryption Buyers Guide Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected

More information

Full Disk Encryption Policy Reference

Full Disk Encryption Policy Reference www.novell.com/documentation Full Disk Encryption Policy Reference ZENworks 11 Support Pack 2 October 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents

More information

Administration Quick Start

Administration Quick Start www.novell.com/documentation Administration Quick Start ZENworks 11 Support Pack 3 February 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of

More information

Encrypting with BitLocker for disk volumes under Windows 7

Encrypting with BitLocker for disk volumes under Windows 7 Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1

More information

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive

More information

ACER ProShield. Table of Contents

ACER ProShield. Table of Contents ACER ProShield Table of Contents Revision History... 3 Legal Notices... 4 Executive Summary... 5 Introduction... 5 Protection against unauthorized access... 6 Why ACER ProShield... 7 ACER ProShield...

More information

HP Commercial Notebook BIOS Password Setup

HP Commercial Notebook BIOS Password Setup HP Commercial Notebook BIOS Password Setup Table of Contents: Introduction... 1 Preboot Passwords... 2 Multiple User Architecture in BIOS... 2 Preboot Password Setup... 3 Password Change... 4 Forgotten

More information

SecureAge SecureDs Data Breach Prevention Solution

SecureAge SecureDs Data Breach Prevention Solution SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal

More information

Compliance and Industry Regulations

Compliance and Industry Regulations Compliance and Industry Regulations Table of Contents Introduction...1 Executive Summary...1 General Federal Regulations and Oversight Agencies...1 Agency or Industry Specific Regulations...2 Hierarchy

More information

Chapter 5: Operating Systems Part 1

Chapter 5: Operating Systems Part 1 Name Period Chapter 5: Operating Systems Part 1 1. What controls almost all functions on a computer? 2. What operating systems will be discussed in this chapter? 3. What is meant by multi-user? 4. Explain

More information

Preemptive security solutions for healthcare

Preemptive security solutions for healthcare Helping to secure critical healthcare infrastructure from internal and external IT threats, ensuring business continuity and supporting compliance requirements. Preemptive security solutions for healthcare

More information

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption

Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption OVERVIEW Data is one of the most important assets within organizations, second perhaps

More information

GE Measurement & Control. Cyber Security for NEI 08-09

GE Measurement & Control. Cyber Security for NEI 08-09 GE Measurement & Control Cyber Security for NEI 08-09 Contents Cyber Security for NEI 08-09...3 Cyber Security Solution Support for NEI 08-09...3 1.0 Access Contols...4 2.0 Audit And Accountability...4

More information

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd. www.cryptomill.com

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd. www.cryptomill.com SEAhawk CryptoMill CryptoMill Technologies Ltd. www.cryptomill.com OVERVIEW S EAhawk is an endpoint and removable storage security solution for desktop PCs and laptops running the Microsoft Windows operating

More information

Solution Guide Parallels Virtualization for Linux

Solution Guide Parallels Virtualization for Linux Solution Guide Parallels Virtualization for Linux Overview Created in 1991, Linux was designed to be UNIX-compatible software that was composed entirely of open source or free software components. Linux

More information

Introduction to BitLocker FVE

Introduction to BitLocker FVE Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk

More information

Samsung SED Security in Collaboration with Wave Systems

Samsung SED Security in Collaboration with Wave Systems Samsung SED Security in Collaboration with Wave Systems Safeguarding sensitive data with enhanced performance, robust security, and manageability Samsung Super-speed Drive Secure sensitive data economically

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

Safer. Simpler. Easier.

Safer. Simpler. Easier. Safer. Simpler. Easier. My technology ROI just got a boost. Software Assurance Benefit Windows Vista Enterprise an > New Version Rights > Spread Payments > Deploy > Desktop Deployment Planning Services

More information

Cautions When Using BitLocker Drive Encryption on PRIMERGY

Cautions When Using BitLocker Drive Encryption on PRIMERGY Cautions When Using BitLocker Drive Encryption on PRIMERGY July 2008 Fujitsu Limited Table of Contents Preface...3 1 Recovery mode...4 2 Changes in hardware configurations...5 3 Prior to hardware maintenance

More information

Using HP System Software Manager for the mass deployment of software updates to client PCs

Using HP System Software Manager for the mass deployment of software updates to client PCs Using HP System Software Manager for the mass deployment of software updates to client PCs Introduction... 2 HP manageability solutions... 2 SSM overview... 3 Software updates... 3 Why not SSM-enabled?...

More information

Securing Data in the Cloud

Securing Data in the Cloud Securing Data in the Cloud Meeting the Challenges of Data Encryption and Key Management for Business-Critical Applications 1 Contents Protecting Data in the Cloud: Executive Summary.....................................................

More information

http://docs.trendmicro.com/en-us/enterprise/endpoint-encryption.aspx

http://docs.trendmicro.com/en-us/enterprise/endpoint-encryption.aspx Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, please review the readme files,

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified

More information

A Comprehensive Plan to Simplify Endpoint Encryption

A Comprehensive Plan to Simplify Endpoint Encryption A Comprehensive Plan to Simplify Endpoint Encryption Managing SEDs, BitLocker, and FileVault Together from the Cloud Executive Summary Encryption is an essential component of any information security plan.

More information

The CIO s Guide to HIPAA Compliant Text Messaging

The CIO s Guide to HIPAA Compliant Text Messaging The CIO s Guide to HIPAA Compliant Text Messaging Executive Summary The risks associated with sending Electronic Protected Health Information (ephi) via unencrypted text messaging are significant, especially

More information

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2

Table of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2 Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.

More information

Trusted Computing Basics: Self-Encrypting Drives

Trusted Computing Basics: Self-Encrypting Drives 09/21/2011 Trusted Computing Basics: Self-Encrypting Drives Ryan C. Getek, Ph.D. CISSP-ISSEP Secure Storage Lead, Trusted Computing Division, NCSC Jason Cox Client Security Products Lead, Seagate Technology

More information

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note

Recovering Encrypted Disks Using Windows Preinstallation Environment. Technical Note Recovering Encrypted Disks Using Windows Preinstallation Environment Technical Note Preface Documentation version Documentation version: 11.0, Release Date: Legal Notice Copyright Symantec Corporation.

More information

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives Main Line / Date / Etc. June May 2008 2nd Line 80-11-01583 xx-xx-xxxx Revision 1.0 Tagline Here Table of Contents

More information

Compliance and Security Challenges with Remote Administration

Compliance and Security Challenges with Remote Administration Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems

A+ Guide to Managing and Maintaining Your PC, 7e. Chapter 16 Fixing Windows Problems A+ Guide to Managing and Maintaining Your PC, 7e Chapter 16 Fixing Windows Problems Objectives Learn what to do when a hardware device, application, or Windows component gives a problem Learn what to do

More information

ScoMIS Encryption Service

ScoMIS Encryption Service Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation

More information

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents

More information

Configuring ThinkServer RAID 100 on the TS140 and TS440

Configuring ThinkServer RAID 100 on the TS140 and TS440 Configuring ThinkServer RAID 100 on the TS140 and TS440 Lenovo ThinkServer TS Series Servers Lenovo Enterprise Product Group Version 1.0 September 17, 2013 2013 Lenovo. All rights reserved. LENOVO PROVIDES

More information

Understanding Enterprise Cloud Governance

Understanding Enterprise Cloud Governance Understanding Enterprise Cloud Governance Maintaining control while delivering the agility of cloud computing Most large enterprises have a hybrid or multi-cloud environment comprised of a combination

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Full Disk Encryption Agent Reference

Full Disk Encryption Agent Reference www.novell.com/documentation Full Disk Encryption Agent Reference ZENworks 11 Support Pack 3 May 2014 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or

More information