Managing BitLocker Encryption
|
|
- Isaac Derrick Richardson
- 8 years ago
- Views:
Transcription
1 Managing BitLocker Encryption
2 Introduction Organizations are facing a data security crisis. Despite decades of investment in security, breaches of sensitive information continue to dominate the headlines. While advances have been made in the way in which businesses manage and protect informational assets, attackers continue to advance their capabilities, developing highly customized malware and exploiting any vulnerabilities in systems in order to steal data. At the same time, the regulatory landscape has also evolved, with ever-more stringent and broad industry and legal mandates placing even more pressure on organizations to meet security standards, protect information, and report breaches, should they occur. In response to this, a more data-centric approach to security has developed, focused on layering protection around the information itself, placing encryption at the very heart of this strategy. Encryption provides both a last line of defense in the case of an attack, as well as protecting information in the event of an accidental breach or disclosure. As a result, many have welcomed the inclusion of encryption technology in Microsoft Windows 7, which is rapidly becoming the prevalent desktop operating system for organizations of all kinds, and equally importantly, its availability for Windows Server 2008 R2. By building encryption technology into the operating system, Microsoft has provided many organizations, which had previously not deployed encryption, a way to quickly and easily start protecting their critical information. This whitepaper will examine some best practices for managing BitLocker, as well as discuss how to more easily integrate BitLocker encryption into your security program and reduce the overhead of both key management and reporting CREDANT Technologies, Inc. All rights reserved. PAGE 2 OF 9 For more information contact
3 STRENGTHS OF BITLOCKER BitLocker is a data protection technology integrated with some of the more recent versions of the Windows operating system, providing protection in the event that the system is lost, stolen or otherwise accessed in an unauthorized manner. It provides volume-level encryption which protects both user files and system files and renders them both unreadable unless the appropriate decryption key is available. One important feature of BitLocker is that it works with a hardware component called the Trusted Platform Module (TPM) which is now standard in many types of newer computers. This TPM helps prevent access to information in the event that the system was tampered with while on or offline (such as being booted from another system or even having the hard disk removed and placed in a different computer). Systems without a TPM can still use BitLocker, but they require the use of a USB startup key (and lose the protection from tampering provided by the TPM). Finally, BitLocker offers administrators the option to require the use of the USB startup key or force the user to enter a secret personal identification number (PIN) before the system can continue to boot. All of these combined capabilities mean that BitLocker provides a good degree of security for the system in the event that an unauthorized user attempts to gain access, which is exactly what a good encryption system should do. However, before deploying BitLocker, it is important to know that, like any security solution, it requires careful management to ensure that you provide the level of protection that you need for sensitive data. Furthermore, there will be some areas where the use of BitLocker is more appropriate than others, and you will need to consider how to integrate BitLocker with the rest of your encryption solutions as well as the broader security and compliance infrastructure. WHEN TO USE BITLOCKER BitLocker is standard in certain versions of Microsoft Windows. These are Windows Vista and Windows 7 Ultimate and Enterprise editions, and Windows Server 2008 R2. BitLocker therefore makes sense to deploy in environments that are predominantly using these versions, however, integration with other encryption platforms is both possible and relatively easy (as will be discussed later) so using BitLocker within a subset of your infrastructure is entirely feasible. BitLocker uses an approach called volume-level encryption, which is similar to traditional full disk encryption but this approach can encrypt multiple volumes on the same physical disk, or encompass multiple physical disks when logically grouped into one volume. This means that BitLocker uses a volume master key (VMK) to encrypt the entire volume. (As part of this approach, BitLocker on Windows 7 requires a startup partition, so having sufficient free space is important when preparing to deploy and use BitLocker). As BitLocker provides volume-level encryption (rather than a file-based approach), this has some implications for the type of user, system and data that are most appropriate for BitLocker usage. MOST APPROPRIATE USES FOR BITLOCKER Like any security technology, BitLocker is most appropriate to use in certain situations, and less so in others. One of the key aspects to remember is that BitLocker provides access on an all or nothing basis. As such, once a user has the ability to decrypt information on a BitLocker protected system, that user has access to everything on the volume. In many circumstances, this is entirely desirable. For example, this might apply to a remote worker who has a laptop device that carries potentially sensitive information, or who simply wishes to ensure that information on 2011 CREDANT Technologies, Inc. All rights reserved. PAGE 3 OF 9 For more information contact
4 the volume is not usable in the event that the laptop is lost (a surprisingly regular occurrence in most enterprise environments). However, there will also be circumstances where the all or nothing approach is not desirable. This is especially true in the following situations: When information on the system is highly sensitive (and must be safeguarded against access from unauthorized insiders) When the system must be shared by multiple users and access to information on the volume must be controlled In the first instance, the real risk comes primarily from a privileged insider, such as an administrator. Often administrators will need to have access to a system in order to perform routine maintenance, upgrade software, or fix a problem. In these events, if volumebased (or full-disk) encryption is used, then the administrator will also have access to sensitive information, as everything on the volume is decrypted at the same time. If information on that system is highly sensitive, it might be better to consider policy-based encryption rather than disk- or volume-based. In cases where the system must be shared by multiple users (often the case in the healthcare industry, for example), the same considerations apply. If information needs to be protected from different users on the same system, then volume-based encryption, such as is provided by BitLocker, may not be most appropriate. Again, a policy-based approach should be considered, as this will allow encryption for different users on each system to be maintained using different keys, thus preventing one user from viewing another user s sensitive information. For many other users, however, BitLocker s approach may be entirely appropriate and will provide a foundational level of protection that will keep information secure in the case of, for example, a laptop being stolen or lost. PITFALLS TO AVOID As already discussed, BitLocker will provide your users with a secure encryption method for data on their systems. However, to fully utilize this solution, and to ensure documented and provable compliance with regulations for information security and privacy, there are a number of important considerations. These become especially significant in large organizations where there may be a large number of users, where systems are highly heterogeneous, where mobile device and removable media securities are important, or where the workforce is highly distributed. While the following is not an exhaustive list, it will cover some of the more important things to plan for when using BitLocker in large enterprise environments: Key Management Key Security Compliance Reporting Ease Of Management FIPS Compliance Removable Media and Mobile Device Encryption Integration with Broader Encryption Biometric Authentication KEY MANAGEMENT Perhaps the most important aspect of any encryption solution is key management. Keys provide the method of access to the protected data. Therefore ensuring that they are protected from misuse is essential to maintaining the security of the encrypted information. Equally important is the need to ensure that the keys 2011 CREDANT Technologies, Inc. All rights reserved. PAGE 4 OF 9 For more information contact
5 are available when needed in order to decrypt the data ready for access. When used with a TPM, BitLocker key management relies on a number of keys to control access to the information on the drive. These include a TPM owner password (which is required to change the configuration of the TPM), a recovery key and/or recovery password (used to access the information in the event that the TPM denies access), a PIN and/or enhanced PIN (used to provide access to the system each time it is booted and consisting of 4-20 numbers or characters) and a startup key (stored on a flash drive and inserted each time the system boots). Users will normally only interact with the recovery keys, PINs and startup keys. Most important of these is the recovery key. This key enables an administrator to access the information encrypted on the drive even if the TPM enters recovery mode (that is, it detects a change that suggests tampering may have occurred). This can happen for a number of reasons, some of which are listed below: Changing any boot configuration data (BCD) boot entry data type settings of a number of items (for example adding a language pack for all users and system accounts, which the TPM may interpret as a boot attack) Changing the BIOS boot order to boot another drive in advance of the hard drive Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD Failing to boot from a network drive before booting from the hard drive (under some circumstances) Docking or undocking a portable computer Changes to the NTFS partition table on the disk including creating, deleting, or resizing a primary partition Entering the personal identification number (PIN) incorrectly too many times or forgetting the PIN, or losing the USB flash drive containing the startup key when startup key authentication has been enabled Turning off the BIOS support for reading the USB device in the pre-boot environment if you are using USB-based keys instead of a TPM Turning off, disabling, deactivating, or clearing the TPM or updating the TPM firmware Upgrading critical early startup components, such as a BIOS upgrade, causing the BIOS measurements to change Updating option ROM firmware Adding or removing hardware. For example, inserting a new card in the computer, including some PCMIA wireless cards Removing, inserting, or completely depleting the charge on a smart battery on a portable computer Changes to the master boot record or boot manager on the disk Hiding the TPM from the operating system Using a different keyboard that does not correctly enter the PIN or whose keyboard map does not match the keyboard map assumed by the pre-boot environment. This can prevent the entry of enhanced PINs Moving the BitLocker-protected drive into a new computer Upgrading the motherboard to a new one with a new TPM 2011 CREDANT Technologies, Inc. All rights reserved. PAGE 5 OF 9 For more information contact
6 Failing the TPM self test Having a BIOS or an option ROM component that is not compliant with the relevant Trusted Computing Group standards for a client computer Pressing the F8 or F10 key during the boot process Adding or removing add-in cards (such as video or network cards), or upgrading firmware on add-in cards Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive For a more complete list of causes for the TPM to enter recovery mode, visit ee449438(ws.10).aspx#bkmk_examplesosrec If the TPM enters recovery mode, the administrator (or user) will have to enter or use the recovery key. While the recovery key can simply be printed out on creation, based on configuration settings, it can also be stored on a USB removable drive (or drives). In an enterprise environment, putting in place a more reliable process and one that is easier to maintain longer term is more likely. The best native approach (without using third-party key management tools) is to have the recovery key stored in Active Directory. For Windows 2008 domain controllers, this is possible without changing the Active Directory schema, although changes are required in the schema for Windows 2003 controllers. While the approach of storing recovery keys in Active Directory does provide simplified recovery and a reduced likelihood that access to a system will be unavailable; it does open up some additional potential security holes which must be managed. If an enterprise decides to manage and store recovery keys, maintaining some kind of centralized access to them is important. A critical employee becoming unavailable as a result of leaving the company, for example, could render vital information on an encrypted system unreadable if a recovery key management strategy is not put in place to prevent this. KEY AND DATA SECURITY While encryption protects information from unauthorized access and disclosure, this technology is only effective if the encryption keys are secured. The use of the TPM provides a high degree of resistance to attacks on the operating system designed to compromise keys in use and against the system itself while off-line. However security of the recovery key must also be taken into account. The recovery key will typically be stored in one (or more) of the following: A Printed Copy A File on a USB Device(s) In Active Directory As already discussed, the third option is the most scalable and easily managed in an enterprise environment. However, storing the recovery keys in Active Directory does introduce an element of risk which must be addressed, specifically that the key is stored unencrypted, in plain text. Although access to this key is therefore restricted to only administrators with privileges for domain administration, it does mean that any such administrator will potentially have access to the recovery key for every system in the domain. Such access could severely undermine separation of duties within the organization between network and security administration roles. This can also have implications for compliance, as discussed later CREDANT Technologies, Inc. All rights reserved. PAGE 6 OF 9 For more information contact
7 COMPLIANCE REPORTING Reporting and auditing are, in many cases, necessary evils for any security organization. Centralized reporting and auditing helps reduce the workload in meeting compliance mandates such as PCI DSS, HIPAA/HITECH, SOX, Data Protection Directives, and so on. The ability to provide documented proof that a system was encrypted at the time of a breach, or to show an auditor which systems are fully encrypted and which are only partially protected, will help simplify and streamline response to audit needs and also provide better visibility into risk for the organization. While BitLocker provides some limited capabilities here, it will be important to understand what reporting requirements must be met, and plan accordingly if additional reporting capabilities are needed. EASE OF MANAGEMENT One of the great benefits of BitLocker is that is comes pre-installed as part of the operating system for some versions of Windows 7 and Windows This enables a very rapid roll out of encryption infrastructure across the enterprise. There are a few points to take into account. First, that there is often some degree of initialization required for the TPM and this will generally need to be done with physical access to the system. Secondly, users must be educated if options such as the PIN, and USB Security key are to be used. However, once in place, BitLocker should operate with little hands-on management required. In instances where users have local administration privileges, there is the risk that they will turn-off BitLocker on their local system. In such a case, should the system be lost, information could be exposed and the organization would potentially be unable to demonstrate compliance with the appropriate mandates for data protection. In an enterprise environment, Group Policy Object settings will typically be used to enforce polices for BitLocker management. A list can be found here: at the BitLocker Group Policy reference site. FIPS COMPLIANCE For organizations who must comply with the US Federal Information Processing Standard 140-2, BitLocker can provide a viable method of encryption. In this event, users cannot save recovery keys. As such, care should be taken to provide appropriate safeguards to back up sensitive information before BitLocker is used or, more realistically, uses a third-party encryption management system for BitLocker. (Ensure that the encryption management solution provides simple, centrally managed key recovery and is FIPS validated). For more information on FIPS Compliance, see: ee706536%28ws.10%29.aspx REMOVABLE MEDIA & MOBILE DEVICE ENCRYPTION BitLocker provides a method of protecting removable media utilizing the BitLocker-To-Go technology. This uses the same volume-encryption approach as BitLocker itself. While this solution comes as a standard element of BitLocker, it provides more limited platform/device coverage than a number of thirdparty solutions including a lack of support for CD File Systems). Furthermore, the approach of providing fullvolume encryption for external storage or removable media can result in significant delays in usage when the device is first mounted. If users are unfamiliar with this, they may accidentally remove the removable media before it is fully encrypted, which can increase the risk that it is rendered unreadable and the information on it lost. If removable media security is a concern for your organization, you may wish to examine some of the complementary, third-party removable media offerings or use self-encrypting removable media in some instances CREDANT Technologies, Inc. All rights reserved. PAGE 7 OF 9 For more information contact
8 INTEGRATION WITH BROADER ENCRYPTION While BitLocker will provide relatively simple encryption protection for certain platforms, in most enterprise environments there will be a number of non- BitLocker protected systems. As a result, integration with the rest of the security infrastructure will provide significant management benefits. BitLocker will provide coverage for Windows 7 (some versions) and Windows Server 2008 R2. However, the presence of Windows XP and Mac OS X systems means that additional encryption tools (beyond BitLocker) must be considered. For removable media, while BitLocker-To-Go provides a degree of protection, a third-party solution should also be considered to provide additional breadth of coverage, especially if the encryption approach is policy or file based rather than requiring the entire device to be encrypted at once. Smartphones now have a significant foothold in the portfolio of corporate, mobile worker s tools. These devices, often capable of carrying large amounts of sensitive information, must also be secured, which will often mean the use of proprietary encryption technology. Given the above, there will inevitably need to be additional encryption solutions in place within the enterprise beyond BitLocker. Integrating these encryption solutions into a single set of management tools is therefore highly desirable as it provides many significant benefits: Simpler Management More Complete Reporting and Auditing Less Workload for Compliance-Related Auditing One Central Repository for Key Escrow, Therefore Reducing Security Risks Less Chance of Gaps In Coverage Third-party management tools already exist to integrate BitLocker with other encryption solutions to provide the above benefits. As the complexity of the corporate infrastructure continues to grow, and as the need to protect ever greater quantities of information against more complex threats also grows, integrated solutions must be deployed to provide the degree of coverage while reducing the workload for IT security teams. BIOMETRIC AUTHENTICATION BitLocker offers no integration with biometric authentication products and therefore, if you require these devices in order to enforce two-factor authentication, you should examine third-party encryption management solutions that can provide such capabilities. SIMPLIFYING SECURITY WITH CREDANT MANAGER FOR BITLOCKER The previous section provided some advice on which areas may require special planning. The extent to which each of these areas is of concern will depend greatly on the type of users you have, the sensitivity of the information you need to secure, your organization s risk appetite, complexity of the infrastructure and so on. CREDANT Manager for BitLocker forms part of a single, central management solution which helps address many of the above concerns as well as offer an integrated approach to managing encryption across other, non-bitlocker platforms; physical, virtual and cloud-based. CREDANT Manager for BitLocker provides the following enhancements: Key Management Centralized escrow of the critical recovery keys helps ensure your users can access information on encrypted systems whenever they need it with minimal work from your IT and helpdesk teams CREDANT Technologies, Inc. All rights reserved. PAGE 8 OF 9 For more information contact
9 Policy Enforcement Define and enforce policies from a single, central console. No need to alter your Active Directory schema, or use Active Directory group policies to manage Bit- Locker. CREDANT s management console provides all the flexibility and control you need, centrally managed for your enterprise. Automated TPM Management Enabling the TPM capabilities can require significant setup activities. CREDANT Manager for BitLocker automates TPM initialization, reducing your work and the risk that systems are left unprotected. CREDANT Manager for BitLocker will also store the TPM password for recovery when needed. FIPS Compliance Secure, centralized recovery key escrow eliminates the problem that recovery keys are stored in plain text which is not a valid, FIPS compliant approach. Compliance Reporting CREDANT Manager for BitLocker provides extensive auditing and reporting capabilities to enable you to easily demonstrate that systems are encrypted, and to provide compliance and audit managers all the information they need, when they need it, with less work. CONCLUSION Integration of basic encryption capabilities into the operating systems represents a good first step in improving the security of critical data, especially for those organizations where BitLocker will meet their compliance and data protection needs. While BitLocker offers a good, volume-based encryption solution, it will also present some challenges. Specifically: It is not appropriate for all users (especially if highly sensitive information must be stored and access from privileged insiders is a concern) It covers only a subset of platforms Careful management is required, especially of the recovery keys By utilizing a third-party data security management solution such as CREDANT Manager for BitLocker, these issues can be overcome, and so enable you to take full advantage of the capabilities of BitLocker, to reduce risk to critical data and simplify the security and compliance of your organization. For more information on how CREDANT can help secure and manage BitLocker deployments, please visit The solution is designed to enable you to seamlessly integrate BitLocker into your existing encryption needs, and manage BitLocker with the minimum necessary effort while streamlining security and compliance. By facilitating the deployment, configuration, management and maintenance of BitLocker, CREDANT Manager for BitLocker will reduce the cost of overall data protection, and the impact of security to your end users, which in turn frees up resources and improves overall business alignment. CREDANT Technologies Dallas Parkway, Suite 1420, Addison, Texas USA UK & EMEA, 88 Kingsway, London, WC2B 6AA, United Kingdom US: 866-CREDANT ( ) or UK: phone +44 (0) fax +44 (0) For more information: info@credant.com 2011 CREDANT Technologies, Inc. All rights reserved. CREDANT Technologies, CREDANT, We Protect What Matters, Intelligent Encryption, and the CREDANT logo are, or will be, registered trademarks of CREDANT Technologies, Inc. All other trademarks, service marks, and/or product names are the property of their respective owners. Product information is subject to change without notice.
How to Encrypt your Windows 7 SDS Machine with Bitlocker
How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly
More informationRemovable Media Best Practices
WHITE PAPER PART TWO Business-aligned Security Strategies and Advice WWW.CREDANT.COM Introduction In part one of this two-part white paper, we looked at the reasons that removable media has posed such
More informationUsing BitLocker As Part Of A Customer Data Protection Program: Part 1
Using BitLocker As Part Of A Customer Data Protection Program: Part 1 Tech Tip by Philip Cox Source: searchsecuritychannel.com As an information security consultant, one of my jobs is to help my clients
More informationWhitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015
Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure Addressing the Concerns of the IT Professional Rob Weber February 2015 Page 2 Table of Contents What is BitLocker?... 3 What is
More informationDriveLock and Windows 8
Why alone is not enough CenterTools Software GmbH 2013 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationDriveLock and Windows 7
Why alone is not enough CenterTools Software GmbH 2011 Copyright Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise
More informationEncryption Buyers Guide
Encryption Buyers Guide Today your organization faces the dual challenges of keeping data safe without affecting user productivity. Encryption is one of the most effective ways to protect information from
More informationMCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features
MCTS Guide to Microsoft Windows 7 Chapter 7 Windows 7 Security Features Objectives Describe Windows 7 Security Improvements Use the local security policy to secure Windows 7 Enable auditing to record security
More informationMobile Data Security Essentials for Your Changing, Growing Workforce
Mobile Data Security Essentials for Your Changing, Growing Workforce White Paper February 2007 CREDANT Technologies Security Solutions White Paper YOUR DYNAMIC MOBILE ENVIRONMENT As the number and diversity
More informationSecuring Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption
THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has
More informationNavigating Endpoint Encryption Technologies
Navigating Endpoint Encryption Technologies Whitepaper November 2010 THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS
More informationSecureAge SecureDs Data Breach Prevention Solution
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
More informationDo "standard tools" meet your needs when it comes to providing security for mobile PCs and data media?
Product Insight Do "standard tools" meet your needs when it comes to providing security for mobile PCs and data media? Author Version Document Information Utimaco Product Management Device Security 4.30.00
More informationIntroduction to BitLocker FVE
Introduction to BitLocker FVE (Understanding the Steps Required to enable BitLocker) Exploration of Windows 7 Advanced Forensic Topics Day 3 What is BitLocker? BitLocker Drive Encryption is a full disk
More informationManaging BitLocker With SafeGuard Enterprise
Managing BitLocker With SafeGuard Enterprise How Sophos provides one unified solution to manage device encryption, compliance and Microsoft BitLocker By Robert Zeh, Product Manager Full-disk encryption
More informationProtecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer
Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer The Data Breach Epidemic Continues.. 1 Data Encryption Choices for Businesses................... 2 The Hardware
More informationDid you know your security solution can help with PCI compliance too?
Did you know your security solution can help with PCI compliance too? High-profile data losses have led to increasingly complex and evolving regulations. Any organization or retailer that accepts payment
More informationDisk Encryption. Aaron Howard IT Security Office
Disk Encryption Aaron Howard IT Security Office Types of Disk Encryption? Folder Encryption Volume or Full Disk Encryption OS / Boot Volume Data Volume Managed or Unmanaged Key Backup and Data Assurance
More informationBest Practices for Protecting Laptop Data
Laptop Backup, Recovery, and Data Security: Protecting the Modern Mobile Workforce Today s fast-growing highly mobile workforce is placing new demands on IT. As data growth increases, and that data increasingly
More informationBitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation
BitLocker Drive Encryption Hardware Enhanced Data Protection Shon Eizenhoefer, Program Manager Microsoft Corporation Agenda Security Background BitLocker Drive Encryption TPM Overview Building a BitLocker
More informationWindows BitLocker TM Drive Encryption Design Guide
Windows BitLocker TM Drive Encryption Design Guide Microsoft Corporation Published: August 2007 Abstract This document describes the various aspects of planning for deploying Windows BitLocker Drive Encryption
More informationHow Endpoint Encryption Works
WHITE PAPER: HOW ENDPOINT ENCRYPTION WORKS........................................ How Endpoint Encryption Works Who should read this paper Security and IT administrators Content Introduction to Endpoint
More informationA Guide to Managing Microsoft BitLocker in the Enterprise
20140410 A Guide to Managing Microsoft BitLocker in the Enterprise TABLE OF CONTENTS Introduction 2 Why You Can t Ignore Effective FDE 3 BitLocker by Default 4 BitLocker s Total Cost of Ownership 5 SecureDoc
More informationWindows BitLocker Drive Encryption Step-by-Step Guide
Windows BitLocker Drive Encryption Step-by-Step Guide Microsoft Corporation Published: September 2006 Abstract Microsoft Windows BitLocker Drive Encryption is a new hardware-enhanced feature in the Microsoft
More informationEncrypting with BitLocker for disk volumes under Windows 7
Encrypting with BitLocker for disk volumes under Windows 7 Summary of the contents 1 Introduction 2 Hardware requirements for BitLocker Driver Encryption 3 Encrypting drive 3.1 Operating System Drive 3.1.1
More informationProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary
VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION
More informationHow Drive Encryption Works
WHITE PAPER: HOW DRIVE ENCRYPTION WORKS........................................ How Drive Encryption Works Who should read this paper Security and IT administrators Content Introduction to Drive Encryption.........................................................................................
More informationThe True Story of Data-At-Rest Encryption & the Cloud
The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost
More informationSession ID: Session Classification:
Session ID: Session Classification: Protecting Data with Encryption Access Control Protect Sensitive Data Protect and Manage Threats Groundbreaking Malware Resistance Protects the client, data, and corporate
More informationWindows 7. Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org
Windows 7 Qing Liu Qing.Liu@chi.frb.org Michael Stevens Michael.Stevens@chi.frb.org 1 Overview 1. Financial Institution s Preliminary Steps 2. User Interface 3. Data Protection 4. User and Group Changes
More informationTOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE
TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationAddressing the Data Protection Requirements of the HITECH Act
Addressing the Data Protection Requirements of the HITECH Act Simplifying data protection for healthcare industry compliance with endpoint encryption Trend Micro, Incorporated A Trend Micro White Paper
More informationVormetric Encryption Architecture Overview
Vormetric Encryption Architecture Overview Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732
More informationIBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet
IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationSamsung SED Security in Collaboration with Wave Systems
Samsung SED Security in Collaboration with Wave Systems Safeguarding sensitive data with enhanced performance, robust security, and manageability Samsung Super-speed Drive Secure sensitive data economically
More informationBitLocker Encryption for non-tpm laptops
BitLocker Encryption for non-tpm laptops Contents 1.0 Introduction... 2 2.0 What is a TPM?... 2 3.0 Users of non-tpm University laptops... 2 3.1 Existing Windows 7 laptop users... 2 3.2 Existing Windows
More informationEncryption, Key Management, and Consolidation in Today s Data Center
Encryption, Key Management, and Consolidation in Today s Data Center Unlocking the Potential of Data Center Consolidation whitepaper Executive Summary Today, organizations leadership teams are striving
More informationInnovative Secure Boot System (SBS) with a smartcard.
Managed Security Services Desktop Security Services Secure Notebook Desktop Security Services. Secure Notebook. Today s business environment demands mobility, and the notebook computer has become an indispensable
More informationInstalling and Upgrading to Windows 7
Installing and Upgrading to Windows 7 Before you can install Windows 7 or upgrade to it, you first need to decide which version of 7 you will use. Then, you should check the computer s hardware to make
More informationSecureD Technical Overview
WHITEPAPER: SecureD Technical Overview WHITEPAPER: SecureD Technical Overview CONTENTS section page 1 The Challenge to Protect Data at Rest 3 2 Hardware Data Encryption Provides Maximum Security 3 3 SecureD
More informationWHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery
WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights
More informationEMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide
EMBASSY Remote Administration Server (ERAS) BitLocker Deployment Guide BitLocker Deployment Guide Document Version 0.0.0.5 http://www.wave.com ERAS v 2.8 Wave Systems Corp. 2010 Contents Contents... 2
More informationSecurity Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation
Security Overview for Windows Vista Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation Agenda User and group changes Encryption changes Audit changes User rights New and modified
More informationMBAM Self-Help Portals
MBAM Self-Help Portals Authoring a self-help portal workflow for BitLocker Recovery Using Microsoft BitLocker Administration and Monitoring (MBAM) Technical White Paper Published: September 2011 Priyaa
More informationHP ProtectTools User Guide
HP ProtectTools User Guide Copyright 2007 Hewlett-Packard Development Company, L.P. Microsoft and Windows are U.S. registered trademarks of Microsoft Corporation. Intel is a trademark or registered trademark
More informationICT Professional Optional Programmes
ICT Professional Optional Programmes Skills Team are a Microsoft Academy with new training rooms and IT labs in our purpose built training centre in Ealing, West London. We offer a range of year-long qualifications
More informationHow to use Alertsec to Enable SOX Compliance for Your Customers
How to use Alertsec to Enable SOX Compliance for Your Customers Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents Executive Summary...
More informationSecuring Data on Portable Media. www.roxio.com
Securing Data on Portable Media www.roxio.com Contents 2 Contents 3 Introduction 4 1 The Importance of Data Security 5 2 Roxio Secure 5 Security Means Strong Encryption 6 Policy Control of Encryption 7
More informationManagement of Hardware Passwords in Think PCs.
Lenovo Corporation March 2009 security white paper Management of Hardware Passwords in Think PCs. Ideas from Lenovo Notebooks and Desktops Workstations and Servers Service and Support Accessories Introduction
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationProtect Sensitive Data Using Encryption Technologies. Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.
Protect Sensitive Data Using Encryption Technologies Ravi Sankar Technology Evangelist Microsoft Corporation http://ravisankar.spaces.live.com/blog Where is the User Data Stored? Q: Where is the biggest
More informationGain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems
Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems Built-in Security to Protect Sensitive Data without Sacrificing Performance What is an SED? A self-encrypting drive performs
More informationEncrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010
Encrypting the Private Files on Your Computer Presentation by Eric Moore, CUGG June 12, 2010 I. File Encryption Basics A. Encryption replaces data within a file with ciphertext which resembles random data
More informationKeep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise
Protection as a Priority TM Keep Your Data Secure in the Cloud to ensure your online data is protected from compromise Abstract The headlines have been dominated lately with massive data breaches exposing
More informationSecurity Management. Keeping the IT Security Administrator Busy
Security Management Keeping the IT Security Administrator Busy Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Excelsior College James L. Antonakos SUNY Distinguished Teaching
More informationWhite Paper: Whole Disk Encryption
How Whole Disk Encryption Works White Paper: Whole Disk Encryption How Whole Disk Encryption Works Contents Introduction to Whole Disk Encryption.....................................................................
More information10 Building Blocks for Securing File Data
hite Paper 10 Building Blocks for Securing File Data Introduction Securing file data has never been more important or more challenging for organizations. Files dominate the data center, with analyst firm
More informationFull Drive Encryption Security Problem Definition - Encryption Engine
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Full Drive Encryption Security Problem Definition - Encryption Engine Introduction for the FDE Collaborative Protection Profiles
More informationProtecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption
Protecting Data at Rest What to Consider When Selecting a Solution for Disk, Removable Media, and File Encryption OVERVIEW Data is one of the most important assets within organizations, second perhaps
More informationA Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
More informationSecuring Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology
20140115 Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology TABLE OF CONTENTS What s at risk for your organization? 2 Is your business
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationEncrypted File Systems. Don Porter CSE 506
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue
More informationImplementing HIPAA Compliance with ScriptLogic
Implementing HIPAA Compliance with ScriptLogic A ScriptLogic Product Positioning Paper By Nick Cavalancia 1.800.424.9411 www.scriptlogic.com Table of Contents INTRODUCTION... 3 HIPAA BACKGROUND... 3 ADMINISTRATIVE
More informationnwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.
CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such
More informationTop Five Ways to Protect Your Network. A MainNerve Whitepaper
A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationCertification Report
Certification Report EAL 4 Evaluation of SecureDoc Disk Encryption Version 4.3C Issued by: Communications Security Establishment Certification Body Canadian Common Criteria Evaluation and Certification
More informationMobile Device Security and Encryption Standard and Guidelines
Mobile Device Security and Encryption Standard and Guidelines University Mobile Computing and Device best practices are currently defined as follows: 1) The use of any sensitive or private data on mobile
More informationMICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM)
MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) MICROSOFT BITLOCKER ADMINISTRATION AND MONITORING (MBAM) Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative
More informationKaspersky Lab s Full Disk Encryption Technology
Kaspersky Lab s Full Disk Encryption Technology In the US alone, an estimated 12,000 laptops are lost or stolen each week. According to the Ponemon Institute, a laptop is stolen every 53 seconds; more
More informationHow to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization
How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization Alertsec offers Cloud Managed - Policy Controlled - Security Modules for Ensuring Compliance at the Endpoints Contents
More informationHiva-network.com. Microsoft_70-680_v2011-06-22_Kat. Exam A
Exam A Microsoft_70-680_v2011-06-22_Kat QUESTION 1 You have a computer that runs Windows 7. The computer has a single volume. You install 15 applications and customize the environment. You complete the
More information10 Top Tips for Data Protection in the New Workplace
10 Top Tips for Data Protection in the New Workplace Balancing Workplace Security with Workforce Productivity One of the key things that keeps CIOs awake at night, is worrying about the loss or leakage
More informationKeep Your Data Secure: Fighting Back With Flash
Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up
More informationSymantec Backup Exec 11d for Windows Servers New Encryption Capabilities
WHITE PAPER: ENTERPRISE SECURITY Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities White Paper: Enterprise Security Symantec Backup Exec 11d for Windows Servers Contents Executive
More informationBEST PRACTICES. Systems Management. www.kaspersky.com
BEST PRACTICES www.kaspersky.com 2 YOUR GUIDE TO SYSTEMS MANAGEMENT BEST PRACTICES. Enhance security and manage complexity using centralized IT management tools. Unpatched vulnerabilities in popular applications
More informationBEST PRACTICES. Encryption. www.kaspersky.com
BEST PRACTICES www.kaspersky.com 2 YOUR GUIDE TO ENCRYPTION BEST PRACTICES. Data Protection. Act. Proactive data protection is a global business imperative. Kaspersky Lab can help you implement many of
More informationMulti-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access
Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access CONTENTS What is Authentication? Implementing Multi-Factor Authentication Token and Smart Card Technologies
More informationDid security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside
Help protect your data and brand, and maintain compliance from the outside September 2006 Copyright 2006 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States
More informationSecurity and Compliance. Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com
Security and Compliance Robert Nottoli Principal Technology Specialist Microsoft Corporation robnotto@microsoft.com DISCLAIMER FOR DOCUMENTATION REGARDING PRE-RELEASED SOFTWARE This document supports a
More informationZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016
ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference May 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government
More informationDeciphering the Safe Harbor on Breach Notification: The Data Encryption Story
Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their
More informationSafeGuard Easy startup guide. Product version: 7
SafeGuard Easy startup guide Product version: 7 Document date: December 2014 Contents 1 About this guide...3 2 About Sophos SafeGuard (SafeGuard Easy)...4 2.1 About Sophos SafeGuard (SafeGuard Easy) 7.0...6
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationSafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud
SafeNet Data Encryption and Control Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud Ensure Data Protection with Data Encryption and Control Across
More informationThe Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context
The Health Insurance Portability and Accountability Act - HIPAA - Using BeAnywhere on a HIPAA context About HIPAA The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationIntroducing Windows 8
Introducing Windows 8 Introduction Very Aggressive Change Building block for the future and future of devices Biggest Obstacle: Where is!?!? The New User Experience Start Screen Full screen Start Menu
More informationDell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
Dell s Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations Inside ü Tips for deploying or expanding BYOD programs while remaining
More informationRecipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory
Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory Tom Olzak October 2007 If your business is like mine, laptops regularly disappear. Until recently, centrally managed
More informationHP ProtectTools. Getting Started
HP ProtectTools Getting Started Copyright 2012 Hewlett-Packard Development Company, L.P. Bluetooth is a trademark owned by its proprietor and used by Hewlett-Packard Company under license. Intel is a trademark
More informationOracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009
Oracle Enterprise Single Sign-on Technical Guide An Oracle White Paper June 2009 EXECUTIVE OVERVIEW Enterprises these days generally have Microsoft Windows desktop users accessing diverse enterprise applications
More informationTechnical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.
Technical Note Installing Micron SEDs in Windows 8 and 10 TN-FD-28: Installing Micron SEDs in Windows 8 and 10 Introduction Introduction Self-encrypting drives (SEDs) can provide an effective way of protecting
More informationHow to enable Disk Encryption on a laptop
How to enable Disk Encryption on a laptop Skills and pre-requisites Intermediate IT skills required. You need to: have access to, and know how to change settings in the BIOS be confident that your data
More informationThe Microsoft Dynamics AX 2009 Security Hardening Guide. Microsoft Corporation Published: May 2008
The Microsoft Dynamics AX 2009 Security Hardening Guide Microsoft Corporation Published: May 2008 Microsoft Dynamics is a line of integrated, adaptable business management solutions that enables you and
More information