Using End User Device Encryption to Protect Sensitive ......Apr 29, 2015 · Using End User Device...
Transcript of Using End User Device Encryption to Protect Sensitive ......Apr 29, 2015 · Using End User Device...
Using End User Device Encryption to
Protect Sensitive Information
April 29, 2015
Mel Jackob, CISSP, GSEC, ePlace Solutions, Inc.
William Ewy, CIPP/US, ePlace Solutions, Inc.
William Ewy, BSEE, CIPP/USHost
• Privacy and Data Security Practice Manager, ePlaceSolutions, Inc.
• International Privacy Manager at Agilent Technologies
• Various positions in Marketing and Quality with Hewlett-Packard in California, Hong Kong, and Beijing
4
Mel Jackob, CISSP, GSEC, CISA, MCTePlace Solutions Inc.
• Senior Cyber Security Consultant ePlace Solutions, Inc.
• Director of IT/Cyber Security at L-3 Communications
• Senior Cyber Security Consultant at Microsoft
• Senior Lead Security Engineer at NMCI
5
Legal Compliance Materials: regulatory summaries, sample policies, procedures, plans, and agreements
Email List: monthly newsletter, privacy and data security tips, and “Data Security Alerts”
Specialist Support: by phone or email
Risk Assessment Guides: step-by-step procedures to lower risk
Training & Awareness Programs: online courses, bulletins, and webinars
Handling Data Breaches: summary of breach notification requirements, sample incident response plans, etc.
1
2
3
4
5
6
Loss prevention services and information for cyber insurance policyholders
6
7
• The basics of static encryption
• Device encryption technologies/considerations
• Examples of available hardware and software-based solutions
• Conclusions
Encryption is Not a Silver Bullet
• Cracking the encryption algorithm. Over time, algorithms become compromised. Because of this it is important to securely remove (digitally wipe or shred) sensitive information, even if encrypted, from devices when no longer needed.
• All software, including encryption, can have defects (e.g. bugs) and backdoors that can allow unauthorized access if discovered.
8
Data Security Basics
• Limit sensitive personal information collected to the minimum necessary as required by organizational purposes
• Encrypt all sensitive information stored on mobile devices (laptop PC, smartphone, tablet, USB stick, DVD, etc.)
• Completely destroy sensitive information when no longer needed
9
Cryptography
• Cryptography hides data from unauthorized individuals
• Collection of Software, Protocols, Algorithms and Keys
• Cryptosystems draw their strength from the Algorithms, the length and Randomness of the Keys used and other Mathematical factors
10
Cryptography – Methods of Encryption
• Symmetric (Same key used to encrypt and decrypt)• N(N-1)/2=Number of Keys• Symmetric Encryption Algorithms
• Data Encryption Standard (DES)• Triple-DES (3DES)• Blowfish• IDEA• RC4,RC5, and RC6• Advanced Encryption Standard (AES)• (128,192, and 256 bits)
• Asymmetric (Public, Private Keys)11
What is Data
• Data is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected
• Users store data on variety of Endpoints
• Whatever form the Data takes, or means by which it is shared or stored, it should always be appropriately protected
12
Value of Data Security
• Protects information against various threats
• Ensures business continuity
• Minimizes financial losses and other impacts
• Optimizes return on investments
• Creates opportunities to do business safely
• Maintains privacy and compliance
13
Impact of Laptop Thefts
• www.privacyrights.org
Average 50% of reported breaches involved laptop theft
14
Internet Attacks
15
• Launch video
Integrity
Safeguarding the accuracy and completeness of information and
processing methods
Availability Ensuring that information is available when required
ConfidentialityMaking information accessible
only to those authorized to use it
Data Security Preserves “CIA” -
16
Endpoint Encryption Strategies
• Full Disk Encryption
• How Software Disk Encryption Works
• How Hardware Disk Encryption Works
• File/Folder Encryption
• How File/Folder Encryption Works
• Removable Media Encryption
• How Removable Media Encryption Works
17
Full Disk Encryption Recovery
• Lost or forgotten passphrase
• Self Recovery (Computer is not Managed)
• Computer has not communicated with the management server with a set communication interval
• One time Password
• Data corruption resulting from hardware failure or other factors such as a data virus
• Preinstallation Media
18
Folder/File/Removable Media
Encryption Recovery OptionsLost or forgotten Certificate or Password
• Automatic Key Archiving for Recovery of Encrypted Data
• Recovery Certificate
• Have a backup copy of your data
19
Criteria for Selecting Endpoint
Encryption Solution(s)
• Identify compliance requirements• Conduct a risk assessment• Specify requirements • Expect to support multiple endpoint
technologies• Expect to provide training • Thoroughly engineer the processes for
endpoint encryption• Test the encryption system and the procedures
for user management20
Criteria for Selecting Full Disk Encryption
Products
• Device deployment
• Product management
• Compatibility
• Authentication service integration
• Key recovery
• Cryptography
• Self Destruct Mechanism
21
Leading Full Disk Encryption Products
• Check Point Full Disk Encryption
• McAfee Endpoint Encryption
• Microsoft BitLocker Drive Encryption
• Sophos SafeGuard Enterprise
• Symantec PGP Whole Disk Encryption
• WinMagic SecureDoc Disk Encryption
• Trend Micro
22
Conclusion
• Changes in the endpoint landscape have an impact on endpoint encryption architectures.
• Organizations must understand the business risk and compliance requirements regarding data theft and data loss and make choices to support a wide variety of devices.
• Solutions should support a heterogeneous infrastructure that may need to include full-disk encryption software, self-encrypting drives, file/folder encryption, smartphones and tablets, and personal storage devices
23
Mel Jackob, CISSP
ePlace Solutions, Inc.
Senior Cyber Security Specialist
Tel.: 559-261-9293
William Ewy, CIPP/US
ePlace Solutions, Inc.
Privacy and Security Practice Manager
Tel.: 559-577-1252
25