striking the right balance for laptop data protection final

Striking the Right Balance for L t D t P t tiLaptop Data Protection

Matthew SeeleyEVault Systems Engineer

2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved.

WelcomeWelcome

• Type in questions using the Ask A Question button• All audio is streamed over your computer

– Having technical issues? Click the ? buttonD l d th lid d k f th E t H P• Download the slide deck from the Event Home Page

• After viewing the webinar, ISACA Members may earn 1 CPE credit. – To earn 1 CPE, click the CPE Quiz link on the Event

Home Page. Once you pass the quiz, you will receive i t bl CPE C tifi ta printable CPE Certificate.

• Question or suggestion? Email them to [email protected]

2012 ISACA Webinar Program. © 2012 ISACA. All rights reserved. 2

[email protected]

AgendaAgenda

• Industry Key Drivers• Business Challenges

Striking the Right Balance • Business Challenges

• Best Practices• Endpoint Protection

Right Balance for Laptop

D t Endpoint ProtectionData Protection


Key Drivers for Endpoint ProtectionKey Drivers for Endpoint Protection

PCs hold valuable corporate data. What happens to that data when a laptop is lost or stolen?What happens to that data when a laptop is lost or stolen?

• Mobile Data: IDC estimates that at least 60% of important company data is stored on laptops and desktopscompany data is stored on laptops and desktops

• Valuable Data: The estimated average value of a lost laptop is $49,246$ ,

• Theft/Loss: Each week >12,000 laptops are lost in US airports alone; worldwide numbers are unknown

• Incidents: The FBI’s Computer Crime Survey estimated cost of computer security incidents = $


$67.2 billion annually

Business ChallengesBusiness Challenges

More mobile workers. More distributed operations.

Increasing threats to sensitive corporate data

Meeting IT compliance mandates

Data leakage


IT ChallengesIT Challenges

IT administrators within the mid market are asking:

How do we ensure laptop data is being backed up consistently and securely?

When a laptop is lost or stolen, who has access to our valuable data? What is our regulatory

and financial exposure?

How can we implement a PC backup solution without overburdening IT?


Best PracticesBest Practices


Keep Data Locked DownKeep Data Locked Down

• Encrypt information on the local driveT diti l th d• Traditional method:Cons: • Dual authentication followed by complete decryptiony p yp• Performance• End user friction• Difficult deployment• Difficult deployment

• Advanced method: File/folder encryption• Encrypts data as it is stored• Decrypts file as it is opened• Granular policy-based control & enforcement


Lock Down Endpoint DataLock Down Endpoint Data

• Keep data safe:• Keep data safe: – Disk encryption and port access control shuts down data

leakageE ti th i d t t– Encryption over the wire and at rest

• Wipe it clean: Remote data deletion permanently “shreds” sensitive information if a laptop has been lost or p pstolen (on command or by policy)

• Track it down: TCP/IP device tracing monitors laptop i ti ith th t ti


communication with the protection server

Laptop Security Best PracticesLaptop Security Best Practices

• File- and folder-based encryption– Data protected when laptop is on or off– Decrypts upon file opening– No user password to rememberNo user password to remember

• Device control– Define read/write permissions– Encryption on ports used to transfer data– SSL for backup

• Encryption during backup and recoveryEncryption during backup and recovery– Generate random keys– Destroy key on stolen/lost laptop


Laptop Security Best Practices Laptop Security Best Practices (cont.)(cont.)(cont.)(cont.)

• Encryption and data de-duplication– Encryption and data de-duplication

work together– De-duplication on encrypted data using p yp g

secure key escrow system

• Easily managed solutionEasily deployed end to end solution– Easily deployed end-to-end solution

– Integrate with existing infrastructure– Minimize need for passwords, etc.


Encourage User AdoptionEncourage User Adoption

• Conduct a pain-point audit with mobile usersp p• Document laptop backup and security policies• Eliminate constraintsEliminate constraints• Enable end-user independence


Keep IT Costs in CheckKeep IT Costs in Check

• Centralize management• Integration with existing infrastructureIntegration with existing infrastructure• Support for Windows and Mac OS• Granular policy-based management

Self service user recovery• Self-service user recovery• Reduce network congestion

• Global deduplication• Leverage the cloud

• Scalability and cost effectiveS it d d d• Security and redundancy

• Encryption key management for end-users


Endpoint ProtectionEndpoint Protection


Endpoint ProtectionEndpoint Protection

Control data across mobile workforcesControl data across mobile workforces.

Cloud-based protection


How Endpoint Protection WorksHow Endpoint Protection Works


Data Transfer Process:Data Transfer Process:WANWAN--Optimized PerformanceOptimized PerformanceWANWAN Optimized PerformanceOptimized Performance

Efficient process. Substantially reduced backup window.

LAN/WAN

Agents on Protected Systems Destination Vault

Changed files Front-end deduplication Backend Compression

• Front-end deduplication reduces storage footprint up to 99%• Compression and Encryption

F t d ti i NIST 256 bit Ad d E ti St d d

g p(Delta Pro) deduplication

pEncryption

– Front-end encryption using NIST 256-bit Advanced Encryption Standard– Over-the-wire encryption using SSL authentication– At-rest encryption in SAS 70 Type II-certified datacenters

• Back-end deduplication further reduces storage footprint


• Bandwidth throttling

Questions?Questions?


Take the Next Step

To learn more about EVault cloud-connected backup and precovery services and to get a 30-day free trial of EVault Endpoint Protection, call us at 1.877.901.DATA (3282), email us at concierge@evault com or visit us atemail us at [email protected], or visit us at www.evault.com.

Th k f j i i t d !Thanks for joining us today!


striking the right balance for laptop data protection final

Documents