Published on November 13, 2013
For your eyes only - Encryption and DLP Erkko Skantz Symantec Finland 1
USER PRODUCTIVITY INFORMATION MANAGEMENT DATA CENTER SECURITY 2
Focus on information 3
Today's System-Centric Enterprise Data Center Field Offices Point of Sale Field Headquarters 4
Today's System-Centric Enterprise Data Center Field Offices 1 in 10 people have lost a laptop, smart phone, or USB drive with corporate information on it Point of Sale 12,000 Field Headquarters Laptops lost in United States airports every week 5
Today's System-Centric Enterprise Data Center Field Offices 1/2 of corporate data resides on mobile Point of Sale devices Field Headquarters 6
Information is the most important asset you have Data Center Field Offices Point of Sale Field Headquarters 7
Where to get started? Where to implement encryption and DLP? 8
Recovey point- and time objective How much data can I afford to lose? How long does it take to get my system up again? CRASH 24 Hours 1 Hour Last backup taken 1/2 Hour Impact of data loss? 1 Hour System up again 9
The Mistakes that Companies Often Make Disk Encryption Find tactical solution Create keys Deploy infrastructure USB Encryption Find tactical solution Create keys Deploy infrastructure Mobile Encryption Find tactical solution Create keys Deploy infrastructure 10
Pay attention 11
Encryption is Easy 1) Take a document 2) Create a key and encrypt the document / file / disk • Most customers think they are buying an encryption application. Don’t make this mistake. • Ask for management platform for encryption. 12
Administration can be difficult 1) Encryption management is UNLIKE any other administrative responsibility 2) Normally, administrative responsibilities end when the user leaves / quits 3) You must manage an encryption key for as long as there is encrypted data! 13
Suggested roadmap FTP, batch, backup transfer Smartphone solutions File/folder/shared server encryption End-2-end email encryption Full disk encryption Encryption Management Server Device and media encryption Gateway email encryption 14
Full disk encryption, the easy way 15
Symantec Full Disk Encryption • Encrypts desktops, laptops, and USB drives • Protects against – Personal computer loss / theft / compromise / improper disposal • Reduces risk of data loss • Protects against reputation damage • Enables business continuity without disrupting user productivity • Demonstrates compliance to regulatory standards • Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification 16
Symantec Full Disk Encryption Deployment Encryption Management Server Clients LDAP Software Deployment Tool • Flexible .MSI and .PKG formats • Support for SMS, Zenworks, Altiris, AD GPO • Deploy to: Windows, (including Windows Server), Windows 8 (BIOS and UEFI), Mac OS X, Ubuntu, and Red Hat clients 17
Full Disk Encryption How It Works Step 1 Step 2 Step 3 Step 4 Step 5 Step 6 Policy and Provisioning Initial Encryption Pre-Boot Environment Authentication Compliance Helpdesk • User is presented with modified preboot environment on reboot (or resume from hibernation) • User logs in using passphrase or smart card • Administrators configure policy on Symantec Encryption Management Server • Deploy installation package(s) to Windows (or Mac OS X/Linux) laptops/desktops • Install Symantec Drive Encryption client • System is encrypted, blockby-block • Administrator views logs and reports on Symantec Encryption Management Server • Forgotten passwords • Unavailable employee • Machine recovery 18
It is about the information Symantec Drive Encryption Situation Product & Solution Result Bag (+computer) lost at the airport or stolen from the car. Symantec Drive Encryption: Encrypt all laptops and desktops. The laptop was encrypted and the data was inaccessible by unauthorized users. Because the data was encrypted, the company did not have to report the breach. The company did not suffer a public blackeye. 19
It is about the information THEME: Cloud Storage Situation Product & Solution Result Employees are storing confidential documents in the cloud. They are doing this for collaboration purposes. Symantec File Share Encryption: Encrypt data on internal file shares and data on cloud storage lockers. All data being stored in the cloud is encrypted prior to being sync’d into the cloud. Data is secure from 3rd party cloud companies as well as from compromise of account information to the cloud. 20
It is about the information THEME: Email Situation Product & Solution Result Email administrators are reading the email of the Executive staff Symantec Desktop Email Encryption: Encrypt and decrypt emails at the desktop level before leaving the desktop to the mail servers. Emails are secured on the desktop. Email admins can still access the emails on the mail server, but cannot read them because they are encrypted. Backups of the emails remain encrypted and secured. 21
Information encrypted Objectives • Keep data secure • Meet compliance objective • Protect the business • Control costs and liabilities Tasks • Protect data at rest Products MANAGEMENT • Product data in motion • Protect in use ENDPOINT ENCRYPTION FILE AND SERVER ENCRYPTION EMAIL ENCRYPTION 22
Complete Encryption Platform Full Disk Encryption (FDE) Device and Media Encryption FTP/Batch and Backups Management File/Folder/Shared Server Encryption Central Management of Encryption Applications Symantec Encryption Management Server Key Management PGP® Key Management Server (KMS) End-End Email Gateway Email Encryption Smartphone Solutions 23
The alternative option for encrypting everything 24
Where is your confidential data? DISCOVER How is it being used? MONITOR How best to prevent its loss? PROTECT 25
How Symantec DLP Works DATA LOSS POLICY DETECTION RESPONSE Content Context Action Notification Credit Cards Who? Notify User SSNs What? Justify Manager Intellectual Property Where? Encrypt Security Prevent Escalate Find it. Fix it. 26
Symantec Data Loss Prevention 27
Symantec Data Loss Prevention Products STORAGE Network Discover ENDPOINT Endpoint Discover NETWORK Network Monitor Endpoint Prevent Network Prevent for Email Data Insight Mobile Email Monitor Network Protect Mobile Prevent Network Prevent for Web Management Platform Symantec Data Loss Prevention Enforce Platform 28
Symantec Data Loss Prevention Architecture Secured Corporate LAN DMZ STORAGE MTA or Proxy Network Discover - Data Insight - Network Protect MGMT PLATFORM Enforce NETWORK Network Monitor - Network Prevent – Mobile Email Monitor – Mobile Prevent ENDPOINT Endpoint Discover - Endpoint Prevent SPAN Port or Tap 29
Continuous Risk Reduction 1000 Visibility Incidents Per Week 800 Remediation 600 400 Notification 200 Prevention 0 Risk Reduction Over Time Competitive Trap 30
Putting it all together 31
Defense in Depth: DLP and Encryption Gateway DLP: FIND Removable Storage ENCRYPTION: FIX File-Based 32
Thank you Questions? - firstname.lastname@example.org 33
DSS Conference: Presentations and Abstracts. Displayed Time Zone is: ...
This is not only in US is is ... Attend GTEC Conference ... To save this item to your list of favorite Dark Reading content so you can ...
Registration. 1 / 3 . Yes, I want to learn about other offers ... your membership is automatically extended at the Usenet Relax rate of $8,25/month ...
Advertising Programmes Business Solutions +Google About Google Google.com © 2016 - Privacy - Terms ...
National Security Agency/Central Security Service Public Information. Back to Top. NSA.gov Site Navigation. NSA CSS. Toggle Search. Skip Search Box. Search ...
symantec. Symantec Acquires PGP and ... DSS Symantec PGP Encryption Fortress ... DSS ITSEC 2013 Conference 07.11.2013 - For your eyes only - Symantec
View 35936 • Pgp posts, presentations, experts, and more. Get the professional knowledge you need on LinkedIn ... Symantec (112 members) IBM (66 ...
Rapidgator.net: Fast, safe and secure file hosting. News; ... You can however easily unsubscribe from auto renewal on your Rapidgator.net profile page. Q.