TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE



Similar documents
Best Practices for Protecting Laptop Data

Striking the Right Balance for

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Enterprise Data Protection

Service Overview CloudCare Online Backup

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Keep Your Data Secure: Fighting Back With Flash

BANKING SECURITY and COMPLIANCE

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Solid-State Drives with Self-Encryption: Solidly Secure

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

Managing BitLocker Encryption

How Endpoint Encryption Works

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

Data-Centric Security vs. Database-Level Security

Kaspersky Lab s Full Disk Encryption Technology

Navigating Endpoint Encryption Technologies

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Self-Encrypting Hard Disk Drives in the Data Center

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

Understanding Northwestern University s contract with Symantec. Symantec Solutions for Cost Reduction & Optimization

Protecting Data-at-Rest with SecureZIP for DLP

Complying with PCI Data Security

SecureAge SecureDs Data Breach Prevention Solution

etoken Single Sign-On 3.0

Making Endpoint Encryption Work in the Real World

S E A h a w k C r y p t o M i l l CryptoMill Technologies Ltd.

A BUYER S CHECKLIST ENDPOINT DATA PROTECTION:

Cloud Backup and Recovery for Endpoint Devices

CLOUD ATTACHED STORAGE. Protect your data, protect your business

Cloud Software Services for Schools

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

How did Wiki Leaks happen?

BEST PRACTICE GUIDE TO ENCRYPTION.

Online Backup Plus Frequently Asked Questions

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Removable Media Best Practices

Cloud and EVault Endpoint Protection Your best friend in Data Protection

HOW TO REALLY IMPLEMENT HIPAA. Presented by: Melissa Skaggs Provider Resources Group

Protecting Your Data On The Network, Cloud And Virtual Servers

Avoid the Top 5 Epic Fails of Enterprise Endpoint Backup

EMC DATA DOMAIN ENCRYPTION A Detailed Review

Sharpen your document and data security HP Security solutions for imaging and printing

USB Portable Storage Device: Security Problem Definition Summary

BEST PRACTICES. Encryption.

DriveLock and Windows 7

Automatic Drive Locking: Securing Digital Content Storage in the Digital Home

HIPAA Compliance for the Wireless LAN

Backup Exec Private Cloud Services. Planning and Deployment Guide

Brochure Achieving security with cloud data protection. Autonomy LiveVault

Disk Encryption. Aaron Howard IT Security Office

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Bring Your Own Device (BYOD) and Mobile Device Management.

USB Portable Storage Device: Security Problem Definition Summary

Convenience and security

Symantec Backup Exec 11d for Windows Servers New Encryption Capabilities

How To Protect Your Data From Being Hacked

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Hosted File Backup for business. Keep your data safe with our cloud backup service

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

SafeNet Data Encryption and Control. Securing data over its lifecycle, wherever it resides from the data center to endpoints and into the cloud

Samsung SED Security in Collaboration with Wave Systems

Guidelines on use of encryption to protect person identifiable and sensitive information

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Websense Data Security Suite and Cyber-Ark Inter-Business Vault. The Power of Integration

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

The True Story of Data-At-Rest Encryption & the Cloud

Death to PST Files. The Hidden Costs of

The virtual safe: A user-focused approach to data encryption

Mobile Data Security Essentials for Your Changing, Growing Workforce

SERVICE DEFINITION G-CLOUD 7 CLOUD BACKUP. Classification: Open

Is Cloud Backup good insurance for your brokerage?

High Security Online Backup. A Cyphertite White Paper February, Cloud-Based Backup Storage Threat Models

USER-MANAGED FILE SERVER BACKUP:

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

Document Imaging Solutions. The secure exchange of protected health information.

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Enova X-Wall LX Frequently Asked Questions

For more information on how to build a HIPAA-compliant wireless network with Lutrum, please contact us today!

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Ensuring Security and Compliance of Your EMC Documentum Enterprise Content Management System: A Collaborative Effort of EMC Documentum and RSA

IBM Information Archive for , Files and ediscovery

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Proactive controls to mitigate IT security risk

ScoMIS Encryption Service

ScoMIS Encryption Service

WHITE PAPER KEEPING CLIENT AND EMPLOYEE DATA SECURE DRIVES REVENUE AND BUILDS TRUST PROTECTING THE PROTECTOR

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

PCI DSS COMPLIANCE DATA

Cloud Software Services for Schools

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

March PGP White Paper. Transport Layer Security (TLS) & Encryption: Complementary Security Tools

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Powered by. FSS Buyer s Guide Why a File Sync & Sharing Solution is Critical for Your Business

Data Security using Encryption in SwiftStack

Transcription:

TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE

TODAY S HIGHLY MOBILE WORKFORCE IS PLACING NEW DEMANDS ON IT TEAMS WHEN PROTECTING LAPTOP DATA To guard this corporate data at all times, companies can follow a number of data protection and encryption best practices, especially related to how encryption keys are managed. Incorporating these best practices into your IT organisation can reduce data storage needs, get more out of your existing IT budgets and free up your team to work on more valueadded projects. 02 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

PROTECTING LAPTOP DATA AT ALL TIMES Protecting your company s growing digital assets and complying with regulations is one of your top IT priorities. To do this, you are probably following the highest available encryption standards within your datacentre. You likely have a backup policy that you enforce to help maintain business continuity. And, as a server-centric organisation, you may even have a policy that prohibits employees from keeping sensitive information on their laptops. After all, with a highly mobile workforce, some of your company s most critical data assets are on these laptops - at the edge of your network. However, end user dependant policies can only do so much to protect data. If a data breach occurs at the edge, your customers, investors and fellow employees will be most concerned about the exposure, not comforted that you have reprimanded an employee for not following the data policy in place. This paper outlines five areas to consider in data protection, as well as best practices to ensure your data is as secure as it can possibly be. These five areas are: Ensuring security for data at rest Facilitating security for data in motion Enabling security for backed up and restored data Pairing encryption with secure data de-duplication Easing IT management and support Fortunately, there are a number of encryption best practices you can take to help protect your company s laptop data at all times - at rest, in motion, during backup and in restoration if a laptop is lost or stolen. 02 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

UNDERSTANDING THE KEY TO ENCRYPTION BEST PRACTICES Before delving into the best practices, it is important to understand the process of encryption and the questions it brings up around key management. In its simplest definition, encryption uses an algorithm to convert data into an unreadable state, which can then be unlocked with a key and converted back into a readable state. Standards like the US governmentapproved 256-bit Advanced Encryption Standard (AES) specify which algorithm to use and how keys should be generated. The output is a cryptographically random encryption key that can then be used to encrypt or decrypt the data when needed. As it turns out, encrypting data is relatively easy to do, especially now that encryption standards are being built into laptops and operating systems. However, key management - the way in which keys are generated, processed and managed - is significantly more difficult. For example, if you comply with the 256-bit AES standard, apply it to corporate data, and scale it across 100 or 1,000 or 100,000 employees, it can become exceedingly hard to manage the large number of cryptographically random encryption keys. Some prevailing market solutions have skirted this issue by taking a derived key approach. The most common option is to use a password, which translates into a 128-bit or 256-bit key that is used to encrypt and decrypt the data. This method relies on employees with laptops to remember the password, keep it private and change it at regular intervals as per your IT policy. Unfortunately, passwords can also be easy to guess. Other web-based market solutions take a stored key approach, keeping the key in a storage centre to decrypt the data when you need it on the web site. In this case, anyone who has access to the servers would have a copy of the key list to your data and could decrypt it. Clearly, this approach is not providing the full measure of security available. To increase your company s laptop security, remember to use: Multiple keys across your data sets so that if a single key is compromised, only a subset of your data is exposed At least 256-bit keys so your keys are of sufficient length Cryptographically random encryption keys, rather than derived keys, to realise the full strength of the encryption process 03 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

BEST PRACTICES FOR ENCRYPTING LAPTOP DATA Since key management is the crux to making a solution secure and private, it is important to think about the ways your encryption keys are being generated, processed and managed. Following are five scenarios to consider along with forward-thinking best practices you can adopt to make sure all of your data is protected - all of the time. Ensuring security for data at rest The first step is to make sure that your employees laptop data is properly encrypted while on the hard drive. This will help keep it safe if a laptop is lost or falls into the wrong hands. The traditional method for securing data on a laptop hard drive is whole-disk encryption. Software installed on the device works to encrypt the applications, operating system and disk all the way down at the hardware level. To use a laptop with whole-disk encryption, employees must often provide a password as soon as they turn on the device, known as a preboot authentication, and then a second separate password to authenticate to the operating system. One of the downsides of whole-disk encryption is that once the laptop is unlocked and the system is up and running, all the data on the device is unprotected. Other people using the laptop or coming in over the network through background processes like malware can access the at rest data on the laptop in an unencrypted way. Another issue is performance. Encrypting and decrypting every piece of data takes time, which slows down the device and can annoy on-the-go employees. Yet another downside is relying on employee behaviour as it relates to policy enforcement. For example, some employees may not activate the boot-level password for fear of getting locked out of the system. A final issue is deployment; whole-disk encryption solutions can be difficult to deploy, require more set up time and can increase help desk call rates. Best practice #1 The more advanced and performance-friendly alternative is file and folder-based encryption. This flexible method encrypts data as it is stored on the laptop and decrypts it when an employee opens an application file, which greatly reduces the performance penalty. File and folderbased encryption also ensures that data is protected whether the laptop is on or off. Equally important, the encryption method is transparent to employees, not requiring them to remember additional passwords to secure sensitive data on their laptops. This will curtail employee resistance and minimise IT help desk calls to request password changes. Managing this approach is easy at the IT level too. File and folder-based encryption is straightforward to deploy and support. IT administrators can use policy-based granularity to select specific files and folders to encrypt as employees use them on the laptop. By using automatic policy-based enforcement, rather than employee behaviour-based enforcement, you gain much greater protection and security. Facilitating security for data in motion The next area to consider relates to encryption factors around data in motion. If you are going to allow employees to copy files to USB drives or burn data to CD/DVD ROM drives, make sure you are using an encryption solution that follows with the files as they are being copied off the laptop and onto the portable media. Best practice #2 Ironically, the first thing to do when securing data in motion does not relate to encryption. Instead, you start by defining the read/write access permissions for the different ports on the employee s laptop. This procedure is sometimes also called device control. After you have set your device access control permissions, then you can turn your attention to how data is protected in transit. To do this, create a policy to minimise data leaks - known as Data Leak Prevention (DLP) - so that you are using strong encryption on data being transferred through the ports that you allow to be used. One of the most commonly overlooked areas for protecting data in motion is when data is being moved for backup purposes. In this case, you first need to ensure that data being moved is encrypted before it leaves the laptop. Secondly, you also want to ensure the transmission is secure while the data is in transit by using a Secure Sockets Layer (SSL). If you do not do both, your corporate data will be exposed at either end of the process. 04 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

Enabling security for backed up and restored data The third area to consider is making sure that data in backup is properly encrypted, with a secure transmission and a lock-tight storage facility. As described above, the derived and stored key approaches have limitations that can leave your corporate data at risk. The answer lies in how the keys are managed. A related area comes into play when an employee loses a laptop or a hard drive goes haywire. It is best from a support-cost perspective to allow employees to recover data themselves in a self-service manner. However, when facilitating this, you need to make sure that the employee or their new laptop is properly authenticated to IT. In addition, if the data needed to be encrypted in the first place, when it is recovered to the new laptop, it should also be forced to be in an encrypted state. Best practice #3 The best way to ensure that your corporate data stays private and secure during backup is to generate and manage cryptographically random keys in a scalable way. Similarly, the way in which the key is managed is critical to enabling data to be restored when the original laptop is not available. In addition, in a recover situation, remember that you do not want old data left on the stolen laptop. Ideally, the data on the laptop should have been encrypted so the first thing you would do is destroy the key, and then the data on the lost laptop, either through a command or a timed poison pill. This step removes the thief s greatest asset in trying to gain access to the lost datatime. Such digital shredding should also be done so that the data is not retrievable using disk recovery tools. Pairing encryption with secure data de-duplication The fourth area to think about is how encryption impacts the amount of data you have to store. More than likely, your corporate data is stacking up at a rapid pace - and that is driving up your datacentre storage costs in the process. To address this, you may use data deduplication, whether on the client-side (laptop) or the target-side (storage location), to eliminate duplicate data blocks, and thus have less data to store. However, traditional data de-duplication and encryption work at odds with one another. Data that is encrypted using different encryption keys looks random and thus cannot be de-duplicated. This incompatibility leaves you in a data backup bind as you have to falsely decide which is more important: security or storage budgets. One workaround used by most backup vendors is to decrypt the data, perform data de-duplication and then re-encrypt the data, but this process leaves your corporate data vulnerable in the unencrypted state gaps. The key also has to be known and thus is equally vulnerable. Another option is to perform data deduplication across encrypted data by sharing one key across all employees, but this makes the solution only as strong as a single key. Neither choice is optimal. Best practice #4 Secure, automated key management makes it possible for encryption and data de-duplication to work together. The best way to do this is to complete the encryption process up front and then run data de-duplication on the encrypted data using a secure key escrow system. This breakthrough concept allows you to gain the storage cost benefits of data de-duplication with the strong protection realised by multiple, cryptographically random encryption keys. Easing IT management and support The last encryption area for you to assess comes down to manageability - for both your company and your IT team. Yet all too often, ease of use is sacrificed for a secure encryption solution. The reality is that the more friction your employees experience, the more likely they will work around the security solution. Conversely, the more friction-free your encryption solution is, the greater the adoption rate, which leads to better overall security for your company. Best practice #5 The best way to deliver on the data security and privacy promise is to find an end-to-end solution that is easy to deploy (ideally a silent install) and integrate with your existing desktop management infrastructure. Most of all, you need a friction-free solution that minimises forgotten passwords and keeps your IT help desk team focused on more important priorities. 05 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

ALVEA SECURE ENDPOINT BACKUP SOLUTIONS ENCOMPASS BEST PRACTICES Incorporating these five encryption best practices into your comprehensive IT security plan can reduce your data storage needs and simplify your IT encryption management processes. The ALVEA Services solution answers this call with an end-to-end approach to encryption and keys - from key generation, to key management, to key storage. Specifically, ALVEA Secure Endpoint Backup Services: Uses the file and folder-based encryption approach and takes it one step further with a smart approach to key management Enables port access control and follow-along encryption for data in motion Employs a secure, automated key management process for backing up and restoring data that allows encryption and de-duplication to work together Brings all these security features into a friction-free solution that will result in easy deployment and enforcement - and fewer help desk requests With this broad range of functionality, ALVEA Secure Endpoint Backup can make your business more resilient. Now your IT department can help keep control of corporate data assets and meet regulatory requirements while allowing your company s highly mobile employees to be as productive and effective as possible. 06 TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA - A BEST PRACTICES GUIDE

THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. COMPUTERLINKS UK LTD Contact ALVEA Services w: www.alvea-services.com e: info@alvea-services.com t: +44 (0)1638 569 889

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information