Presentation is loading. Please wait.

Presentation is loading. Please wait.

Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008.

Published byKaden Fallick Modified over 10 years ago

Similar presentations

Presentation on theme: "Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008."— Presentation transcript:

1 Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008 Allstate Insurance Company

2 Agenda Allstate and Information Security – A Snapshot View Laptop Encryption – Goals, Expectations, Priorities Technology Acquisition – Vendor Selection Process Vender Solution Deployment Lessons Learned

3 ©2008 Allstate Insurance Company Allstate At A Glance The Allstate Corporation is the nations largest publicly held personal lines insurer. A fortune 100 company with $156.4 billion in assets. Allstate sells 13 major lines of insurance, including auto, property, life and commercial. Allstate also offers retirement and investment products and banking services. Allstate is widely known through the Youre In Good Hands With Allstate® slogan. The Allstate Corporation encompasses more than 70,000 professionals with technology operations located around the globe. More than 17 million customers in the U.S. and Canada. Allstates strategic vision is to reinvent protection and retirement for the consumer.

4 ©2008 Allstate Insurance Company Allstates Vision for Information Security Aligned with Corporate and Technology Strategy Security Solutions Prioritized Based Upon Risk Operational Excellence – Security as a Service Comprising People, Processes, and Technology

5 ©2008 Allstate Insurance Company Local Data Protection Goals Reduce Risk of Exposure Minimize Recovery and Support Costs Ensure Compliance Enable Productivity and Ease of Use Leverage Investment in Existing IT Infrastructure

6 ©2008 Allstate Insurance Company Local Data Protection Priorities Policy Holder and Applicant Data Employee Data PHI Credit Card Numbers Confidential Data Financial Information – Pre Earnings Release Communications to Competitors, Partners and Suppliers Source Code Competitive Sensitive Information

7 ©2008 Allstate Insurance Company Local Data Protection Approaches File Encryption Laptops Desktops Full Disk Encryption Laptops Desktops Encryption of Removable Media USB-enabled Devices – Flash Drives, iPods, Bluetooth Devices, Thumb Drives, Hard Disks CD/DVD Writers Password and PIN Controls Blackberry Other PDA Devices Standards and Guidelines for Data Classification, Usage and Protection, Access Control and Encryption

8 ©2008 Allstate Insurance Company Laptop Full Disk Encryption Evaluation Step 1: Using the local data protection goals and solution selection criteria Performed paper analysis of top disk encryption vendors Interviewed vendors regarding respective product functionality Step 2: Performed hands-on product evaluation per our technology evaluation process at Allstate for candidate vendor ranked highest in Step 1 Step 3: Based on in-house product and process evaluation results Allstate acquired the vendors encryption product

9 ©2008 Allstate Insurance Company Laptop Encryption Product Criteria FIPS 140-2 Approved Encryption Full Disk Encryption Strong Key Management Storage of Encrypted Keys Separate from Encrypted Data Controlled Views to Keying Material – MAC and Separation of Duties Key Recovery – Onsite, Off- site and DR Centralized Management Interoperable With Enterprise Software Removable Media Encryption Support Low Performance Degradation Fast, Robust and Reliable Initial Encryption SMS Package Support Throttled Background Encryption Processing Capability Fault Tolerance – Power Outages or User Shutdown Does Not Affect Encryption Process Support for Suspend and Hibernation States Mouse Support

10 ©2008 Allstate Insurance Company Laptop Full Disk Encryption Benefits The selected encryption product provides Allstate the following advantages: Strong security model Efficient key management Ability to leverage our current SMS infrastructure for deployment and management Compatibility with Allstates current Image and Break-Fix processes Does not require alteration or replacement of key Windows components: Windows Master Boot Record and the Windows GINA High confidence due to the type and number of the vendors installed base of users Attractive product TCO

11 ©2008 Allstate Insurance Company Full Disk Encryption Security Model

12 ©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment A pilot was completed successfully for over 60 users from our information security, internal audit, claims, enterprise technology and infrastructure, and officer groups Final pre-deployment enterprise testing was conducted to test product enhancements and updates Production rollout is being accomplished in a 3 phase fashion Phase 1 is complete Phase 2 is scheduled this year Phase 3 is pending

13 ©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment Phase 1: Full disk encryption was deployed to approximately 10,000 laptops in areas within the company identified as handling sensitive data e.g., Senior Management Legal Claims Investments Phase 2: Full disk encryption will be deployed this year to all Allstate owned and managed laptops running latest base image, approximately18,500 laptops Phase 3: Laptops running earlier base image and Desktops, an approximate total of 70,000 machines, will be addressed at a future time

14 ©2008 Allstate Insurance Company Laptop Full Disk Encryption Timeline

15 ©2008 Allstate Insurance Company Lessons Allstate Learned Encryption can be a timely and beneficial technology Laptop encryption has provided increased data protection and has helped us reduce the risk associated with laptop loss or compromise Three suggestions to consider Establish clear data protection goals, criteria and policies for encryption and key management Establish a communications plan for systematic and smooth deployment of encryption software Do your homework on vendor capabilities versus organizational needs Most significant lesson: Ours was a rapid pilot to production deployment for pragmatic and regulatory reasons. We found such a deployment is possible, albeit not without some bumps in the road, when requirements are well defined, there is clear alignment of technology strategy and management objectives, and cooperation and flexibility across organizational boundaries

16 Thank You! Questions?

Download ppt "Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008."

Similar presentations

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.
1 Copyright © 2007 Accenture All Rights Reserved. Affirmative Insurance Accenture Claim Components Solution Win Card Accenture has been selected to license.

1 Copyright © 2007 Accenture All Rights Reserved. Affirmative Insurance Accenture Claim Components Solution Win Card Accenture has been selected to license.
1 CREDANT Confidential. 1 NLIT 2009. 2 2 CREDANT Company Overview 2007 Data Security Leadership Quadrant 2007 & 2008: #1 Fastest Growing Private (Security)

1 CREDANT Confidential. 1 NLIT CREDANT Company Overview 2007 Data Security Leadership Quadrant 2007 & 2008: #1 Fastest Growing Private (Security)
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Abstract To provide efficient and effective access to enterprise information that meets stakeholder needs and supports mission success, NASA is implementing.

Abstract To provide efficient and effective access to enterprise information that meets stakeholder needs and supports mission success, NASA is implementing.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Fujitsu Siemens Computers at a glance Georgios Nikolopoulos Sales Manager November 2008.

Fujitsu Siemens Computers at a glance Georgios Nikolopoulos Sales Manager November 2008.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.
© 2012 Citrix | Confidential – Do Not Distribute BYOD Champion Presentation CIO How-To Kit: Bring-Your-Own Devices © 2014.

© 2012 Citrix | Confidential – Do Not Distribute BYOD Champion Presentation CIO How-To Kit: Bring-Your-Own Devices © 2014.
Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.

Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
U N C L A S S I F I E D LA-UR-09-03103 LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.
Security Controls – What Works

Security Controls – What Works
Data Encryption Overview South Seas Corporation Jared Owensby.

Data Encryption Overview South Seas Corporation Jared Owensby.
IT Governance and Management

IT Governance and Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Expedia Tips for a Smooth Trip to Windows 7 Upgrading desktop infrastructure with Windows 7 to drive productivity, efficiency & data security.

Expedia Tips for a Smooth Trip to Windows 7 Upgrading desktop infrastructure with Windows 7 to drive productivity, efficiency & data security.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Similar presentations

Ads by Google