1 file encryption. 2 our business is built on sharing files with partners, customers and vendors how...
TRANSCRIPT
1
File Encryption
2
Our business is built on sharing files with partners, customers and vendors
How do we keep these files safe?
Business Concerns
3
CISO• How will we need to adjust
our compliance strategy for my operations in Nevada?
• Can improved file protection strategies mitigate my risk for a data breach?
• How does file protection help grow our business?
Desktop/IT Operations• I can’t manage file encryption
for every user, what’s a better way?
• How can I minimize helpdesk impact?
• There are files going everywhere, what can I do to protect them?
User• I don’t want to be trained on
yet another application.• I want to be able to use the
devices and systems I’m used to.
• I’d like to be able to do my job without having to call IT.
Buyer Concerns
4
User file protection
Shared file protection
Distributed file protection
Protect shared files and folders
Protect transferred files and folders
Protect individual files and folders
Protecting Files Wherever They Need To Go
5
PGP® NetShareShared File Protection
• Protect data exchanged between users via shared network folders
PGP® Command Line
Scriptable Encryption• Integrate encryption into data transfer, data
distribution and data backup processes
PGP File And Server ProtectionProducts At A Glance
6
PGP NetShare
PGP® NetShareShared File Protection
• Protect data exchanged between users via shared network folders
PGP® Command Line
Scriptable Encryption• Integrate encryption into data transfer, data
distribution and data backup processes
PGP NetShareSolution Highlights
PGP NetShare• Encrypts data by policy
– Network servers & local/removable storage– Application-based
• Controls access by group or user level• Operates in background on desktop• Can leverage LDAP / Active Directory groups• Supports Citrix and Microsoft Terminal
Services• Support for WebDAV/SharePoint
Data encrypted/decrypted automatically
No change in user behavior
7
8
PGP NetShareHow It Works
?
Finance encrypts a file on the server using PGP NetShare
1Finance allows HR to view/edit the file on the server
2 HR can view and edit the file on the server 3
HR saves the file to the server and PGP NetShare maintains protection
4 5 Sales tries to view the document and the document is unreadable
When the document is copied to backup tape, it remains protected
6
9
PGP NetShareOpening Files
Open file via the Application, Explorer, etc.
…and the files opens
Zero impact on workflow!
10
PGP NetShareSaving Files
Create the file
Zero loss of productivity!
Save the file
File is saved encrypted
11
PGP NetShareMoving And Copying Files
• Encryption maintained with folder or file
• Allowed users have access if they have a PGP NetShare client
12
PGP NetShareEnterprise Features
• PGP Universal Server– Manages Assigned keys
– Allows for Application-Aware encryption of files • “Encrypt all .DOC files in this folder”• “Don’t encrypt .MOV files in this folder”
• PGP NetShare Command Line– Allows for PGP NetShare commands to be issued in “batch mode”
• “Encrypt all files in the folder”• “Encrypt all files in this folder with new users in the Active Directory database”
13
PGP NetShareOutsourcing• Large outsourcer of human
resources and payroll services
• Shared network storage with customers
• PGP NetShare is used by outsourcer and customers to:– Partition information between
different customers
– Secure the access of shared storage across organizational boundaries
– Protect privacy and comply with regulations by restricting access to personnel information
Account Manager for Company “A”
Account Manager for Company “B”
Payroll Clerks for Company “A”
Payroll Clerks for Company “B”
PGP NetShare
• Transparent Encryption of Shared Files– No change in user behavior
– Empowers protected collaboration
– Encryption follows the file
• Strengthens Organizational Compliance Initiatives– Enables application-aware encryption strategies
– Enforces policy-based protection of shared files and folders
• Minimizes Impact on IT Operations– Client-based, no server impact, no application impact
– Leverages LDAP / Active Directory groups for simplified management
– Supports role separation for appropriate content access
– Utilizes Additional Decryption Key (ADK) for file recovery
Policy-enforced file and folder encryption for team collaboration
14
15
PGP NetShare
Scenario:• Need to Protect customer credit/bank information for PCI
compliance
The Solution:• PGP NetShare encrypts files on a dedicated share
The Benefits:• PGP Platform
• End to End Encryption
• ADK
Customer Case StudySafeway - Retail/Grocery
16
PGP NetShare
Scenario:• Need to Protect customer financial information on servers
The Solution:• PGP NetShare (as part of storage) encrypts files in “NetShares”
on Servers . Backups all while preventing unauthorized access
The Benefits:• “NetShares” on local or servers
• End to End Encryption
• Wanted Citrix.. but decided product was too compelling to wait
Customer Case StudyCast Consulting - Accounting
17
PGP® NetShareShared File Protection
• Protect data exchanged between users via shared network folders
PGP® Command Line
Scriptable Encryption• Integrate encryption into data transfer, data
distribution and data backup processes
PGP Command Line
18
• Encrypt
• Decrypt
• Compress
• Sign files
• List keys
• Assign keys
• …and more
PGP Command LineScriptable Encryption
PGP Command LineOver 35 Supported Operating System Platforms
• Microsoft Windows 7 (32- and 64-bit)• Microsoft Windows Server 2008, 2003 (32- and
64-bit) SP2• Microsoft Windows Server 2003 (32- and 64-bit)
SP2• Microsoft Windows Vista (32- and 64-bit) SP2• Microsoft Windows XP (32- and 64-bit) SP3• Microsoft Windows 2000 SP4• HP-UX 11i and above (PA-RISC and Itanium)• IBM AIX 5.3 and 6.1• Red Hat Enterprise Linux 5.0 (x86 and x86_64)• SUSE Linux Enterprise Server 9 SP4 and 10 SP2
(x86)• Fedora Core 6 (x86_64 only)• Sun Solaris 9 (SPARC) and Solaris 10 (SPARC, x86,
and x86_64)• Apple Mac OS X 10.5.x and 10.6.x (Intel-based)
• IBM® Mainframe (previously System z®)– IBM z/OS 1.7 and later
– SUSE Linux Enterprise Server 9.0
– Red Hat Enterprise Linux 4.0
• IBM® Power Systems® (previously System i®) – SUSE® Linux Enterprise Server 9.0
– Red Hat Enterprise Linux 4.0
– IBMi V5R2 and later
Server Support Mainframe Support
19
20
Data Distribution
File Transfer
Data Backup
> pgp –es dbdump.sql – r admin@company_a.com
dbdump.sql:encrypt (0:output file dbdump.sql.pgp)
PGP Command LineHow It Works
21
• Problem– Files transferred internal to an organization are often not protected
– Potential Exposure• Files transferred to wrong folder/user• Files are stored on the servers unprotected – readable by anyone?
• Solution– As part of a script or application, PGP Command Line can
• Protect files on the server • Protect files in transit• Allow different users to have access to just their files (those they have keys to)
File Server FTP Server FTP Server File Server
PGP Command LineInternal File Transfer
• Problem– Files transferred externally are protected from Firewall to Firewall
– Potential Exposure• Files on the sending and receiving servers are unprotected• Files could be transferred to the wrong folder/user
• Solution– As part of a script or application, PGP Command Line can
• Protect files on the sending server • Protect files in transit• Protect files on the receiving server until the proper credentials are presented
22
File Server FTP Server
PGP Command LineExternal File Transfer
23
• Requirements– Provide protected content to third parties
– Distribution medium: CDs, DVDs, files on server
– Cannot require the purchase/installation of software or services to read media
• Examples– Tax preparers
– Software distribution
– Legal documents
– Healthcare records
• Solution– Use PGP Command Line to create a Self-Decrypting Archive
44% of data loss breaches are caused by
third-party vendors(Ponemon study – Jan 2010)
PGP Command LineDistributing Secure Files
24
PGP Command LineDistributing Secure Files
SDA protectedCD/DVD
File Server CD/DVD
Without PGP, the contents of CD/DVD can be read by anyone
Passphrase?
Passphrase
With PGP, the contents of CD/DVD are protected
25
If the “tapes” are lost or stolen they are useless
Files are compressed and encrypted before they are backed up
PGP Command LineProtecting Data Backups
26
PGP Command LineProtecting Recovered Files• Recovering Files
– Method 1: Use the Encryption Key used to encrypt the files on the tape
• But – What if the key is lost? Or worse the “admin” is gone?
• Answer: Additional Decryption Key (ADK)– An encryption/decryption key split between two or more people
– Each person has a different part of the key
– An ADK requires a predefined number of people (keys parts) to reassemble the entire key
• Example:– Key is split between 5 people
– Any 3 of those people can recreate the decryption key
PGP Command Line
• Scriptable Encryption– A complete library of encryption commands
– Simplifies encryption integration into business practices
• Wide Range of Platforms– Supported on over 35 supported operating systems
• Windows, Linux, Solaris, Mac OS X, HP-UX, IBM AIX, iSeries, zSeries
– Runs with most scripting languages, such as Perl, Python, JavaScript, etc.
• Many Uses– End-to-end protection for the internal or external transfer of files
– SDA enabled distribution of files via CD, DVD, hard drives or file servers lockboxes
– Encryption protection and recovery of backed-up and archived files
File encryption for server protection & file transfer
27
28
PGP Command Line
Scenario:• Need to Protect sensitive customer data in storage and from
interception in transit
The Solution:• Secure Large File Transfer service designed with PGP
Command Line as the encryption engine
The Benefits:• PGP Platform
• Lower operational costs and regulatory compliance
Customer Case StudyAffiliated Computer Services, Inc. – Business Process and IT Outsourcing
29
PGP Command Line
Scenario:• To comply with HIPAA PHNS identified the need to have a
secure email solution to serve multiple customers
The Solution:• PGP Command Line secures data flow between key systems
The Benefits:• PHNS Integration group was able to write scripts and develop
applications that leveraged PGP Command Line
• Consolidated/automated systems resulted in lower costs and higher ROI
Customer Case StudyPHNS – Health Care Outsourcer
30
PGP File And Server Protection - In Action
Human ResourcesProtect Personal Identifiable Information
(PII) by encrypting shared files and folders on file servers
IT OperationsEncrypt files being backed-up or archived and utilize split-keys to
ensure recoverability
DistributionSafeguard the contents of
distributed media such as CDs and DVDs for every customer
LegalEnable the end-to-end secure transfer of
intellectual property, and proprietary and client confidential information to third parties
HealthcareSecure Personal Health
Information (PHI) of patient records, images and related files shared among medical staff and
administrators
Client ServicesCreate and protect “lock-boxes” for
multiple clients on the same server while ensuring data protection
31
Summary – File And Folder ProtectionSupport Compliance Initiatives
Secure files and folders
Protect data being transferred
Provide standards-based protection
Simplify IT Operations
Fit into existing business processes and systems
Provide centralized management
Automate policy enforcement
Enable application-aware encryption
Support Additional Decryption Keys
Provide Ease of Use
Doesn’t require user training to use
Doesn’t affect user applications or system operation
Thank you!
Copyright © 2010 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Thank you!
32
[email protected]+48 12 443 14 07