Академический Документы
Профессиональный Документы
Культура Документы
Ahmad Elkhatib
khatib@umich.edu
COMPANY CONFIDENTIAL
Who, from the audience, uses these devices?
COMPANY CONFIDENTIAL
Who, from the audience, has lost one of these
devices?
COMPANY CONFIDENTIAL
Why Secure Data?
COMPANY CONFIDENTIAL
Why Secure Data? – Network vs. Endpoint Security
Social Engineering
Network Intrusion
COMPANY CONFIDENTIAL
Why Secure Data? – Mobility Is The Future
% Penetration
Population
high-speed wireless 60
network access
40 Anchored Desktop
• Advancements in Internet
application platforms 20
0
• Proliferation of push e-
mail to smartphones and
2000
PDAs 2005
2010
Contacts,
Calendar
Cell
Phones
COMPANY CONFIDENTIAL
Mobile Device Hierarchy
Contacts,
Calendar
Cell
Phones
COMPANY CONFIDENTIAL
Cost Impact of Lost Equipment
Replacement $1000-$3000
Hardware
Software
Recovery
Police report $2000-$10000
Insurance claim
Data recovery effort
User downtime
Image Priceless
Damaged reputation
Resulting lawsuits
Loss of customers
Lost shareholder confidence
COMPANY CONFIDENTIAL
Global Statistics
COMPANY CONFIDENTIAL
Global Statistics
Information Loss
Lost or stolen
computer equipment
80%
20%
Network
intrusion
COMPANY CONFIDENTIAL
Global Statistics
COMPANY CONFIDENTIAL
Primary Research
COMPANY CONFIDENTIAL
Public Exposure & Impact
COMPANY CONFIDENTIAL
Compliance & Legislation
COMPANY CONFIDENTIAL
Compliance & Legislation
95/46/EC (Europe)
European Union Directive 95/46/EC
COMPANY CONFIDENTIAL
Compliance & Legislation
DPA (UK)
Data Protection Act
COMPANY CONFIDENTIAL
Compliance & Legislation
SB HIPAA
1386
GLBA
SOX(CA,
(US)
(US)US)
Georgia Senate Bill 245 & HB 1368 (US)
Health
California
Insurance
Gramm-Leach-Bliley
Senate
Sarbanes-Oxley
Portability
Bill 1386
& Accountability
Act
&Act
SB 1350 Act
COMPANY CONFIDENTIAL
Compliance & Legislation
COMPANY CONFIDENTIAL
Compliance & Legislation
PIPEDA (Canada)
The Personal Information Protection & Electronic Documents Act
COMPANY CONFIDENTIAL
Compliance & Legislation
COMPANY CONFIDENTIAL
Mobile Data Platforms
Symbian Palm OS
PC & Smartphone
Linux Laptops
COMPANY CONFIDENTIAL
Complete Data Protection
Unprotected
Secured Information
File Encryption
Full Disk
Encryption Whole Disk Encryption
COMPANY CONFIDENTIAL
FDE Technology
• Hardware
– Seagate
– Stonewood FlagStone
• Software
– Pointsec (acquired by Checkpoint)
– Utimaco
– Safeboot
– GuardianEdge
• Operating System
– Windows Vista BitLocker
COMPANY CONFIDENTIAL
Hardware
However
COMPANY CONFIDENTIAL
Software
However
• Interoperability
• Platform dependant
• Performance
COMPANY CONFIDENTIAL
Operating System
However
COMPANY CONFIDENTIAL
Must have features
COMPANY CONFIDENTIAL
Recovery
COMPANY CONFIDENTIAL
More Must have features
• 4 Methods of Recovery
– User forgot password?
– User left company?
– Operating system died?
– Catastrophic Failure?
• Enterprise Access
– Works with forensics tools
• Imaging
– Re-image Boot Volume with Windows
– Create new “Gold” images w/ Ghost
• Multifactor Authentication
– Authentication at preboot with USB tokens and/or smart cards
COMPANY CONFIDENTIAL
Centralized & Automatic Logging
COMPANY CONFIDENTIAL
Product Portfolio – Encryption Solutions
Symbian Palm OS
Pocket PC
Removable Media
PC & Smartphone
Linux
COMPANY CONFIDENTIAL
How to protect
• Pour glue ?
• Procure PCs without any data ports
• Active Directory group policy
• Third party software
– Centennial Software Device Wall
– Pointsec Device Protector (f.k.a Reflex Disknet Pro)
– Securewave Sanctuary
• On device encryption chip
– LaCie SAFE
– Kingston
– Safeboot for USB
– SECUREDISK
– … many other hardware vendors
COMPANY CONFIDENTIAL
Protection of Data on Removable Media
Complete Protection
COMPANY CONFIDENTIAL
Other Avenues of Data leakage
• Infrared
• Bluetooth
• WiFi networks
• PCMCIA
• Serial
COMPANY CONFIDENTIAL
Mobile Data Platforms
Symbian Palm OS
COMPANY CONFIDENTIAL
Mobile Devices – Key Features
• Real-Time Encryption
– Automatic on-the-fly encryption of all data
stored on a device, including encrypting
Microsoft Outlook data (E-mail, Calendar &
Contacts)
– Persistent storage encryption
• Removable Media Encryption
– Entire disk encrypted
– Cards can be shared
• Unencrypted Media Policy
– Enable organizations to allow / disallow
use of unencrypted removable media
• Enforceable Mandatory Access Control
– Prevents unauthorized use of the device and
prevents the authorized user from uninstalling
security software
COMPANY CONFIDENTIAL
Questions
COMPANY CONFIDENTIAL