Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advantages of Hardware Encryption at the dawn of the GDPR

Published byDavi Barros Barbosa Modified over 5 years ago

Similar presentations

Presentation on theme: "Advantages of Hardware Encryption at the dawn of the GDPR"— Presentation transcript:

1

2 Advantages of Hardware Encryption at the dawn of the GDPR

3

4 RISKS AND PROBLEMS

5 High Profile USB Data Breach
Case in point, Heathrow Airport in London (October 30, 2017) They were not standardized on managed encrypted USB drives. Exposed "confidential" / "restricted" files: The drive had 76 folders / 174 documents Details of measures used to protect the Queen Files disclosed the types of ID needed to access restricted areas A timetable of security patrols Maps pinpointing CCTV cameras One document highlighted recent terror attacks and talked about the type of threat the airport could face.

6 Regular USB Drives are Dirty Data Hoarders
Regular USB drives also have the issue of Portable Shadow Data: deleted files are only removed from the file table and can be recovered, a quick format also only removes the file table, the equivalent of ripping out the index but leaving the rest of the binder intact. Therefore if lost the question is not only: Was there sensitive data on the device? But also: Was there previously sensitive data on the device? If any of these question are yes or maybe you have 72 hours to act.

7 USB Drive Data Hoarding continued…
Recuva is an example of a free file recovery program A lost USB drive can expose any files previously stored.

8 GDPR will change the use of portable storage.
GDPR IS COMING GDPR will change the use of portable storage. Encryption is the way forward!

9 GDPR IS COMING RISK 1 Software encryption can be enforced on your network, but it is not possible to prevent the user from removing the software encryption from a regular USB drive. RISK 2 The return transport of data to your network is left in the hands of your users. If they have misunderstood the instructions you will be left non-compliant and vulnerable. This means you are exposed and that your budget has been spent on a false promise. RISK 3 Spending budget on a “solution” that still leaves apparent vulnerabilities. FACT Lost unsecure USB drives, that may have sensitive data on it, must be reported within 72 hours per Article 33. This is not an option.

10 GDPR IS COMING ADVANTAGE 1 Hardware encryption and password protection is always on. ADVANTAGE 2 Zero risk of user mistake, only allows storage in a secure way. ADVANTAGE 3 Protects against brute force attacks. ADVANTAGE 4 USB malware protection available, ransomware and malware over USB is prevalent. ADVANTAGE 5 Any lost secure USB drives, that may have sensitive data on it, do not need to be reported and does not expose and organization to GDPR fines.

11 Therefore the loss does not need to be reported to authorities as per
GDPR IS COMING A hardware encrypted & managed storage device cannot expose any data if lost. Therefore the loss does not need to be reported to authorities as per Article 34 section 3a: “The communication to the data subject referred to in paragraph 1 shall not be required if any of the following conditions are met: the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those… …that render the personal data unintelligible to any person who is not authorised to access it, such as encryption.”

12 DataLocker’s 7 tips for GDPR compliance
GDPR IS COMING DataLocker’s 7 tips for GDPR compliance Protect all stored data with automatic encryption and strong passwords. (Article 32 1a) This measure releases the organization from the need to report a lost or stolen device as the risk of causing a risk to data subjects rights is unlikely, as per Article 34. Only rely on hardware encrypted USB flash drives. Regular USB flash drives can be software encrypted but there is no way to ensure the integrity of the software encryption as the software can be removed from the standard drive, causing non-compliance with Article 32 1b. Locks down USBs to only allow the certified hardware encrypted USB drives with the means of a port control software. Ensures that only authorized staff have the rights to transport data. This step mitigates against insider threat which can be a data breach source.

13 …7 tips continued Keeps track of which data is transferred onto encrypted portable media. To ensure that the organization can take appropriate action if a device goes missing: Is the data relevant under GDPR? Is further action needed? Can permanently erase any and all copies of a data subjects stored information, also known as the right to erasure. This ability is also important when insider threats and employee termination are considered. Manage the hardware encrypted devices to comply with Article 32 1d. Placing the device under management ensures that it is possible to show proof of compliance through the management console and connected SIEM tools.

14 Management = Proof of compliance & beyond
Point 7 of the tips expanded: Audit trail – who transferred what data and when, SIEM integrated. Control and enforce the GDPR compliant security policy Automatic inventory for full control of usage Managed McAfee portable antimalware against malware & ransomware Reset passwords in a secure way Remote kill, confirmed deletion of data

15 PROTECT PORTABLE DATA EASY TO USE GUARANTEE COMPLIANCE AFFORDABLE
DATALOCKER SOLUTIONS PROVIDE PROTECT PORTABLE DATA EASY TO USE Automatic hardware encryption without any hassles or installations Manage devices in the field: updates, remotely disable Works with hardware encrypted devices including flash drives, and high capacity external hard drives. GUARANTEE COMPLIANCE AFFORDABLE Not opt-in and can not be disabled Verify policy controls Scalable management (SaaS or OnPrem) Total cost of ownership is less than a non-encrypted non-managed solution.

16 SafeConsole + Ironkey EMS = SafeConsole EMS
ONE COMPANY, 3 BRANDS, A STRONG PRODUCT LINE DL2 Hard Drives DL3/DL3FE Hard Drives H Series Hard Drives Sentry USB EncryptDisc SafeCrypt EMS Cloud EMS On-Prem SafeConsole Cloud SafeConsole On-Prem Roadmap SafeConsole + Ironkey EMS = SafeConsole EMS

17 IronKey EMS CENTRAL MANAGEMENT
Protecting your data, your mobile workforce, and your organization is easy with the IronKey EMS. You can quickly and easily establish a secure storage command center for administering and policing the use of IronKey encrypted Workspace devices for Windows To Go and Enterprise storage drives. Available in Cloud or On-Prem IronKey Enterprise Management Service is compatible with S100, S200, S250, D200, D250, S1000, W500, W700, H300 and H350 A minimum of two managed drives are required (recommended is three drives) – one for disaster recovery, one for the system admin and the third to be used. Without the system admin device you cannot access the management portal. If a customer only has one system admin device, and loses it, they will lose access to the account and you will have unhappy customers that they were not advised of this before hand. New service sales requires a sign up form, however existing customers who wish to add devices to their current management service requires an Enterprise Account number. The Enterprise Account number is key in preventing multiple accounts for one customer. Available: cloud hosted Service and on prem Server (cloud service is multi-tenant but no user data is stored)

18 SafeConsole CENTRAL MANAGEMENT
SafeConsole enables your organization to inventory, audit, manage and kill your SafeConsole enabled encrypted endpoints. Available in Cloud or On-Prem Central management allows an organization to quickly and easily establish a command center to remotely manage their secure USB devices It works by allowing the USB devices to “talk” to the service (hosted in the cloud or on prem) and appointed administrator(s) can “tell” the USB device commands all through an internet connection. This allows an administrator(s) to enforce policies, track, update and disable devices, remotely reset passwords and more. DataLocker offers two management platforms: IronKey EMS and SafeConsole SafeConsole is compatible with DataLocker Sentry 3 FIPS, DataLocker DL3 and DL3 FE, Kingston Data Traveler 4000 and more. *EncryptDisc and SafeCrypt support coming soon (2017) Available as a cloud hosted service or on prem server. Cloud service is a single tenant solution with a choice of 9 data center locations around the world Integrate With Active Directory for Easy Provisioning Identify When and Where Your Managed Device is Used Inventory Manage Device Inventory, Lifecycle and Maintenance Configure With and Advanced Management Feature Set

19 SafeConsole + Ironkey EMS = SafeConsole EMS
CENTRAL MANAGEMENT SafeConsole Roadmap 2018 Central management allows an organization to quickly and easily establish a command center to remotely manage their secure USB devices It works by allowing the USB devices to “talk” to the service (hosted in the cloud or on prem) and appointed administrator(s) can “tell” the USB device commands all through an internet connection. This allows an administrator(s) to enforce policies, track, update and disable devices, remotely reset passwords and more. DataLocker offers two management platforms: IronKey EMS and SafeConsole SafeConsole is compatible with DataLocker Sentry 3 FIPS, DataLocker DL3 and DL3 FE, Kingston Data Traveler 4000 and more. *EncryptDisc and SafeCrypt support coming soon (2017) Available as a cloud hosted service or on prem server. Cloud service is a single tenant solution with a choice of 9 data center locations around the world SafeConsole + Ironkey EMS = SafeConsole EMS

20 DataLocker’s motto is “Simply Secure”
MISSION STATEMENT DataLocker’s motto is “Simply Secure” To provide easy to use, cost effective, military grade data encryption solutions to enterprises around the world.

21 DL2 DL3 DL3 FE DataLocker DL Series
ENCRYPTED PORTABLE HARD DRIVES DataLocker DL Series DL2 Hardware encrypted external USB 2.0 hard drive with FIPS validation for the entire device Up to 2TB capacity No software or drivers required TAA Compliant Currently deployed throughout the US military DL3 Hardware encrypted USB 3.0 external hard drive Up to 4TB (SSD) in capacity. Requires no software or drivers Centrally Manageable with SafeConsole Cloud or On-Prem DL3 FE Same exact features as the DL3 Dual Crypto, FIPS validated, hardware encrypted, USB 3.0 external hard drive Optional two factor authentication – requires two modes of authentication (password plus a physical RFID tag) The DL2 is a FIPS validated encrypted external hard drive. Features : Up to 2TB in capacity. A USB 2.0 interface Requires no software or drivers. Currently deployed throughout the US military. The DL3 is a hardware encrypted USB 3.0 external hard drive. Centrally Manageable Optional 2 factor authentication – gives you an added layer of protection by requiring 2 modes of authentication (your personal passcode plus a physical RFID tag The DL3FE is a Dual Crypto, FIPS validated, hardware encrypted, USB 3.0 external hard drive. New advanced security features including the Auto-Lock Feature which automatically times out the device when idle and the Read-Only Feature which restricts users from overwriting or altering contents of the drive. Optional 2 factor authentication Also deployed through the US military DL3 & DL3FE advanced security features include: Alpha/numeric strong password support with back lit patented touch pad Rotating keypad to prevent surface analysis attacks Self destruct mode – complete data destruction after 9 unsuccessful attempts Read only mode and Auto Lock features 21

22 DL3FE – Dual Crypto Cryptography Overview
PORTABLE HARD DRIVES DL3FE – Dual Crypto Cryptography Overview Only commercially available encrypted storage device to utilize two-pass encryption How two-pass encryption works: Data is encrypted with a single round of 256 bit AES XTS mode encryption Data is directly passed to a second crypto engine undergoing a second round of 256 bit AES CBC mode encryption Key Generation – Two independent data encryption keys (DEK) are randomly generated using independently generated IV’s Keys are never stored or transmitted in plain text

23 H200 BIO H300 H350 DataLocker H series (Formerly IronKey)
ENCRYPTED PORTABLE HARD DRIVES DataLocker H series (Formerly IronKey) H200 BIO FIPS Level 3 validated, hardware encrypted, USB 2.0 external hard drive. Up to 1TB in capacity. Centrally manageable with ACCESS Enterprise (EOL) Fingerprint two factor authentication - Further enhance security and convenience with the biometric capabilities through an ergonomic swipe sensor H300 USB 3.0 encrypted external hard drive. Two versions: Basic and Enterprise (Enterprise version requires IronKey EMS) Up to 2TB in capacity. Centrally manageable with IronKey EMS or SafeConsole (with client version 6.0+) H350 FIPS Level 3 validated, USB 3.0 encrypted external hard drive. FIPS Level 3 validation Up to 2TB and SSD options. The H200 is a FIPS Level 3 validated, hardware encrypted, USB 2.0 external hard drive. Level 3 – This level exceeds Level 1 and Level 2 requirements, and adds physical tamper-resistance and identity-based authentication. Features : Up to 1TB in capacity. Centrally manageable with ACCESS Enterprise Fingerprint two factor authentication - Further enhance security and convenience with the biometric capabilities through an ergonomic swipe sensor The H300 is a USB 3.0 encrypted external hard drive. Comes in two versions: Basic and Enterprise. Enterprise version requires management – Basic can later be upgraded to Enterprise but not the other way around. Up to 2TB in capacity. A USB 3.0 interface Centrally manageable with IronKey Enterprise Management Service or Server The H350 is a FIPS Level 3 validated, USB 3.0 encrypted external hard drive. Comes in two versions: Basic and Enterprise. Enterprise version requires management – Basic can later be upgraded to Enterprise but not the other way around. FIPS Level 3 validation 23

24 More Encrypted Solutions
ENCRYPTED PORTABLE DRIVES More Encrypted Solutions K300 Hardware encrypted keypad flash drive 256 bit AES encryption Alpha-numeric keypad OLED display USB 3.1 Gen 1 interface Up to 128GB capacity Centrally manageable with SafeConsole Q3 2018 Sentry ONE USB flash drive FIPS level 3 validated Ruggedized design Up to 64GB capacity Centrally manageable with IronKey EMS or SafeConsole SafeStick Hardware encrypted USB flash drive FIPS 197 certified Fast USB 3.0 interface Up to 16GB capacity SafeConsole central management device license REQUIRED EncryptDisc® Self encrypting optical media FIPS validated crypto engine No software or drivers to install A perfect solution for medical, legal and financial practices Available in CD 100 packs The H200 is a FIPS Level 3 validated, hardware encrypted, USB 2.0 external hard drive. Level 3 – This level exceeds Level 1 and Level 2 requirements, and adds physical tamper-resistance and identity-based authentication. Features : Up to 1TB in capacity. Centrally manageable with ACCESS Enterprise Fingerprint two factor authentication - Further enhance security and convenience with the biometric capabilities through an ergonomic swipe sensor The H300 is a USB 3.0 encrypted external hard drive. Comes in two versions: Basic and Enterprise. Enterprise version requires management – Basic can later be upgraded to Enterprise but not the other way around. Up to 2TB in capacity. A USB 3.0 interface Centrally manageable with IronKey Enterprise Management Service or Server The H350 is a FIPS Level 3 validated, USB 3.0 encrypted external hard drive. Comes in two versions: Basic and Enterprise. Enterprise version requires management – Basic can later be upgraded to Enterprise but not the other way around. FIPS Level 3 validation 24

25 Total Threat Defense for your Managed Devices
OPTIONAL ANTI-MALWARE SERVICE Total Threat Defense for your Managed Devices A portable, built-in anti-malware application powered by McAfee runs in the background of your centrally managed devices. Key Features Automatically scans for viruses, worms, trojan horses and other malware threats. Automatically removes any viruses found on the device. Reports to the central management console when and where the virus is removed. Automatically updates when your device is unlocked. With an on-board antivirus that scans the files being stored on your secure mobile storage device, you can protect your files against threats when the device is being utilized on a Windows system. Optional for IronKey EMS and SafeConsole managed devices.

26 Encrypted Cloud Storage with
CLOUD ENCRYPTION GATEWAY Encrypted Cloud Storage with SafeCrypt Managed is a “cloud encryption gateway” which provides a layer of military grade encryption between you, your applications and your cloud storage provider. Simply point your application to the virtual drive letter and SafeCrypt Managed fully encrypts your data before it leaves your computer and then passes it to your cloud storage service provider secured with 256-bit AES encryption. The SafeConsole integration allows administrators to inventory, control, and audit SafeCrypt Managed drives. SafeCrypt allows any application such as Microsoft Office, Autocad, Photoshop and Quickbooks to seamlessly utilize military grade AES 256 bit encryption for storing your data on virtually any cloud storage service such as Dropbox, Google Drive, Box or Bitcasa. With absolutely no custom configuration or setup, you can instantly secure your data to meet regulatory compliance requirements established by HIPAA, SOX, DHS, GLB and PCI. SafeCrypt for Windows was released in December The Mac version was release in March IOS mobile client was launched in June An Android mobile client was launched in 2016. The development plan is to integrate SafeCrypt with SafeConsole creating an enterprise level encrypted cloud storage system. 26

27 PortBlocker – SafeConsole Managed Port Control
BETA RELEASE IN Q2 2018 Data breaches caused by unsecure USB drives is the number one data loss threat to organizations. PortBlocker from DataLocker will stop the the flood of data that today can leave unchecked on unsecure USB flash drives. Controlling which portable storage devices can be used is key to achieving compliance with for example HIPAA, SOX and GDPR. QUICK AND EASY DEPLOYMENT PortBlocker offers administrators an unsurpassed ease of deployment. A quick installation and automatic configuration provides organization with solid security without complicating things. By default your SafeConsoleReady secure USB drives are allowed and any other USB flash drives will be blocked. Additional whitelisted devices can be added down to the unique serial number and pushed through a GPO. SafeCrypt allows any application such as Microsoft Office, Autocad, Photoshop and Quickbooks to seamlessly utilize military grade AES 256 bit encryption for storing your data on virtually any cloud storage service such as Dropbox, Google Drive, Box or Bitcasa. With absolutely no custom configuration or setup, you can instantly secure your data to meet regulatory compliance requirements established by HIPAA, SOX, DHS, GLB and PCI. SafeCrypt for Windows was released in December The Mac version was release in March IOS mobile client was launched in June An Android mobile client was launched in 2016. The development plan is to integrate SafeCrypt with SafeConsole creating an enterprise level encrypted cloud storage system. 27

28 TRUST DATALOCKER 70 % OF FORTUNE 100 COMPANIES
REPRESENTATIVE CLIENTS 70 % OF FORTUNE 100 COMPANIES AND NUMEROUS PUBLIC SECTOR AGENCIES TRUST DATALOCKER THOUSANDS OF CLIENTS GLOBALLY

29 Company at a Glance ABOUT DATALOCKER OUR COMPANY OUR CUSTOMERS
Founded in 2007 HQ in Overland Park, KS with offices in San Jose, CA; Ottawa, Canada; London, United Kingdom; and Seoul, S. Korea Acquired BlockMaster in June 2015 Acquired IronKey, Enterprise Management Service & Hard Drives in February 2016 Kansas City Chamber of Commerce Top Ten Small Business 3 of last 5 years. OUR CUSTOMERS 70% of the Fortune 100 use DataLocker solutions Over 250,000 users worldwide Products are sold in over 35 countries Key Verticals: Government, Banking and Financial Services Sales Model : Channel Focused OUR PRODUCTS DataLocker products are developed and engineered in house All products are TAA Compliant, meeting federal and military requirements Patented technology – Strong patent portfolio

Download ppt "Advantages of Hardware Encryption at the dawn of the GDPR"

Similar presentations

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.

Powerful and convenient management for Windows Mobile ® 6.1 devices in an enterprise environment. These features include: Centralized, over-the-air device.
Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.

Securing. Agenda  Hard Drive Encryption  User Account Permissions  Root Level Access  Firewall Protection  Malware Protection.
Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.

Windows 8: Windows To Go Overview Zvezdan PavkovicTanya Koval Senior ConsultantArchitect WCL333.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility. Simplify authentication.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.3. “Quick Heal Endpoint Security 5.3 is designed to provide simple, intuitive centralized management and control.
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
USBK Overview Ver:1.0, 8 February 2011. USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached.

USBK Overview Ver:1.0, 8 February USB Sticks 350 million USB Sticks are in use worldwide 155 million USB sticks were sold in 2008 and sales reached.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.

Introducing Quick Heal Endpoint Security 5.2. “Quick Heal Endpoint Security 5.2 is designed to provide simple, intuitive centralized management and control.
Module 4: Add Client Computers and Devices to the Network.

Module 4: Add Client Computers and Devices to the Network.
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.

1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Similar presentations

Ads by Google