Data Protection Policy Compliance using Notebook Hard Disk Drive Encryption

1
Data Protection Policy Compliance usingNotebook
Hard Disk Drive Encryption
2
Encryption one element of Smart Security
Security Involves Several Focus Areas
3
Why Data Encryption? Breaches Can Be Costly!

• When a breach occurs, organizations can lose
  money.
• They may be required to publicly disclose the
  breach, significantly damaging an organizations
  public image.
• They are generally required to notify persons
  whose information was exposed - involving
  communication costs perhaps financial
  compensation.
• They may experience lost productivity costs when
  staff is repurposed to address a breach.
• They may face fines from the FTC or business
  partners.
• Many industries are now subject to governmental
  regulation and/or industry security compliance
  guidelines

4
Costs of a Security Breach
2007 Estimated Cost/Lost Record
Forrester Research 90-3051
Ponemon Institute 1972

• Direct Costs
• Notification Costs - organizations can incur
  costs associated with legal fees, mail
  notification letters, calls to individual
  customers, increased call center costs and
  discounted product offers
• Lost Productivity Costs - organizations can incur
  costs when employees and contractors are diverted
  from their normal duties in order to address data
  breach controls
• Fines
• Certain federal privacy statutes include fines
  for violations that can amount to tens of
  thousands of dollars3
• In 2006, Visa and MasterCard announced levying of
  fines from 10K-100K against transaction
  processors that fail to keep transactions
  secure4,5
• In 2006, the FTC issued 15 million in fines when
  an Atlanta-based consumer data broker lost more
  than 163,000 personal records to insurance and
  credit companies in February 20056
• Lost Shareholder Value and Goodwill
• Stock prices can take temporary or long term
  drops eg, an Atlanta-based data broker had lost
  about 20 of its stock value 2 years after losing
  163,000 personal records7

Footnoted references are recorded at the end of
this presentation.
5
Who can be Affected? Virtually Everyone!

• Any organization can be at risk if, for instance,
  they lose employee records

6
What can organizations do?

• Strong data encryption can protect private
  information from unauthorized access
• Data encryption can help address federal and
  state privacy requirements
• At least 39 states have enacted legislation
  requiring the notification of security breaches
  involving personal information
• Many federal laws that have been enacted also
  seek to ensure protection of private information
• Encryption can be hardware-based or software-
  based
• Hardware-based Seagate Momentus Full-Disk
  Encryption (FDE) drives
• Software based Software encryption solutions
  exist from a variety of third-party independent
  software vendors

Rigorous standards apply and can vary by state -
check with a local legal expert for a complete
set of requirements for your state According to
the National Conference of State Legislatures,
December 12, 2007
7
Hardware vs. Software Encryption
Dell recommends hardware encryption for new
system purchases.
8
Dell FDE Hard Drive Solution

• Solution Components
• Select Dell Latitude D-series notebooks, with
• Seagate Momentus 5400 FDE.2 hard drive
• Dell Embassy Security Center with Wave Trusted
  Drive manager
• Wave Embassy Remote Administration Server
  Software (running on your Dell server)
• Implementation of Dells Security Best Practices
• http//www.dell.com/security/bestpractices/

ENTERPRISE NETWORK
Embassy Remote Administration Server

• LOCAL PC

FDE DRIVE
Embassy Trusted Drive Manager
Seagate DriveTrust Technology
Implementation of Dells Security Best Practices
Seagate Momentus hard drives and Dell Embassy
Security Center are also available on select
Precision mobile workstations
9
Dell FDE Hard Drive Solution

• Single-user Solution
• This offering allows individual users to
  configure and control their personal access to
  encrypted data on their hard drive. The offering
  provides the following features
• Authenticate user in BIOS
• Simple Sign On capability
• Single-user passwords management
• Manual backup and restore for keys

Dell Embassy Security Center
Factory-installed software

• Key Components
• Seagate Momentus FDE hard drive
• Factory-installed Dell Security Center with
  Trusted Drive Manager

• Managed Enterprise Solution
• Using the ERAS software, IT departments can
  remotely manage clients with FDE hard drives,
  providing documentation on the state of a drive
  when a system has been lost or stolen. With ERAS
  server software, you can
• Enable remote deployment management of FDE
  hard drives
• Take ownership of TPMs
• Enable identity authorization provisioning
  from Active Directory

Single-user Solution
Embassy Remote Administration Server (ERAS)
Note Additional Wave security solutions
detailed in backup slides
10
Client Encryption Evaluation Program
Cross-over Network cable
Reviewers Guide
Server System with Embassy Remote
Administration Server
Client System with Dell Embassy Security Center
11
Backup Materials
12
References

• Calculating the Cost of a Security Breach"
  Khalid Kark, Forrester Research, April 10, 2007.
• "2007 Annual Study U.S. Cost of a Data Breach,"
  The Ponemon Institute.
• Health Insurance Portability and Accountability
  Act of 1996 - Public Law 104-191, 104th U. S.
  Congress, August 21, 1996
• Visa and MasterCard take new steps to stop
  credit card fraud, Jeremy Simon, Creditcards.com
  Article, November 27, 2006 (http//www.creditcards
  .com/visa-and-mastercard-take-new-steps-to-stop-cr
  edit-card-fraud.php)
• Visa USA Pledges 20 Million in Incentives to
  Protect Cardholder Data, Visa Corporate Press
  Release, December 12, 2006 (http//corporate.visa.
  com/md/nr/press667.jsp)
• ChoicePoint Settles Data Security Breach Charges
  to Pay 10 Million in Civil Penalties, 5 Million
  for Consumer Redress, Federal Trade Commission
  Press Release, January 26, 2006
• The Hidden Cost of IT Security, Network
  Security Journal, Cindy Waxer, April 16, 2006
  http//www.networksecurityjournal.com/features/hid
  den-cost-of-IT-security-041607/