Enterprise Data Protection



Similar documents
IBM Data Security Services for endpoint data protection endpoint encryption solution

Five Truths. About Enterprise Data Protection THE BEST WAY TO SECURE YOUR DATA AND YOUR BUSINESS DEFENDING THE DATA CMYK

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

PGP Universal Server 2.5 SmartLine DeviceLock 6.2

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

How To Protect Your Data From Being Hacked

Securing Data Stored On Tape With Encryption: How To Choose the Right Encryption Key Management Solution

Preemptive security solutions for healthcare

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

SecureD Technical Overview

Payment Card Industry Data Security Standard

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

Teradata and Protegrity High-Value Protection for High-Value Data

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Understanding Enterprise Cloud Governance

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

The Impact of HIPAA and HITECH

CA Technologies Healthcare security solutions:

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

IBM System Storage DR550

Encryption Made Simple

Privacy 101. A Brief Guide

Encryption Made Simple

Adopt a unified, holistic approach to a broad range of data security challenges with IBM Data Security Services.

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

RSA SecurID Two-factor Authentication

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Proven LANDesk Solutions

Cisco Security Optimization Service

WHITE PAPER. Dedupe-Centric Storage. Hugo Patterson, Chief Architect, Data Domain. Storage. Deduplication. September 2007

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

Did security go out the door with your mobile workforce? Help protect your data and brand, and maintain compliance from the outside

Strengthen security with intelligent identity and access management

Managing for the Long Term: Keys to Securing, Troubleshooting and Monitoring a Private Cloud

Best Practices for Secure Mobile Access

Zone Labs Integrity Smarter Enterprise Security

Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

Securing Remote Vendor Access with Privileged Account Security

PCI Data Security Standards (DSS)

CSG & Cyberoam Endpoint Data Protection. Ubiquitous USBs - Leaving Millions on the Table

Preparing for the HIPAA Security Rule

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Thales e-security keyauthority Security-Hardened Appliance with IBM Tivoli Key Lifecycle Manager Support for IBM Storage Devices

White Paper. BD Assurity Linc Software Security. Overview

How To Protect Your Data From Harm With Safenet

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

How To Achieve Pca Compliance With Redhat Enterprise Linux

Protecting Your Data On The Network, Cloud And Virtual Servers

Reduce your data storage footprint and tame the information explosion

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Leveraging innovative security solutions for government. Helping to protect government IT infrastructure, meet compliance demands and reduce costs

SOLUTION BRIEF CA TECHNOLOGIES IDENTITY-CENTRIC SECURITY. How Can I Both Enable and Protect My Organization in the New Application Economy?

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Readiness Assessments: Vital to Secure Mobility

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

BlackBerry Enterprise Solution and RSA SecurID

Provide access control with innovative solutions from IBM.

Data Loss Prevention Program

IBM Endpoint Manager for Core Protection

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

A HELPING HAND TO PROTECT YOUR REPUTATION

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Document process management solutions for MiFID compliance

Ensuring Security and Compliance of Your EMC Documentum Enterprise Content Management System: A Collaborative Effort of EMC Documentum and RSA

Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs

White Paper. From Policy to Practice: A Practical Guide to Implementing HIPAA Security Safeguards

PCI Solution for Retail: Addressing Compliance and Security Best Practices

Business Case for Voltage Secur Mobile Edition

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

VMware vcloud Air HIPAA Matrix

How To Write A Health Care Security Rule For A University

Retention & Destruction

Transcription:

PGP White Paper June 2007 Enterprise Data Protection Version 1.0

PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION OF ENTERPRISE DATA PROTECTION...4 EDP STRATEGY: A BUSINESS ENABLER... 4 EDP ARCHITECTURE: SECURING DATA WHEREVER IT GOES... 5 ENCRYPTION: THE CORE OF ENTERPRISE DATA PROTECTION...6 ENTERPRISE ENCRYPTION SOLUTIONS... 6 ENABLING A STRATEGIC APPROACH: PGP SOLUTIONS... 7 INTEGRATED APPLICATIONS... 7 REST SECURED....8

PGP White Paper Enterprise Data Protection 3 Executive Summary In today s enterprise, data knows no boundaries. While data is consumed, transferred, and stored, however, it is also susceptible to compromise. The cost of a data breach can reach millions of dollars and permanently damage brand equity as well as customer trust 1. That s why protecting data in the modern enterprise requires a comprehensive approach. Enterprise Data Protection is a new evolutionary layer of technologies that manage data, control data access, detect data at risk, and protect data. With Enterprise Data Protection, security is built in, starting with data creation and following data as it is modified, transferred, stored, and archived. At the core of this approach is the protection of data using encryption, everywhere it goes. This PGP White Paper examines how encryption provides the foundation for an Enterprise Data Protection strategy. Instead of erecting barriers to control data security, encryption enables authorized users to move, share, and store data throughout the enterprise and beyond. This PGP White Paper is intended for IT and business managers responsible for developing strategy and implementing information security projects. 1 The Ponemon Institute, 2006 Annual Study: Cost of a Data Breach, October 2006

PGP White Paper Enterprise Data Protection 4 Protecting Data Everywhere it Goes Data is everywhere: Corporate data, partner data, customer data, and employee data seem to increase exponentially every day. Data has spread out of data centers, databases, remote file servers, and extranets to new and even more vulnerable locations such as laptops and removable storage devices. Although ubiquitous data access enables new business models and relationships, it also presents a challenge. Data must be controlled and protected to maintain the privacy of customers, the confidentiality of employees, and the business advantages of intellectual property. Any one piece left unprotected could lead to a significant data security breach, resulting in public embarrassment, customer satisfaction issues, and financial loss. Adequately protecting business data requires an adaptive, built-in method of data security. IT organizations, service providers, and vendors have evolved a new approach known as Enterprise Data Protection (EDP). EDP is an always-on, data-state-independent approach to maintaining data security. Building on data management and access controls, EDP embeds data protection with the actual data and works to identify data at risk. For example, data can now be encrypted at its source, transferred throughout an organization and beyond, and automatically checked when necessary to ensure compliance and privacy. With data security built in, IT is freed from developing new and redundant means of protecting data for each application or risk identified. Both end users and administrators become more productive as data access and security become more seamless and transparent. Most important, EDP also includes built-in validation of policy, improving the possibility of achieving comprehensive audit and regulatory compliance. At the core of this approach is the use of encryption to protect data everywhere it goes. Encryption provides the most fundamental level of data security, substituting cryptographically secured data for unprotected data. By its nature, encryption therefore ensures that whether data is being transferred or stored, data access policies are constantly and consistently enforced. The Evolution of Enterprise Data Protection Today, data is as likely to be transferred via a $20 USB flash drive as a large virtual private network (VPN) concentrator. And when data is distributed across storage devices, laptops, databases, and email, it can become vulnerable to inadvertent or malicious compromise. IT organizations are busy adapting to this new reality by actively looking at ways to identify and protect data at risk while controlling access and managing the data lifecycle. EDP Strategy: A Business Enabler The following brief history illustrates why successful organizations increasingly believe an EDP strategy is a critical and essential business enabler. The Early Days: Data Secure in Physical Location Businesses have used some form of data protection since the first days of data processing in the mid-1960s with early mainframe computers. Whether controlling access to tapes, systems, applications, or firewall ports, these tactics formed the prevailing data security practices and built up walls of defense around data. Back when it was stored in perhaps two physical locations and

PGP White Paper Enterprise Data Protection 5 processed in one, data was usually available only as a representation: a green screen or daisywheel printout. Physical security rooms, locks, and monitoring provided a fort-like barrier to protect the data. Breaking the Barriers: Data Moves to Multiple Locations As networks and computing power advanced in the early 1990s, businesses leaped to enhance productivity, reduce costs, and enhance the customer experience. Bandwidth limitations, storage constraints, and the lack of standards continued to relegate most data to traditional data centers. To protect these data centers, enterprises erected firewalls and added VPNs to enable access, creating a digital fort to keep out unauthorized users and malicious code. Anywhere, Anytime: Data Lives in Thousands of Locations With the availability of broadband and inexpensive mass storage, data can no longer be controlled through a few pipes and gates. This new environment results in the customer database, current and forecasted financials, or complete patient records becoming immediately available on individual laptops or removable USB flash drives. Along with increased mobility and easier access, however, comes the heightened risk of data theft or loss. Organizations cannot afford to ignore the potential consequences of a data breach significant remediation and legal costs, loss of customers, regulatory penalties, brand damage and hope to remain competitive. EDP Architecture: Securing Data Wherever It Goes The need to manage and control access to data has led to an evolution in data security. Because data is increasingly transferred across multiple systems and networks, organizations must now detect when it is at risk or and secure it automatically using persistent protection that works both inside and outside the enterprise. The easiest way to meet this goal is with a centrally managed solution that controls policy and data access without requiring end users to make enforcement decisions or burdening administrations with complicated and resource-intensive tasks. This comprehensive approach ties security to the data. Built-in data protection separates how data is transferred, stored, and used from the security controls, reducing the risk incurred by human decision-making and increasing usability for end users. EDP comprises four integral technology solutions working together: Protect At the core of EDP is the need to Protect the data itself. Industry experts agree that standards-based encryption enables a data-centric approach to security. 2 Encryption locks down and follows data wherever it goes, making it accessible only to authorized users. For EDP to scale effectively, enterprise encryption must be managed centrally with automated 2 Forrester Research, Inc., Secure The Data, Not Just The Underlying Infrastructure, May 2006

PGP White Paper Enterprise Data Protection 6 key and policy management. This approach makes encryption interoperable, transparent to users, and flexible enough to respond as new data security needs emerge and evolve. Detect As data moves in and out of the enterprise and is stored on servers or workstations, data leakage prevention solutions search for data at risk, enabling the Detect layer. They identify risks and then help IT executives evolve their EDP strategies to include remedies that mitigate exposure. These solutions can also enforce policy, such as requiring encryption at the Protect layer. Access Authentication, including hardware tokens/smart cards and identity management, ensures only authorized credentials are allowed, controlling Access to data. Strong authentication plays an important role through to the Protect layer, enabling authorized encryption users to access data. For example: a cryptographic smart card with a private key and encryption provides both access and protection controls. Manage Ensuring business continuity requires that data is available and redundant throughout its lifecycle, from creation to archive. Storage management, backup, and archive solutions provide a layer to Manage data, making efficient use of storage and accessible even in the event of a disaster or system malfunction. Encryption: the Core of Enterprise Data Protection Regardless of the business driver, encryption is becoming widely recognized as the solution to protect data wherever it goes. At the core of EDP, encryption serves to provide the encompassing Protect layer that obscures data from unauthorized access. If encrypted data is somehow lost or stolen, it remains useless. Even if someone violates access controls, encrypted data will still be protected. This level of critical protection is why more than 30 U.S. states provide safe harbor from mandated consumer notification in the event of a data breach involving encrypted data. In countries such as the U.K. where the need for breach mitigation is just emerging, protecting their brand and reputation is the major reason enterprises adopt encryption solutions. 3 Encryption also serves to segment access as needed, helping to maintain separation of duties and roles. This separation means confidential information in emails cannot be read by an IT administrator, for example. Enterprise Encryption Solutions Today, the process of protecting data with encryption is automated and operates in the background, transparent to end users. Encryption is enforced by centrally managed policy while corporate access to data is always maintained. Most important, key management is integrated and automated, enabling administrators to focus on user and policy management instead of key maintenance. Point encryption solutions that protect only one type of data or one locale are rapidly being replaced by a platform that scales to provide a range of security options, depending on where data is stored, how it is shared, and who needs access. This approach provides operational and management efficiencies as well as consistent data security that can scale to meet new needs as they emerge and evolve. Examples of today s enterprise encryption solutions include full disk encryption, USB storage policyenforced encryption, network file encryption, and transparent email encryption performed at the 3 The Ponemon Institute, 2007 Annual Study: U.S. Enterprise Encryption Trends, February 2007; 2007 Annual Study: U.K. Enterprise Encryption Trends, April 2007

PGP White Paper Enterprise Data Protection 7 desktop or email gateway. True enterprise encryption removes the barriers of complexity, performance, and cost once associated with encryption. 4 Enabling a Strategic Approach: PGP Solutions Recognizing the critical business need to protect data while controlling costs, PGP Corporation developed the PGP Encryption Platform with encryption applications for enterprises. The PGP Encryption Platform is deployed with the first encryption application, making installation of a separate or additional infrastructure unnecessary. As a result, the PGP Encryption Platform lowers operational costs and accelerates time to deployment of new encryption applications. Most important, the PGP Encryption Platform provides the automated services, centralized management, consistent policy enforcement, and extensible framework needed to develop and deliver a robust EDP strategy. Figure 1: The PGP Encryption Platform and Encryption Applications Integrated Applications PGP Corporation and its partners deliver integrated applications that automatically provide and use the management, policies, provisioning, and other services delivered with the PGP Encryption Platform architecture. Key management, policy enforcement, provisioning, and reporting and logging for the PGP Encryption Platform architecture are provided by PGP Universal Server. As the foundation of the PGP Encryption Platform architecture, PGP Universal Server provides an extensible framework that supports scalable, centralized gateway and desktop encryption management, deployment automation, and policy enforcement across PGP Encryption Platform enabled applications. PGP Corporation develops applications that include and deploy the PGP Encryption Platform when first installed. Subsequent applications then leverage this framework, speeding deployment and preserving administrative resources: 4 Cooper, Lane F., Enterprise Encryption in the Financial Services Sector, InfoTech, 2006

PGP White Paper Enterprise Data Protection 8 PGP Whole Disk Encryption Provides comprehensive, nonstop encryption for securing all files on desktops, laptops, and removable media, transparently securing all disk contents, including system and temporary files, and enabling quick, cost-effective protection for sensitive data. PGP NetShare Enables teams to securely share documents on file servers by automatically and transparently encrypting the files for fine-grained group access. PGP Desktop Email Secures email communications from the sender s email client to the recipient s and all points in between automatically, using centrally defined, policybased encryption. PGP Universal Gateway Email Delivers standards-based enterprise email encryption and digital signatures without client software. Rest Secured. The Enterprise Data Protection approach now allows IT to execute on business needs without making security a separate project or an afterthought. Instead, security is already built in: protecting, detecting risk, controlling access, and managing data. As part of a comprehensive, strategic EDP solution, PGP encryption can provide the core level of data protection. PGP encryption products build security into the most commonly used applications, protecting data wherever it exists from outbound email, to file servers, to removable storage devices such as USB flash drives. PGP Corporation 3460 West Bayshore Road Palo Alto, CA 94303 USA Tel: +1 650 319 9000 Fax: +1 650 319 9001 Sales: +1 877 228 9747 Support: support.pgp.com Website: www.pgp.com 2007 PGP Corporation All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form by any means without the prior written approval of PGP Corporation. The information described in this document may be protected by one or more U.S. patents, foreign patents, or pending applications. PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners. The information in this document is provided as is without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. This document could include technical inaccuracies or typographical errors. All strategic and product statements in this document are subject to change at PGP Corporation's sole discretion, including the right to alter or cancel features, functionality, or release dates. Changes to this document may be made at any time without notice.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information