DSS @Arrow_Inspiration_Roadshow_2013_Symantec_Extends_Encryption_Offerings
Post on 19-Jan-2015
547 Views
Preview:
DESCRIPTION
Transcript
ARROW INSPIRATION DAY, RIGA
Symantec Deepens
Encryption Offerings
Raivis Kalniņš
Agenda
2
Data LifecycleEncryption can Start AnywhereWhole Disk EncryptionRemovable Storage EncriptionFile and Email EncriptionFile/Folder EncriptionEncyiption Management
Data Lifecycle
The director of finance downloads data from
the customer database. He drafts the “Year End” results spreadsheet and saves it on his desktop
PC.
3
Data Lifecycle
The director of finance downloads data from
the customer database. He drafts the “Year End” results spreadsheet and saves it on his desktop
PC.
The director stores a copy of “Year End” results in a shared
directory on a corporate server for
the finance team.
4
Data Lifecycle
The director of finance downloads data from
the customer database. He drafts the “Year End” results spreadsheet and saves it on his desktop
PC.
The director stores a copy of “Year End” results in a shared
directory on a corporate server for
the finance team.
The finance manager accesses the “Year End” results, adjusts the numbers, and
emails the file to the company’s outside accountant.
5
Data Lifecycle
The director of finance downloads data from
the customer database. He drafts the “Year End” results spreadsheet and saves it on his desktop
PC.
The director stores a copy of “Year End” results in a shared
directory on a corporate server for
the finance team.
The accountant accesses the email on a handheld and forwards it with comments to a colleague. She reviews “Year End” results and saves it on a laptop and a thumb drive.
The finance manager accesses Year End results, adjusts the numbers, and emails
the file to the company’s outside accountant.
6
Data Lifecycle
The director of finance downloads data from
the customer database. He drafts the “Year End” results spreadsheet and saves it on his desktop
PC.
The director stores a copy of “Year End” results in a shared
directory on a corporate server for
the finance team.
The accountant accesses the email on a handheld and forwards it with comments to a colleague. She reviews “Year End” results and saves it on a laptop and a thumb drive.
The colleague gives the thumb drive to the onsite auditor, who transfers “Year End” results to his laptop so he can review it later at home.
The finance manager accesses Year End results, adjusts the numbers, and emails
the file to the company’s outside accountant.
7
Data Lifecycle
How many people had access to data today?
- Director of Finance- Finance Team- Outside Accountant- Outside Accountant’s Collegue- Onsite Auditor
The Encryption Discussion Can Start Anywhere
9
Field
Data Center Headquarters
Field Offices
What is the organizational policy on USB drives? Could there potentially be intellectual property (IP) on these drives?
Email protection regulations and mandates?
What is being downloaded to employee systems? Trojans, malware,
unauthorized software?
Tangible/intangible costs of a lost laptop – customer data? Personnel data? IP?
Are there customeraddresses stored on mobile phones?
Data on HR/Legal/Finance/Other Shared servers residing in the
clear?
Nightly transactions / backups sent outside the organization?
Barriers to Sale and Value Proposition
10
Potential Barriers Description Value Proposition
Encryption solutions are complex
Ease of implementation, ongoing management, long-term cost of ownership
Experience: Solutions are easy to deploy
Limited resources
Need to share IT staff across multiple activities. Endpoint encryption should integrate with existing IT infrastructure
Leverage: Uses existing infrastructure architecture
Substantial training required
Substantial upfront and on-going investment in training costs
Simple: Little or no training required for end-users
Resistant end-usersNeed to preserve existing workflows; not change how users perform their job
Transparent: User behavior need not change significantly
Diverse devicesMandated to protect all devices containing sensitive data.
Comprehensive: Protection across devices, platforms
Symantec Strategy
Things to rememberEncryption is not a new technology, but it is a
security control that has NOT been introduced into a majority of environments.
Most companies don’t have a lot of experience with Encryption and their criteria is based off of Internet research (hastily done) or a vendor. There is rarely expertise in the field.
Most companies are looking at Encryption in the face of an event: lost/stolen system, audit and/or regulatory hit.
Most companies are on an aggressive deployment schedule.
Encryption on the Endpoint
PGP – Whole Disk Encryption
Whole disk encryption for desktops, laptops, and Windows® servers. Supports Windows®, Mac OS® X, and Linux® platforms
Encrypts desktops, laptops, and USB drives
Protects against personal computer loss, theft,
compromise and improper disposal
Reduces risk of loss of PII (Personally Identifiable
Information) and other sensitive data
Protects against reputation damage
Demonstrates compliance to regulatory standards
Supports Windows, Mac OS X, and Linux
Whole Disk Encryption – How it Works
Symantec EE Management System
High availability Web services transport, communications
Database server mirroring, failover and HA
Active Directory replication, failover
Supports Windows cluster services
Seamless integrationDirectory services
Software deployment
User authentication
Workgroup encryption
Wake on LAN
Leverages familiar, proven technologiesActive Directory, IIS, SQL Server, Linux, ASP.NET, PKI, and so on
Simple to deploy, easy to learn and support
Scalable >100,000 endpoints per server
16
Symantec Endpoint Encryption – Full Disk
17
Policies Auditing
Full-Disk Encryptio
n
Opal Self-Encrypting Drives
High-performance, true full disk encryption
Pre-boot user authenticationRapid deployment and
activationExtensive support for smart
cards, CAC, and PIVNon-disruptive maintenance
and patchingSupports Windows and Mac
OS X
Symantec EE – Removable Storage
Secure portable data at rest– Enforce mandatory removable
storage encryption policies
– Access and re-encrypt data from any PC or Mac
Granular file and folder based encryption– Allow encrypted and unencrypted
data on user devices
– Enforce policy-controlled exemptions by file type and device
18
Centralized – IntegratedManagement Console
Policies Auditing
Removable MediaEncryption
File and Email Encryption
Where Is Sensitive Data at Risk?
Gateway Email Encryption – How it Works
Desktop Email Encryption – How it Works
File/Folder Encryption
23
User file protection
Shared file protection
Distributed file protection
Protect shared files and folders
Protect transferred files and folders
Protect individual files and folders
PGP NetShare, PGP Command Line
PGP NetShare
24
Client-based Protected File Sharing
?
Finance encrypts a file on the server using PGP NetShare
11Finance allows HR to view/edit the file on the server
22HR can view and edit the file on the server 33
HR saves the file to the server and PGP NetShare maintains protection
44 55 Sales tries to view the document and the document is unreadable
When the document is copied to backup tape, it remains protected
66
PGP Command Line
Scriptable Encription– A complete library of encryption commands – Simplifies encryption integration into business practices
Wide Range of Platforms– Supported on over 35 supported operating systems
Windows, Linux, Solaris, Mac OS X, HP-UX, IBM AIX, iSeries, zSeries– Runs with most scripting languages, such as Perl, Python,
JavaScript, and more
Many Uses– End-to-end protection for the internal or external transfer of files– SDA enabled distribution of files via CD, DVD or file servers
lockboxes– Encryption protection and recovery of backed-up and archived
files
25
File encryption for server protection & file transfer
PGP Command Line – How it Works
26
Data Distribution
Data Distribution
File TransferFile Transfer
Data BackupData Backup
> pgp –es dbdump.sql – r admin@company_a.comdbdump.sql:encrypt (0:output file dbdump.sql.pgp)
> pgp –es dbdump.sql – r admin@company_a.comdbdump.sql:encrypt (0:output file dbdump.sql.pgp)
Encryption Management
Centralized management for all of the PGP® Applications
27
Central Administration- Manages users from a central location.
Supports LDAP integration- Provides tools to help manage and deploy
clientsPolicy Enforcement
- Controls when encryption must be usedReporting and Logging
- Tracks device and data encryption and user events
Key Management- Ensures that keys stay protected with proper
access controls, along with mechanisms available for safe data recovery
Defense-In-Depth: Encription + DLP
28
Encryption Management
29
Thank you!
Raivis Kalniņšraivis@dss.lvinfo@dss.lv GSM: +37129162784GSM: +37126113545
top related