Beyond Encryption PresentationProduct Version 3.6

What is the real problem?

• The most valuable item that an organisation owns is its critical data. Security has moved from managing devices to managing data.

• Organisations are becoming more mobile and de-perimeterised. Therefore much of the critical data is now often located outside the corporate perimeter on remote user devices – Laptops, PDAs, Smart Phones, etc.

• People are the weakest link in the security profile of any company. In general they are not incentivised to be security-aware.

The security of the most important assets in the organisation are dependent on the weakest link in the organisation. A combination of encryption (single layer of

security) and compliance (end-point control and data monitoring) is the current UNSUSTAINABLE solution.

Why is this an issue?

47% of computer security professionals surveyed reported a laptop theft over the past twelve months. FBI & CSI’s annual Computer Crime and Security Survey, 2008

From 2007 to 2008 there was an 81% increase in the number of companies reporting stolen laptops containing sensitive information. 2008 Annual Study: The Cost of Data Breach. Ponemon Institute, LLC,

A third of all thefts of equipment in large businesses are carried out by employees.DTI Information Security Breaches Survey 2006, May 1st, 2007

79% of participants cite the human factor as the root cause of information security failures2008 Global Security Survey - Deloitte Touche Tohmatsu

Since early 2005, more than 200 million personal records have been exposed. Privacy Rights Clearinghouse, A Chronology of Data Breaches, April, 2008

It Happens Everyday..

Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports.

65% of those laptops are not reclaimed.

About 77% of people surveyed said they had no hope of recovering a lost laptop at the airport,

16% saying they wouldn’t do anything if they lost their laptop during business travel.

About 53% said that their laptops containedcompany confidential information.

65% said they took no steps to protect this information.

Just to reinforce the issue

“Over 80% of all enterprises suffered a laptop data loss within the last year. More than 2/3 aren’t sure what was

on the laptop.”

Beyond Encryption can solve this problem

Data Breach Average Costs per Incident in 2008

Customer Opportunity Costs

$4.1 million$128 per record

Direct Incremental Costs$1.4 million

$44 per record

Indirect Productivity Costs$0.8 million

$25 per record

$6.3 million per Breach Incident or $197 per Record indicates the size of the problem

Ponemon Institute, Nov 2008

A More Complete Security Picture is Required

Where is this critical data located?

How sensitive is your data?

How can you protect your sensitive data?

How can you retain control of your

sensitive data AND the device? Data at Rest

Discovery Tools

Data Classification Technology

Encryption ToolsEnd Point Control

Beyond Encryption

Cue the change from Defense to Offense

How can you track your sensitive data?

Data in Motion Discovery Tools

The Beyond Encryption end-point security solution enables any organization, individual or government agency to target, with pinpoint accuracy, any sensitive information on any device, regardless of location, and protect it.

The B.E. Server maintains policies and settings associated with each individual device that has the B.E. Client deployed on it. This server is deployed inside your organisation.

The B.E. Client resides on each device under management. Its job it is to maintain contact with and carry out instructions issued from the B.E. Server. The B.E. Client cannot be removed from a device by the Device User.

A Secure Communications Channel provides a secure, encrypted, point-to-point communication channel between the B.E. Client and the B.E. Server.

So How Does The Beyond Encryption Security Solution Work?

Version 3.6 of Beyond Encryption contains the following Core Security Functions

Freeze any sensitive data on any device so that it can never be accessed.Unfreeze any sensitive data on any device.Retrieve any data from any device.Destroy any data on any device (exceed US Department of Defense standards for file deletion).Lock down any device.Unlock any device.

Beyond Encryption Core Functionality

Figure 1.1 – Targeting Data

Pinpoint Accuracy – Browse the devices drive over the internet and target data in real-time.

How can you Target and Select Data on a device?

Additional Notes Target some device drivers to Disable Hardware. Can Target and Freeze or Remove Software.

File Type – Based on type of data (example – all Microsoft Word Documents). File Location – Based on location of data (example – Contents of ‘My Documents’

directory). File Name – Based on name of file or files.

Version 3.6 of Beyond Encryption can execute commands in the following ways:

Reactive Security Instant execution if the device is connected to the Internet.Timed Security Local execution if the device does not connect to the Internet.Local Fencing Local Execution if the device is taken away from the office.Geo Fencing Local Execution if the device leaves a Geographic location.

How are commands Executed on a device?

Connect to any device over the Internet at any time.Device only needs to connect for a millisecond to receive commands.Full reporting when commands have been completed.Easy to use Interface.Target All data or Specific Data.

Reactive Security

Timed Security

If the device does not connect to the Internet your data is secure.Set the timer anywhere from One Minute to One Year.Predefined commands will execute locally when the timer reaches zero.Designed to force your end users to connect to the organisation.Target all data or specific data.Full reporting capability.

Local Fencing

Predefined local commands execute when a device leaves the company.Your data cannot be used outside of your facility.Multiple Fences can be setup and enforced.Locally fence all data or specific data.Full reporting.

Geo Fencing – Slide One

Predefined local commands execute when a device leaves a Geo Zone.Can support multiple Geo Zones.Can set Go Zones and No Go Zones.Geo Fence All data or Specific Data.

Geo Fencing – Slide Two

Large Scale Fencing

Pinpoint Fencing

Easy deployment using Active Directory and invisible to the End User.Easily define and set policies.Does not slow the device down.User cannot stop commands from executing.Does not impact other applications.Can set a combination of commands that can execute at the same time.Full reporting and audit trail.

Further Product Information

Customer Case Studies

Beyond Encryption takes customer privacy very seriously and has stringent confidentiality

agreements in place with its customers around the world. As a result, we cannot name our customers as in many cases the customers do not want it to be known that they are using our applications. We

can, however, provide a sample set of customers as follows:

Scenario:A US Banking company, a leading provider in private, business and commercial banking facilities, required a solution to control their devices and the data that resides on them. The Bank has been in business for over 60 years. In the US alone it has 7,000 branches and over 60,000 employees The banks specific requirements were:

Control data on laptops and PCs around the US and the world•Protect from insider and outsider threat•Enable employees to access sensitive data with no risk to data•Enable employees to work in certain locations with no risk to data•Enable authorized employees to work on specific high sensitive data with no risk to data•Retrieve data at all times

Immediate reaction to compromised data.•Full recovery of compromised data•Complete destruction of data on stolen/missing devices•Eliminate reliance solely on encryption

Minimize impact on end users•Productivity, no extra time for the end user•Invisibility, ideally the correct solution would be invisible to the end user

Major US Banking Organisation – Slide One

Utilisation:The B.E. Solution was chosen by the Bank as the product of choice to control their data, based on a number of unique features. The B.E. Solution addressed all the obstacles that the Bank needed to overcome and also offered further solutions to additional potential threats initially un-identified by the Bank.

Control data on laptops and PC’s – Nationwide•File Retrieval with pinpoint accuracy, targeted by file type, name, location on device, geographical location•Freeze Data, using any of the above target methods•Lock Data, using any of the above target methods•Destroy Data, using any of the above targets•All of the above actions can be reversed if required•Commands target one file /groups of files/ENTIRE devices•Commands can be specific to certain users or groups

Immediate reaction to compromised data.•File Retrieval, Freeze, Lock, Destroy data and/or device•Automatic Time-based command execution •Automatic Geographic-based command execution•Manual command execution if and when required

Minimize impact on administrator and end users•Active directory deployment•Automated time and location reactive security commands•No input requirement from the end user.•Software is invisible to the end user

Major US Banking Organisation – Slide Two

Scenario:The organisation has over 3,000 suppliers and consultants that access its internal servers using their own devices. Managing the level of access by these external suppliers to corporate data was becoming increasingly difficult. The third-party users needed access to perform their roles but there was a serious concern regarding the security of data on these devices.

Utilisation:The organisation installed the B.E. Client on a limited number for devices for each third-party user. Only these devices are allowed to connect to the data servers. The organisation is using another DLP Vendor’s document scanning solution to monitor how the supplier/consultant uses the data that it accesses. The B.E. solution is utilised to control the device and the data on the device. Any data that should not be there is remotely retrieved and deleted and the device is remotely deep-cleaned at the end of the third-party contract.

Since July 2009, the organisation has used Beyond Encryption to successfully take control of data on several compromised devices and enforce data control, using a combination of B.E. security functions.

Major Consultancy Organisation in New York, USA

Scenario:The hospital is moving its patient record keeping from paper-based to electronic data, using always-connected Tablet devices. This presents a large data security issue, due to the volume of devices and the ease of theft.

Utilisation:The hospital has installed the B.E. Client on every data device. As long as the device is connected to the hospital LAN it can connect to the hospital servers and perform its function. If a device is stolen and leaves the hospital it leaves the range of the hospital LAN and any data on the device is immediately securely deleted. In addition the hospital has requested the B.E. upgrade that will allow it to schedule a data clean on the device in the early morning each day, so that any cached data on the device is automatically and securely cleaned.

Major hospital in Boston, USA

Scenario:The organisation has over 1,000 desktops which its employees use from 0800 to 1800 each day. There are no employees authorised to be in the office after 1800 and there was concern that the employees were not logging out of their systems at the end of the day. In addition several devices had either been misplaced or stolen in the previous six months and the company was concerned that sensitive customer data could be exposed.

Utilisation:The company is now using the B.E. solution to remotely lock down the devices from 1800 to 0800 each night. This is done automatically, so that there is no unauthorised use of the organisation’s desktops during the night, thereby guaranteeing data security on the devices. In addition, the company has several policies in place using B.E. to enforce the control of data on devices, both inside and outside their organisation.

Accountancy Company in the UK

Scenario:This Police department has over 20,000 employees accessing sensitive data in a variety of ways and from a variety of devices. In addition to looking for a security solution to enable the department to enforce data security control on all of it devices, they also needed a solution that could automatically lock/freeze/destroy sensitive data if the device is stolen or removed from a remote police car.

Utilisation:In addition to using the security features available in Version 3.6 of Beyond Encryption to enforce data security and control, the Police department has installed wireless routers inside each police car. As long at the device can communicate with the IP address of the router it will remain in an unlocked state but as soon as it moved outside of the range of the router (moved away from the car) the device will locally run a predefined security action, thus guaranteeing the security of the device and the data that resides on it.

In addition this Police Department is using Beyond Encryptions Geo Tracking capability to track where the devices are at all times.

Police Department