We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKaden Fallick
Modified over 2 years ago
Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008 Allstate Insurance Company
Agenda Allstate and Information Security – A Snapshot View Laptop Encryption – Goals, Expectations, Priorities Technology Acquisition – Vendor Selection Process Vender Solution Deployment Lessons Learned
©2008 Allstate Insurance Company Allstate At A Glance The Allstate Corporation is the nations largest publicly held personal lines insurer. A fortune 100 company with $156.4 billion in assets. Allstate sells 13 major lines of insurance, including auto, property, life and commercial. Allstate also offers retirement and investment products and banking services. Allstate is widely known through the Youre In Good Hands With Allstate® slogan. The Allstate Corporation encompasses more than 70,000 professionals with technology operations located around the globe. More than 17 million customers in the U.S. and Canada. Allstates strategic vision is to reinvent protection and retirement for the consumer.
©2008 Allstate Insurance Company Allstates Vision for Information Security Aligned with Corporate and Technology Strategy Security Solutions Prioritized Based Upon Risk Operational Excellence – Security as a Service Comprising People, Processes, and Technology
©2008 Allstate Insurance Company Local Data Protection Goals Reduce Risk of Exposure Minimize Recovery and Support Costs Ensure Compliance Enable Productivity and Ease of Use Leverage Investment in Existing IT Infrastructure
©2008 Allstate Insurance Company Local Data Protection Priorities Policy Holder and Applicant Data Employee Data PHI Credit Card Numbers Confidential Data Financial Information – Pre Earnings Release Communications to Competitors, Partners and Suppliers Source Code Competitive Sensitive Information
©2008 Allstate Insurance Company Local Data Protection Approaches File Encryption Laptops Desktops Full Disk Encryption Laptops Desktops Encryption of Removable Media USB-enabled Devices – Flash Drives, iPods, Bluetooth Devices, Thumb Drives, Hard Disks CD/DVD Writers Password and PIN Controls Blackberry Other PDA Devices Standards and Guidelines for Data Classification, Usage and Protection, Access Control and Encryption
©2008 Allstate Insurance Company Laptop Full Disk Encryption Evaluation Step 1: Using the local data protection goals and solution selection criteria Performed paper analysis of top disk encryption vendors Interviewed vendors regarding respective product functionality Step 2: Performed hands-on product evaluation per our technology evaluation process at Allstate for candidate vendor ranked highest in Step 1 Step 3: Based on in-house product and process evaluation results Allstate acquired the vendors encryption product
©2008 Allstate Insurance Company Laptop Encryption Product Criteria FIPS Approved Encryption Full Disk Encryption Strong Key Management Storage of Encrypted Keys Separate from Encrypted Data Controlled Views to Keying Material – MAC and Separation of Duties Key Recovery – Onsite, Off- site and DR Centralized Management Interoperable With Enterprise Software Removable Media Encryption Support Low Performance Degradation Fast, Robust and Reliable Initial Encryption SMS Package Support Throttled Background Encryption Processing Capability Fault Tolerance – Power Outages or User Shutdown Does Not Affect Encryption Process Support for Suspend and Hibernation States Mouse Support
©2008 Allstate Insurance Company Laptop Full Disk Encryption Benefits The selected encryption product provides Allstate the following advantages: Strong security model Efficient key management Ability to leverage our current SMS infrastructure for deployment and management Compatibility with Allstates current Image and Break-Fix processes Does not require alteration or replacement of key Windows components: Windows Master Boot Record and the Windows GINA High confidence due to the type and number of the vendors installed base of users Attractive product TCO
©2008 Allstate Insurance Company Full Disk Encryption Security Model
©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment A pilot was completed successfully for over 60 users from our information security, internal audit, claims, enterprise technology and infrastructure, and officer groups Final pre-deployment enterprise testing was conducted to test product enhancements and updates Production rollout is being accomplished in a 3 phase fashion Phase 1 is complete Phase 2 is scheduled this year Phase 3 is pending
©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment Phase 1: Full disk encryption was deployed to approximately 10,000 laptops in areas within the company identified as handling sensitive data e.g., Senior Management Legal Claims Investments Phase 2: Full disk encryption will be deployed this year to all Allstate owned and managed laptops running latest base image, approximately18,500 laptops Phase 3: Laptops running earlier base image and Desktops, an approximate total of 70,000 machines, will be addressed at a future time
©2008 Allstate Insurance Company Laptop Full Disk Encryption Timeline
©2008 Allstate Insurance Company Lessons Allstate Learned Encryption can be a timely and beneficial technology Laptop encryption has provided increased data protection and has helped us reduce the risk associated with laptop loss or compromise Three suggestions to consider Establish clear data protection goals, criteria and policies for encryption and key management Establish a communications plan for systematic and smooth deployment of encryption software Do your homework on vendor capabilities versus organizational needs Most significant lesson: Ours was a rapid pilot to production deployment for pragmatic and regulatory reasons. We found such a deployment is possible, albeit not without some bumps in the road, when requirements are well defined, there is clear alignment of technology strategy and management objectives, and cooperation and flexibility across organizational boundaries
Thank You! Questions?
1 CREDANT Confidential. 1 NLIT CREDANT Company Overview 2007 Data Security Leadership Quadrant 2007 & 2008: #1 Fastest Growing Private (Security)
Compliance Technology Solutions NASACT Presentation Material Robert Garagiola – AERS National Technology Practice January 31 st, 2007.
The Need for Finance Transformation NASACT Conference, Chicago, Illinois Sharon Minnich – Deputy Secretary for Finance Administration Christina Dorfhuber.
Business Value of IT Outsourcing Gopal Kuchibhotla 8 th February 2006.
Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving.
IT Security Auditing. Topics Defining IT Audit Risk Analysis Internal Controls Steps of an IT Audit Preparing to be Audited Auditing IT Applications Who.
McGraw-Hill/Irwin © The McGraw-Hill Companies, All Rights Reserved BUSINESS PLUG-IN B14 Systems Development.
1 Implementation of Application Portfolio Management Overview July 2006.
1 Services. 2 Agenda Overview –Managing the Transitions of The Networked Learning Environment Blackboard Consulting –Who We Are and What We Do Blackboard.
Managing IT Budgets in Uncertain Economic Times: IT Optimization.
This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner.
- BELGIUM Build-Operate-Transfer (BOT) Model - Leverage our experience to setup your Offshore Development Centre.
Sophos Security and Data Protection Overview by: Mun Foong, Che – Channel Manager.
0 Agenda Market Trends and Business Considerations Fujitsu Customer Experiences Today Options Today and Beyond Q&A.
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice The Business Case for Configuration.
MFG Assessment Application: Assessment Criteria and Metrics 1 Performance assessment criteria and metrics may be used as the basis for determining the.
MDM Strategies for the Global 10,000 Atul Patel Director MDM SAP Asia Pacific & Japan
SMS 2003 R2 and System Center Configuration Manager 2007 Technical Drilldown Martin Dey Director, Product Marketing Windows and Enterprise Management Division.
10-1 McGraw-Hill/Irwin Copyright © 2007 by The McGraw-Hill Companies, Inc. All rights reserved.
Notes accompany this presentation. Please select Notes Page view. These materials can be reproduced only with written approval from Gartner. Such approvals.
UNIT 5 ERP Implementation Issues 1. Syllabus Opportunities and problems in ERP selection and implementation Identifying ERP benefits Team formation Consultant.
1 Blackboard Sales Presentation. 2 Agenda Introduction –The Company and the Community Why Blackboard –Product Strategy What Blackboard Provides –Product.
Changing the game: Making the transition to open systems CIO 2003 Conference – 12 February David Boyles Chief Operations Officer Australia and New Zealand.
Project Management Dr. Anbang Qi Prof. of International Business School of Nankai University.
Purchasing and Supply Chain Management by W.C. Benton Chapter Two Purchasing Decisions And Business Strategy McGraw-Hill/IrwinCopyright © 2010 The McGraw-Hill.
Call Recording Made Easy Presented by Barbara Courneya National Director of Contact Center Technology Avaya Certified Contact Center Expert ,
© 2016 SlidePlayer.com Inc. All rights reserved.