Full Disk Encryption Drives & Management Software The Ultimate Security Solution For Data At Rest
Agenda Introduction Information Security Challenges Dell Simplifies Security Trusted Drive Technology Seagate Momentus 5400 FDE.2 Disc Drives Wave Systems EMBASSY Trusted Drive Manager and Remote Administration Server
Information Security The need for data protection at the endpoint Virtually all companies are vulnerable to loss of data Data is the company, and increasingly, data can be put anywhere The client device is becoming the main threat vector for security Diverse mobile workforce Users need real-time access to data, sometimes sensitive data Variety of users with access to critical data that cannot be exposed Lost information on client devices Laptop thefts have become an epidemic Increased mobility leads to increased risk of loss or theft of devices
Information Security Broad set of information security challenges Maintaining regulatory compliance Compliance is a mandate, whether you want to do it or not Safekeeping of customer data Loss of data could expose personal information of thousands, or even millions, of customers, placing them at risk for identity theft Ensuring internal security policies Organizational check and balance against maintaining compliance Protecting corporate intellectual property Fundamental requirement of management s job
Regulatory Compliance Navigating the sea of regulations and standards Regulations and standards on the rise Personal Privacy HIPAA Gramm-Leach-Bliley CA SB 1386 PCI Corporate Governance Sarbanes-Oxley J-SOX, Euro SOX International Trade MiFID Source: Gartner, Inc. Hype Cycle for Regulations and Related Standards 2007 by French Caldwell et al, January 15, 2007
Regulatory Compliance A closer look at data protection legislation State Sample of State Notice of Breach Laws Law Potential Safe harbor for encrypted data Arkansas A.C.A. 4-110-105, SB 1167 Yes California Cal. Civ. Code 1798.82, SB 1368 Yes Connecticut Conn. Gen Stat. 36A701(b) Yes Illinois 815 Ill. Comp. Stat. 530/I Yes Minnesota Minn. Stat 325E.61, HF 2121 Yes Nevada Nev. Rev. Stat. 603 A.220, SB 347 Yes New York N.Y. Gen Bus. Law 899-aaA-4254, A-3492 Yes Many states have potential safe harbor rules for Notice of Breach laws Proving your data was encrypted, at the time the device was stolen, can avoid the need for your organization to publicly disclose the breach For general information only. Always consult an attorney for advice regarding compliance with these laws
Analyst Quotes Encryption of all sensitive information on notebooks should be considered mandatory Gartner, Inc. Windows Vista BitLocker: Good, but Not Great by Jeffrey Wheatman and Neil MacDonald, January 5, 2007 Companies should select systems that provide centralized policy management, comprehensive reporting and automated policy enforcement. Aberdeen, 2006 Given that encryption everywhere will shortly become a reality, the issue then becomes one of managing the encryption infrastructure The 451 Group, Dec 2006
Why Don t Organizations Encrypt? The primary reasons cited for not encrypting sensitive or confidential information according to the survey: System Performance 69% Complexity 44% Cost 25% FDE software places a heavy processing burden on the hard drive and CPU Installation and maintenance can be a complex and time consuming process The true cost is in the IT resources required to maintain the solution * Ponemon Institute s 2005 National Encryption Survey
Dell Data Protection: Different Constituents, Different Needs C Level Executive Compliance Compliance Compliance User Easy Fast Invisible IT Staff Secure Low Cost Manageable
Dell Simplifies Data Security 1 st in the industry to deliver a managed end-to-end hardware encrypting solution Performance By integrating the encryption process on the drive controller itself, there is no performance penalty for the end user Ease of Use Easy to set up, always turned on, and easy to provide audit reporting for compliance purposes Strength of security By placing the encryption keys in the hardware, the keys simply do not exist outside of the hard drive Lower ownership costs Integration with Active Directory limits on-going management costs
Dell Data Security Solution For Mobile Users Dell Latitude or Precision Notebook Seagate Momentus 5400 FDE.2 HDD Wave Trusted Drive Manager Wave Embassy Remote Administration Server Implementation of Dell s Security Best Practices The World s Most Secure Commercial Notebook
Evolution of Data Protection: Migration to Hardware History has shown that technology optimization naturally migrates from software applications to hardware in core computing functions. Data protection is no different. Application Layer Software FDE OS Integration Vista BitLocker / EFS Hardware Integration Hardware Encrypting Drives Fast, Simple, Low Cost!
Seagate Momentus 5400 FDE.2 Disc Drives Protecting Your Data Where It Lives Industry Leading Storage 80GB & 120GB 2.5 Disc Drive Perpendicular recording technology SATA 1.5 Gb/s Momentus 5400 FDE.2 Drive Solution for lost or stolen notebooks High performance encryption Strong hardware security ideal closed cryptographic storage system Instant Cryptographic Erase DriveTrust Technology Hardware encryption AES 128 bit Integrated access control Protected storage partitions
The Trusted Drive Solution Wave Software Delivers Strong pre-boot access control Simple user interface Advanced administrative controls Centralized remote management Activity logs for auditing and compliance validation Seagate DriveTrust Technology Embassy Trusted Drive Manager Embassy Remote Administration Server
EMBASSY Trusted Drive Manager Life Cycle Management of FDE Drives Initialize DriveTrust functions User management Add user Delete user Unlock drive Security Policy Management Lock enable/disable Instant cryptographic erase Backup/recovery passwords Reset drive Pre-boot authentication Remote/Automated functions Remote management/initialization Recovery agent Conformance checking / logging
Simple User Experience Drive is locked at power up FDE Drive Authentication Screen Authentication screen is displayed User selects their User ID and enters Password Drive unlocks and Windows boots normally Benefit: User interface is easy, simple, and invisible when unlocked
EMBASSY Remote Admin Server Centralized management and policy control Integration with identity, policy, and management infrastructures Active Directory Group Policy Objects Zero Touch remote management GUI Scripts ERAS Server Engine MIB ERAS Supports FDE drives and TPMs Enterprise WMI Infrastructure Audit and transaction logs for compliance Organizational Unit Organizational Unit Organizational Unit Organizational Unit
Simplify Solution Deployment ERAS Software Configuration Bundle On-Site Training + Wave ERAS server = Simplified Deployment of Hardware Encryption Solution Configuration and Training package includes 20 User license of Wave Embassy Remote Administration Server One day on-site training & support from a Wave engineer Benefit: Configuration of 20 clients Training to install & configure the Trusted Drive Manager and ERAS software for additional clients Instructions for ordering additional software licenses from Dell Guidelines on how to get software support from Wave Systems In as little as 2 to 4 weeks, you will have a centrally managed, end-to-end hardware encryption solution
How do I get it? Dell notebooks, with Seagate FDE drives and Wave s EMBASSY Trusted Drive Manager, are currently available on Dell Latitude D531, D630, ATG, D830 and Precision Mobile M4300 and M6300 models. The Wave Embassy Remote Administration Server software, and ERAS Software Configuration Bundle, are available today from your Dell account team. Customer kits will be made available in January 2008.