DSS ITSEC 2013 Conference 07.11.2013 - SafeX - Next generation USB's

  • 119 views
Uploaded on

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited …

Presentation from one of the remarkable IT Security events in the Baltic States organized by “Data Security Solutions” (www.dss.lv ) Event took place in Riga, on 7th of November, 2013 and was visited by more than 400 participants at event place and more than 300 via online live streaming.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
119
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
2
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • Meet Dr Lee, Dr Lee was a friendly man that worked very hard, and was very old school, he still carried his patient data on paper files.
  • Dr Lee works for Liverpool hospital, but he also spends a lot of his time at Manchester hospital, today he is working at Manchester hospital (normally he drives, it certainly isn’t in walking distance), once he arrives, he sets to work.As lunchtime approaches, he decides that he will take lunch out and catch-up with some paperwork.
  • Dr Lee arrived at his Favorite Costa Coffee, ordered his regular Caffe Latte and cheese and ham Panini. He eats his food and catches up on his paperwork, he then leaves.Unfortunately for Dr Lee, today he forgets his files!!
  • Back at Manchester hospital, Dr Lee realises his mistake, but ultimately it is too late, he phones Costa Coffee and his files have gone. A data loss incident has occurred.
  • Back at Liverpool hospital, the news has filtered back to the hospital director. He isn’t very happy. A few things go through his mind.
  • Sometime later a board meeting is called, and a few ideas and concerns are raised.
  • The board look at a few options for protecting patient data as well as the reputation of the hospital.
  • Back in the boardroom a Few decisions are made.Once they have chosen secure USB’s as there method for encrypting removable media there is two choices, 1. Software based encryption 2. Hardware Based-encryption, lets take a look at the strengths and weaknesses of both of theses methods.
  • An average selling price of $127.20 in 2011 to a current average of around $120.00, it is set to go down to $88.10 in 2018 – The peak in 2012 was due to the industry being affected by the earthquake in Japan and floods in Thailand. We will see Hardware encryption become the default standard in HDD’s and USB drives as the cost difference between non hardware encrypted becomes so small.
  • The hardware encrypted USB drive market volume in Europe is estimated to grow from 7.39 million units in 2013 to 55.15 million units in 2018.
  • Another decision has to be made, managed or unmanaged devices.Management chooses managed!!
  • Administrators have a choice between cloud and onsite management, devices can be backed up and restored, a global view of where all devices are and status gives administrators options to lock, disable and wipe devices – No issues with lost passwords as the passwords can be remotely reset.From Dr Lee’s point of view, he now carries a small portable device which can transport all his files securely and quickly from office to office and hospital to hospital.
  • To conclude, The Next Generation secure USB’s should include the following features.

Transcript

  • 1. Next Generation Secure USB’s Presented by James Baker Vice-President of Sales Ctwo Products AB (Secure Flash Division)
  • 2. Meet Dr Lee Dr Lee • Patient X-Rays • Patient Contact Details • Patient Case Notes
  • 3. Transporting Data Liverpool Hospital Manchester Hospital
  • 4. Data Loss Data Protection Act Breach
  • 5. Data Loss Incident Sorry, we don’t have you're files.
  • 6. Data Loss Headache Stockport NHS Damaged fined £100,000 for ICO FINE ReputationPatient losing Identifiable Data
  • 7. Portable Data Discussion We need to issue secure mediums for transporting sensitive data. We need to We need to block lockdown all unauthorised We need to computer ports. portable device encrypt usage. data.
  • 8. Removable Media Options • • • Super low cost Portable Can be encrypted • • • Lack of computer DVD drives Easily corrupted Capacity limited • Can’t be centrally managed • • • Low cost Ultra portable Can be encrypted • • • High capacities available Options for management Self contained, no battery • • • Easily lost Risk of huge data loss Needs computer to operate • Software to update • • • Doesn’t need a computer to operate Portable Patients can use to interact • Can be centrally managed • • • High cost Expensive to manage Not allowed in secure environments • Risk of huge data loss Lets take a look at the options…
  • 9. Removable Media Decisions Hardware Encryption Software Encryption 1. All computer ports will be locked down with a device control Strengths solution. Strengths • Restrictions will be put in place 2. Users a dedicated processor to stop unauthorised device • Low cost • Increased performance usage. • Install on own USB • Zero-footprint • Works on cross-platform operating systems • Protects against physical attacksdevices for securely storing 3. Staff will be issued secure USB • Encryptions always on and transporting sensitive data. Weaknesses • Management options 4. Transportation of paper files outside of hospital grounds will • Shares computer resources to encrypt data Weaknesses limited and restricted to secure delivery methods. be severely • Susceptible to brute-force attacks • Software can be removed and deleted • Higher hardware costs • Slow performance • Firmware / software to update A few decisions are made…
  • 10. Hardware Encryption Costs 140 120 2011 2012 100 80 60 2013 Market Analysis 2014 2015 2016 40 2017 2018 20 0 USB memory Sticks and Flash Drives in USD $ Taken from Hardware Encryption Analysis & Forecast (2013 – 2018) by Markets and Markets
  • 11. USB Drive Market Volume 60 2011 50 2012 40 2013 2014 30 2015 20 2016 10 2017 2018 0 Europe Taken from Hardware Encryption Analysis & Forecast (2013 – 2018) by Markets and Markets
  • 12. DSS ITSEC 2013 After decision is made A much deliberation….
  • 13. Managed or unmanaged • • • Lower upfront cost Quicker deployment Less staff training • • • Lack of visibility No reporting Can’t reset passwords • Data loss risk increased • • • More control Drive visibility Restrict access • • • Reporting Reduced risk of data loss Reset lost passwords • • • Higher upfront cost Recurring support costs Staff training • Longer deployment time Managed or Unmanaged
  • 14. Hardware Based Managed Solution Cloud
  • 15. Next Generation Secure USB’s - Conclusion • • • • • • • • Hardware Based-Encryption Ability to be managed Cross Platform Support Super Fast (USB 3.0) Speeds Ability to be updated – (New OS Support) Low to High Capacities Small Form Factor (Portability) Tamperproof & Waterproof
  • 16. DSS ITSEC 2013 Paldies!
  • 17. Next Generation Secure USB’s Presented by James Baker Vice-President of Sales Ctwo Products AB (Secure Flash Division)