Commercially Proven Trusted Computing Solutions RSA 2010

Similar documents
Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Using BroadSAFE TM Technology 07/18/05

Enhancing Organizational Security Through the Use of Virtual Smart Cards

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

ACER ProShield. Table of Contents

Kaspersky Lab s Full Disk Encryption Technology

DriveLock and Windows 7

How To Secure An Emr-Link System Architecture

Dell Client. Take Control of Your Environment. Powered by Intel Core 2 processor with vpro technology

OPENIAM ACCESS MANAGER. Web Access Management made Easy

Navigating Endpoint Encryption Technologies

The Time has come for A Single View of IT. Sridhar Iyengar March 2011

The Centrify Vision: Unified Access Management

Mobile device and application management. Speaker Name Date

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

DriveLock and Windows 8

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

Guide to Evaluating Multi-Factor Authentication Solutions

Samsung SED Security in Collaboration with Wave Systems

Mobile Data Security Essentials for Your Changing, Growing Workforce

RSA SecurID Two-factor Authentication

Rethink Remote Access

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

The New Key Management:

Intel Active Management Technology Embedded Host-based Configuration in Intelligent Systems

Chapter 1: Introduction

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Mobile Device Management:

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

STRONGER AUTHENTICATION for CA SiteMinder

EndUser Protection. Peter Skondro. Sophos

Securing Data in Oracle Database 12c

Solid-State Drives with Self-Encryption: Solidly Secure

Facebook s Security Philosophy, and how Duo helps.

An Overview of Samsung KNOX Active Directory and Group Policy Features

A Total Cost of Ownership

Blending Embedded Hardware OTP, SSO, and Out of Band Auth for Secure Cloud Access

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

How Drive Encryption Works

Securing Sensitive Data

Overview. Edvantage Security

Information Technology Branch Access Control Technical Standard

Introduction to Cyber Security / Information Security

HP ProtectTools Client Security Solutions Manageability for Customers with Limited IT Resources

Architecture Guidelines Application Security

SecureAge SecureDs Data Breach Prevention Solution

EMC DATA DOMAIN ENCRYPTION A Detailed Review

How To Secure Your Mobile Device

Need to be PCI DSS compliant and reduce the risk of fraud?

Asset. Unicenter Management r11

Introducing etoken. What is etoken?

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Single Sign-On: Reviewing the Field

Oracle Desktop Virtualization

Solution Recipe: Improve Networked PC Security with Intel vpro Technology

Symphony Plus Cyber security for the power and water industries

modules 1 & 2. Section: Information Security Effective: December 2005 Standard: Server Security Standard Revised: Policy Ref:

Odyssey Access Client FIPS Edition

THE BLUENOSE SECURITY FRAMEWORK

ATA DRIVEN GLOBAL VISION CLOUD PLATFORM STRATEG N POWERFUL RELEVANT PERFORMANCE SOLUTION CLO IRTUAL BIG DATA SOLUTION ROI FLEXIBLE DATA DRIVEN V

Applying Cryptography as a Service to Mobile Applications

Privileged Identity Management

Lync SHIELD Product Suite

User Guide. Version R91. English

Miami University. Payment Card Data Security Policy

Splunk Enterprise Log Management Role Supporting the ISO Framework EXECUTIVE BRIEF

A M D DA S 1. 0 For the Manageability, Virtualization and Security of Embedded Solutions

Mobile Device as a Platform for Assured Identity for the Federal Workforce

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

2003, Rainbow Technologies, Inc.

Complying with PCI Data Security

BlackBerry 10.3 Work and Personal Corporate

GINA Implementation in the RSA Authentication Agent 6.1

MSP Center Plus Features Checklist

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Rethink Remote Access

ADDING STRONGER AUTHENTICATION for VPN Access Control

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

PCN Cyber-security Considerations for Manufacturers. Based on Chevron Phillips Chemical Company PCN Architecture Design and Philosophy

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

Securing the Journey to the Private Cloud. Dominique Dessy RSA, the Security Division of EMC

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Security Considerations for DirectAccess Deployments. Whitepaper

Locking down a Hitachi ID Suite server

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

APIs The Next Hacker Target Or a Business and Security Opportunity?

Enabling Single Sign-On for Oracle Applications Oracle Applications Users Group PAGE 1

Two Factor Authentication for VPN Access

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

6231A - Maintaining a Microsoft SQL Server 2008 Database

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication. An InformationWeek Webcast Sponsored by

Chapter 4 Application, Data and Host Security

Security Strategies: Controlling Privileged Account Access

CREDANT Encryption Solutions Overview

Oracle Identity Management for SAP in Heterogeneous IT Environments. An Oracle White Paper January 2007

Transcription:

Commercially Proven Trusted Computing Solutions RSA 2010

Hardware Self-Encrypting Drives (SEDs) Unique Security Features Encryption below the file system Hardware root-of-trust for encryption Tamper resistant packaging Unique Compliance Feature Hardware root-of-trust for management Unique usability Features Always encrypting architecture Management Best Practices TPM Capabilities & Usage 2

SED: Commercially Successful Trusted Computing Solution WHY Best-in-Class Security Embedded & Robust Ease of Management Central Control & Local Autonomy Ease of use Transparent & Responsive Supply Chain alignment HDD Vendors, ISV, PC OEMs, Customers Standards based 3

SED Unique Data Protection Attributes: Encryption module is embedded in the drive hardware SED partition table and the file system are encrypted Reduced Attack surface, especially off-line attack Encryption module has embedded management & access control functions Provides a hardware Root-of-Trust for encryption Always-Embedded key management effectively adds 2-Factor data protection Factor 1: Drive access credentials Factor 2: Encrypting hardware with embedded key Tamper resistant features in the embedded packaging e.g. Simple lockout latch can force a power-cycle after 5 consecutive failed auth attempts Power-cycle delay makes a password attack impractical SED 3 separate layers of security integrated in a single embedded hardware module 4

SED Unique Secure Management Attributes: Hardware embedded User & Administrator roles Hardware Root-of-Trust for management Embedded strong authentication for management access Enables exclusive remote ownership of management functions Server is exclusive proxy owner of all drives Unique strong management credentials required for each drive Single point of management for all drives No local admin or user can modify/disable security settings Secure centralized log of all management actions Forensic legitimacy Hardware Root-of-Trust for encryption management Forensically complete & legitimate record of all management actions in case of PC loss or theft 5

SED Unique Ease-of-use Attributes Hardware embedded encryption is Always On Always Encrypting even when Drive Locking is disabled Drive locking ENABLED imposes hardware embedded access control on the Encryption key Switching to encryption-on is instantaneous. No lengthy data conversion Below the file system encryption does not impact OS patch operations No decryption/encryption necessary on OS patches & upgrades SED usability features Embedded encryption operates at media speeds - no performance hit Pre-boot intelligence to support secure Windows SSO & WPS Hardware embedded encryption is transparent Reduced management and support overhead Embedded form factor puts enterprise-class data-protection in the reach of the SMB / SOHO Factory integrated Unified Support 6

SED Management: Best Practices Always Embedded key management architecture Exclusive server based ownership of all SED management privileges Disable local management Tamper evident central audit logs Role based fine grained authorization of server administrative functions Plus standard usability features SSO WPS Pre-boot log Helpdesk Auto-provisioning S3/S4 Support Logging / Query Alerting / Alarm Reporting AD / MMC integration External Drives Clients outside the firewall Foreign Clients (Non-domain) Scripting Crypto-Erase ETC, ETC, ETC 7

TPM security attributes: Trusted Platform Module (TPM) OS Independent Cryptography Hardware Root-of-Trust for Storage Hardware Root-of-Trust for Management Tamper resistant packaging Hardware embedded SmartCard Apps Interoperable with Microsoft CA Interoperable with Kerberos Strong Authentication: The PC is the token Software CSPs have been compromised Jailbreak tool coupled with local admin rights can enable impersonation TPM protects with Hardware embedded security Secure Authorization & Signing for all types of Applications VPN, Wi-Fi, Kerberos, Signing, S-Mime, SAAS SSO / Federation 8

Summary Unique Security features Encryption is below the file system Hardware root-of-trust for storage Tamper resistant packaging Unique Compliance feature Hardware root-of-trust for management Unique usability features Always encrypting architecture Management Best Practices Come Visit Wave at Booth #1849 TPM capabilities & Usage 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information