Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008.

Slides:

Advertisements

Similar presentations

1 NameMatrix Number Francis YeeHT036029M George Goh Alex LimHT052467E Hoe Swee SimHT052560I Vijay.

Advertisements

1 Copyright © 2007 Accenture All Rights Reserved. Affirmative Insurance Accenture Claim Components Solution Win Card Accenture has been selected to license.

1 CREDANT Confidential. 1 NLIT CREDANT Company Overview 2007 Data Security Leadership Quadrant 2007 & 2008: #1 Fastest Growing Private (Security)

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Abstract To provide efficient and effective access to enterprise information that meets stakeholder needs and supports mission success, NASA is implementing.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

Fujitsu Siemens Computers at a glance Georgios Nikolopoulos Sales Manager November 2008.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

State of Indiana Business One Stop (BOS) Program Roadmap Updated June 6, 2013 RFI ATTACHMENT D.

© 2012 Citrix | Confidential – Do Not Distribute BYOD Champion Presentation CIO How-To Kit: Bring-Your-Own Devices © 2014.

Page 1 Business Architecture – From Business Strategy to the Alignment of IT Rich Waller An Insurance Industry Case Study April 15, 2009.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

U N C L A S S I F I E D LA-UR LANL Exchange / Blackberry Deployment June 2, 2009 Anil Karmel Solutions Architect Network and Infrastructure Engineering.

Security Controls – What Works

Data Encryption Overview South Seas Corporation Jared Owensby.

IT Governance and Management

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Expedia Tips for a Smooth Trip to Windows 7 Upgrading desktop infrastructure with Windows 7 to drive productivity, efficiency & data security.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.

Software Asset Management

Information Systems Portfolio Management March 7, 2002.

Lecture 3 Strategic Planning for IT Projects (Chapter 7)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Government of Canada Enterprise Licensing Agreement Framework Public Sector Chief Information Officer Council September 18, 2014 Benoît Long Senior Assistant.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Enterprise Content Management In Microsoft Office SharePoint Server 2007 Lionel Moyal Intervate Solutions

New Data Regulation Law 201 CMR TJX Video.

Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

Selling Consolidation’s Value. Why Consolidate? Reduce Complexity Increase Productivity Reduce TCO Improve End User Experience Improve IT Performance.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

INFORMATION SECURITY THE NEXT GENERATION 13 th World Electronics Forum Israel Christopher Joscelyne Board Member & Membership Chairman AEEMA November 2007.

Looking to Build a Secure Enterprise Mobile Application? Here’s How! Mush Hakhinian Chief Security Architect Intralinks Mush Hakhinian Chief Security Architect.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

Product Manager, Windows Client Robert Geller. Need to differentiate from competitors Customer complexity driving cost Need new growth strategies Difficult.

Global Program Management Dawn Davis, SVP Global Records Management.

“ Heightened Expectations” for Corporate Governance AIBA 2 nd Annual Compliance Seminar June 14, 2012 Lester Miller, Senior International Advisor International.

RDX: REMOVABLE HARD DISK STORAGE SYSTEM December 2010.

Mobile Device Management Central Management of Wintel Laptop Software and Hardware in a Secure Environment.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved. Customer Name Date Cisco Transformative Networking Lifecycle Financing that.

© 2008 IBM Corporation Challenges for Infrastructure Outsourcing July 29, 2011 Atul Gupta Vice President, Strategic Outsourcing, IBM.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

IT Strategic Planning.

One Platform, One Solution: eToken TMS 5.1 Customer Presentation November 2009.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

ATUL PATANKAR [ ASUG INSTALLATION MEMBER MEMBER SINCE: 2000 LINDA WILSON [ ASUG INSTALLATION MEMBER MEMBER SINCE: 1999 JUERGEN LINDNER [ SAP POINT OF CONTACT.

Microsoft Dynamics AX Name Title Microsoft Corporation Financial Management.

T8. Open Source Tools That are Changing the Content Technology Landscape Gilbane San Francisco 2010.

Mission Critical Business Priorities Presentation.

Copyright © 2007 Pearson Education Canada 23-1 Chapter 23: Using Advanced Skills.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Confidential Unified Communications 8/16/ Competing with the Cisco Unified Communications Architecture.

Microsoft and Symantec

Albany Bank Corporation Security Incident Management Program.

ITACS L.L.P. Policy And Procedures Group 1. Objective: To establish companywide policy with regards to personal device usage both on and off of the company.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Protecting Data at Rest Through Encryption CIO Summit November 30, 2007.

Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.

Chapter 6: Securing the Cloud

Information Systems Portfolio Management

Cloud Consulting Services and Solutions

IT Management Services Infrastructure Services

Presentation transcript:

Local Data Protection (LDP) A Case Study Laptop Data Encryption Eric V. Leighninger Chief Security Architect Allstate Insurance Company June 20, 2008 ©2008 Allstate Insurance Company

Agenda Allstate and Information Security – A Snapshot View Laptop Encryption – Goals, Expectations, Priorities Technology Acquisition – Vendor Selection Process Vender Solution Deployment Lessons Learned

©2008 Allstate Insurance Company Allstate At A Glance The Allstate Corporation is the nations largest publicly held personal lines insurer. A fortune 100 company with $156.4 billion in assets. Allstate sells 13 major lines of insurance, including auto, property, life and commercial. Allstate also offers retirement and investment products and banking services. Allstate is widely known through the Youre In Good Hands With Allstate® slogan. The Allstate Corporation encompasses more than 70,000 professionals with technology operations located around the globe. More than 17 million customers in the U.S. and Canada. Allstates strategic vision is to reinvent protection and retirement for the consumer.

©2008 Allstate Insurance Company Allstates Vision for Information Security Aligned with Corporate and Technology Strategy Security Solutions Prioritized Based Upon Risk Operational Excellence – Security as a Service Comprising People, Processes, and Technology

©2008 Allstate Insurance Company Local Data Protection Goals Reduce Risk of Exposure Minimize Recovery and Support Costs Ensure Compliance Enable Productivity and Ease of Use Leverage Investment in Existing IT Infrastructure

©2008 Allstate Insurance Company Local Data Protection Priorities Policy Holder and Applicant Data Employee Data PHI Credit Card Numbers Confidential Data Financial Information – Pre Earnings Release Communications to Competitors, Partners and Suppliers Source Code Competitive Sensitive Information

©2008 Allstate Insurance Company Local Data Protection Approaches File Encryption Laptops Desktops Full Disk Encryption Laptops Desktops Encryption of Removable Media USB-enabled Devices – Flash Drives, iPods, Bluetooth Devices, Thumb Drives, Hard Disks CD/DVD Writers Password and PIN Controls Blackberry Other PDA Devices Standards and Guidelines for Data Classification, Usage and Protection, Access Control and Encryption

©2008 Allstate Insurance Company Laptop Full Disk Encryption Evaluation Step 1: Using the local data protection goals and solution selection criteria Performed paper analysis of top disk encryption vendors Interviewed vendors regarding respective product functionality Step 2: Performed hands-on product evaluation per our technology evaluation process at Allstate for candidate vendor ranked highest in Step 1 Step 3: Based on in-house product and process evaluation results Allstate acquired the vendors encryption product

©2008 Allstate Insurance Company Laptop Encryption Product Criteria FIPS Approved Encryption Full Disk Encryption Strong Key Management Storage of Encrypted Keys Separate from Encrypted Data Controlled Views to Keying Material – MAC and Separation of Duties Key Recovery – Onsite, Off- site and DR Centralized Management Interoperable With Enterprise Software Removable Media Encryption Support Low Performance Degradation Fast, Robust and Reliable Initial Encryption SMS Package Support Throttled Background Encryption Processing Capability Fault Tolerance – Power Outages or User Shutdown Does Not Affect Encryption Process Support for Suspend and Hibernation States Mouse Support

©2008 Allstate Insurance Company Laptop Full Disk Encryption Benefits The selected encryption product provides Allstate the following advantages: Strong security model Efficient key management Ability to leverage our current SMS infrastructure for deployment and management Compatibility with Allstates current Image and Break-Fix processes Does not require alteration or replacement of key Windows components: Windows Master Boot Record and the Windows GINA High confidence due to the type and number of the vendors installed base of users Attractive product TCO

©2008 Allstate Insurance Company Full Disk Encryption Security Model

©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment A pilot was completed successfully for over 60 users from our information security, internal audit, claims, enterprise technology and infrastructure, and officer groups Final pre-deployment enterprise testing was conducted to test product enhancements and updates Production rollout is being accomplished in a 3 phase fashion Phase 1 is complete Phase 2 is scheduled this year Phase 3 is pending

©2008 Allstate Insurance Company Laptop Full Disk Encryption Deployment Phase 1: Full disk encryption was deployed to approximately 10,000 laptops in areas within the company identified as handling sensitive data e.g., Senior Management Legal Claims Investments Phase 2: Full disk encryption will be deployed this year to all Allstate owned and managed laptops running latest base image, approximately18,500 laptops Phase 3: Laptops running earlier base image and Desktops, an approximate total of 70,000 machines, will be addressed at a future time

©2008 Allstate Insurance Company Laptop Full Disk Encryption Timeline

©2008 Allstate Insurance Company Lessons Allstate Learned Encryption can be a timely and beneficial technology Laptop encryption has provided increased data protection and has helped us reduce the risk associated with laptop loss or compromise Three suggestions to consider Establish clear data protection goals, criteria and policies for encryption and key management Establish a communications plan for systematic and smooth deployment of encryption software Do your homework on vendor capabilities versus organizational needs Most significant lesson: Ours was a rapid pilot to production deployment for pragmatic and regulatory reasons. We found such a deployment is possible, albeit not without some bumps in the road, when requirements are well defined, there is clear alignment of technology strategy and management objectives, and cooperation and flexibility across organizational boundaries

Thank You! Questions?