Trusted Computing

a better alternative!

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Threats and liability have increased

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Security technologies

EnterpriseNetwork

Threats

Liability

SecurityTechnology

ClientServer

Distributed Computing

Hackers Viruses

Password Token/SmartCard

Software FDE

DLP

1990

2000

2010

Future

kept pacehave not

HIPAAFERPAEU Directive

SOXPIPEDA (CA)Notice of Breach

Threats and liability have increased

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Security technologies

EnterpriseNetwork

Threats

Liability

SecurityTechnology

ClientServer

Distributed Computing

GlobalNetworks

Hackers Viruses

Malware

Advanced Persistent Threats (APT)

Password Token/SmartCard

Software FDE

DLP TPM

1990

2000

2010

Future

kept pacehave not

Encrypting

Drive

HIPAAFERPAEU Directive

SOXPIPEDA (CA)Notice of Breach

PCIFFIECHITECH

NERCFED RegsState/Local Regs

Data Leakage and Targeted AttacksA Clear and Present Danger

What is your security plan?

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Insanity: Doing the same thing and expecting a different result.

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Security should be this easy

Makes on-going security decisions easier.

Solves today’s challenges and tomorrow’s.

Is an integral part of the systems you buy.

Allows for “plug-n-play” choices (universal).

Operates seamlessly and transparently

Covers devices, data and applications

Delivers comprehensive centralized control

Provides the knowledge to prove information is protected.

Cost-effective, transparent and hassle-free

The ideal security solution

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Trusted Computing Group

Founded in 2003 - currently137 Member Organizations

Standardized by Trusted Computing Group

Created by industry experts

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Framework to solve security challenges

Mobile Phones

Authentication

Storage

Applications• Software Stack• Operating Systems• Web Services• Authentication• Data Protection

Infrastructure

Servers

Desktops & Notebooks

Security Hardware

NetworkSecurity

Printers & Hardcopy

Virtualized Platform

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

NSA Trusted Computing Conference

2010 – 375 attendees; 40 vendors

2011 – 620 attendees; 60 vendors

September 2012 - ??

application layer

software FDE

integration with OS

Microsoft BitLocker

hardware integration

Self Encrypting Drives

Encryption solutions have evolvedBetter integration means better security

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Self Encrypting Drives: the technical basics

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Opal Self Encrypting Drives (SED) were introduced in 2009 SEDs have their own processor and RAM – making them

impervious to software attack. Encryption keys are stored in the drive controller chip

and never leave. Always-on AES encryption means all of the data is

protected all of the time. Drive-level verification blocks all read/write functions

until the user is verified. Support SATA interfaces and are FIPS 140-2 certified. Available in spinning disks or solid state. A wide selection from Hitachi, Micron, Samsung

and Seagate Seagate has shipped over 1M drives Dell, HP and Lenovo sell at little to no added cost

SEDs have zero impact on performance

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00

Read

Write

Extensive Data Read / Writes

Seagate Momentus 7200 Seagate Momentus 7200 SED

0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00

Software Encryption #3

Software Encryption #2

Software Encryption #1

Avg Software FDE

Seagate SED

Seagate (No Encryption)

Drive Throughput - Heavy Data Reads

1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010

SED encryption is virtually instantaneous

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010

41.26

54.76

26.37

40.80

23.22

21.42

0.00 10.00 20.00 30.00 40.00 50.00 60.00

Software Encryption #3

Software Encryption #2

Software Encryption #1

Avg Software FDE

Seagate SED / Wave Embassy

Seagate (No Encryption)

Time to Return from Hibernation

23 Hr 46 Min

8 Hr 9 Min

3Hr 16 Min

0 Minutes - Data Encryped as loaded

0 200 400 600 800 1000 1200 1400 1600 1800 2000

Software Encryption #3

Software Encryption #2

Software Encryption #1

Self Encrypting Drive

Time Required to Encrypt Drive

SEDs offer big savings

Total Numer of PCs that require FDE 1,000PC Lifespan 3 Managed Software Wave Managed SED

Acquistion CostsClient Software $0.00 $0.00Enterprise Software (Mgmt) $75.00 $100.00SW Maintenance $56.25 $75.00Hardware $40.00 $20.00Total Acquisition Cost (per seat) $171.25 $195.00Total Acquisition Cost $171,250.00 $195,000.00

Deployment CostsFDE Setup & Configuration $76.34 $19.60Total Deployment Cost (per seat) $76.34 $19.60Total Deployment Cost $76,336.71 $19,602.27

Ongoing Mgmt CostsAvg. Incremental Cost to Maintain w/FDE $299.66 $117.61Added IT Cost for Re-imaging a PC with FDE $33.43 $0.00User Productivity Cost (do to re-imaging) $29.61 $0.00Avg Cost to Sanitize (Wipe) a Hard Drive $3.29 $0.00Total Mgmt Cost (per seat) $365.98 $117.61Total Mgmt Cost $365,981.42 $117,613.64

Total Cost of Ownership (TCO) Per Seat $613.57 $332.22 Total Cost of Ownership (TCO) $613,568.13 $332,215.91

Processor: I5 2.5GHz to 2.6GHzMemory: 2GB to 4GB

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

SED Case Study: Big 3 US Automaker

100,000 + end users with various backgrounds and technical skill sets

Very complex and global infrastructure. Needed for a single solution that was hassle free and low

cost Attempted software FDE but could only deploy about 4500

platforms over 3 years – high costs and failure rates SED Pilot phase – 45 days and 250 users Deployed about 100,000 SEDs over a 2 year period

Passwords can be easily guessed or stolen

Software certificate private keys can be readily and unknowingly exported with “jailbreak”

RSA tokens have been shown to be vulnerable to attack

Consider: additional layers of device security

+ =

The status quo is no longer good enough

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Data Encryption

Known Users

Known Devices

+ REAL SECURITY

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Trusted Platform Module:the technical basics.

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

The Trusted Platform Module (TPM) was introduced in 2003. Today over 500 million systems have TPMs. Creates and protects secrets.

Inherently secure against brute force attacks. Establishes “chain of trust” for keys and credentials. Supports PKI X.509 digital certificates. Performs digital signature operations.

Securely measures, stores and reports on integrity metrics. Holds platform measurements (hashes).

It’s already in every computer you own!

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Devices are a proven foundation for network security

Mobile phones, cable and satellite boxes

Billions of devices connect directly to today’s sophisticated global networks

Eliminates the risk of unknown devices infecting the network with viruses.

Strengthens user authentication by providing a second factor – the device.

Security you already own and have deployed across your entire organization.

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

TPM Case Study: PricewaterhouseCoopers (PwC)

Security footprint: 150,000 employees, across 850 locations in 142 countries

Concerned about non-authorized users on the network. The use of TPM proved successful in mitigating “Jailbreak”

risk. Virtually all of PwC’s computers had TPMs. TPM-based certificates for VPN and WiFi access Cost analysis found that smartcards were at least 2X TPM

and USB tokens were 3X TPM. 85,000 seats into their rollout TCG standards can be implemented in small, manageable

steps without changing the current infrastructure

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.

Choose Trusted Computing

How can I get started today?

Add self-encrypting drives to all new laptop orders If using BitLocker, ensure TPMs are used for BL key

protection and they are managed Protect your VPN and WiFi software certificates with the

TPM Restrict network access to only known devices Consider platform integrity to defend against APTs Question your vendors about their plans for delivering

provable security

Ask us how

877-228-WAVE

sales@wavesys.com

www.wave.com

Visit our web site for case studies and white papers.

© 2011 Wave Systems Corp. Confidential. All Rights Reserved.