Where the buck stops on a lot of these threats is at the CEO’s desk. There are four key things to consider: The first is Regulatory compliance— It has become a mandate, whether you want to do it or not. Second is the Safekeeping of customer data —This is critical, particularly in the case of any organization that talks to individual customers. Examples are credit card companies or government agencies. There are numerous organizations where losing a pile of data could expose the personal information of thousands or even millions of customers, putting those individuals at risk of identity theft. CEOs also have to worry about abiding by their organization’s own Internal Security Policies —many times this is the fundamental check and balance against maintaining compliance to external regulations. And last is Protecting Corporate Intellectual Property which is simply a fundamental requirement of the job.
So if it is so obvious that organizations need to encrypt, why are people not doing it. In 2005, Ponemon did a study and found that 5 to 10% of laptops were not being encrypted at all. When asked why, there were 3 primary reasons. The first is System Performance - most full disk encryption software hits the hard drive and CPU pretty hard. Every time a bit has to get written back and forth to the drive, the CPU has to spend cycles there to crypt and decrypt . As applications and OS’s have gotten more complex the hard drives get hit a lot and that can slow system performance to a crawl. The second is Complexity – installation can be a complex and lengthy process. Turning on a full disk encryption software package can take many hours as it goes through existing data and encrypts every bit back and forth to the drive. Maintaining these systems can be time consuming as well. And last is Cost - encryption is not free, it costs something to do this. And much more than the modest cost of the software, is the cost of maintaining it. It’s the IT person having to touch every machine – every time something has to be changed; or every time you install an application that doesn’t play nice with the encryption software; or when an employee loses their password, or leaves the organization and they have to re-permission the machine
So what is the Dell data security solution for mobile users? Dell listened to its customers, from C-level Executives to End Users, partnered with IT industry leaders (Seagate and Wave systems) and created a comprehensive, hardware-based, data security solution. First box : We start with our Award-winning Latitude notebooks and Precision workstations. Second box: Then add the Seagate Momentus full disk encryption hard drive as a factory installed option and bundle it with Wave’s Embassy Trust Suite Trusted Drive Manager software to locally manage the encrypted drive. Third box: By adding Wave’s Embassy Remote Administration Server software, this enables remote deployment, lifecycle management, and automated compliance/reporting. Fourth box : And finally, when combined with Dell’s security best practices such as BIOS settings, Anti-virus software, utilization of multi-factor authentication solutions…. Fifth box: Dell has delivered The World’s Most Secure Commercial Notebook!
The Seagate Momentus 5400 FDE.2 hard drive is hardware based data protection device that prevents unauthorized access to data on a lost or stolen notebook – You could also say that it is protection for data at rest. The drive is available today from Dell in capacities up 120GB A few of the features provided by Seagate’s DriveTrust technology include: Full disk encryption , the drive employs the government standard of encryption algorithms (AES 128 bit) Pre-boot authentication , the OS will boot in a protected storage partition until the user successfully authenticates, only then will the drive unlock, and the system will boot normally to the Windows OS Quick erase , the administrator can simply delete the user’s hard drive password, thereby rendering all of the data on the hard drive inaccessible.
With your “Trusted Drive” solution out of the box your bring your customers strong pre-boot access control and a simple user interface. This makes things easier for the end user and the administrator – and this is what they have been looking for. You give them advanced administrative controls from a centralized remote management console and the ability to view logs so that they can prove that these systems conform to auditing and compliance requirements.
The Trusted Drive Manager is the basic client application that allows you to perform the basic utility functions to integrate the FDE drive into your daily workflow. When you initially boot the encrypted hard drive, the notebook will see it as a normal SATA drive. The Trusted Drive Manager enables the DriveTrust features, such as: Adding users Deleting users Unlocking the drive Setting Security Policies Set up for Pre-boot Authentication; which most users will utilize for additional security And it provides the hooks required to talk to the backend management software provided in the form of Wave’s Embassy Remote Administration Server
This overview was to provide you with a high-level understanding of a great way to position your full disk encryption options with your customer. These slides come from a more in-depth Dell overview on the same information. Today, we stressed the merits of hardware-based FDE and the management software your customer will need to activate the advanced security functions for their corporation. At Dell, the concept is that Seagate’s FDE drives are a “seismic shift” in the data protection landscape. Here at Wave we will continue to support your getting the message out ASAP. This is a win-win situation. If you’d like more information on the topic, please feel free to download Wave’s white paper “Protecting Your Business from Costly Data Theft” and the “Trusted Drive Manager Walkthrough Guide” offering you step-by-step instructions on implementing the TDM software for your Seagate FDE drives. These can be found on wave.com in the solutions section on the upper left hand side of the home page. For local sales and technical support in the Scandinavian Region, please call Bruno Chatellier, Wave’s RSM at +33674407099. Email email@example.com
The primary reasons cited for not encrypting sensitive or confidential information according to the survey:
* Ponemon Institute’s 2005 National Encryption Survey System Performance Complexity Cost 69% 44% 25%
Dell Data Security Solution For Mobile Users Wave Embassy Remote Administration Server Dell Latitude D531, D630, D631, D830, E4300, E5400, E5500, E6400, E6400 ATG and E6500 Dell Precision M2300, M2400, M4300, M4400, M6300 and M6400 Seagate Momentus 5400 FDE.2 HDD Wave Client Trusted Drive Manager
Seagate Momentus 5400 FDE.2 Solution for lost and stolen notebooks
Industry Leading Storage
80, 120 or 160 GB
5400 & 7200 RPM
2.5-inch form factor
DriveTrust ™ Technology
Hardware encryption – AES 128 bit
Integrated access control
Protected storage partitions
Momentus 5400 FDE.2 Drive
“ Always-On” encryption
High performance encryption
Strong hardware security
Instant Cryptographic Erase
Trusted Drive operating in ATA Mode Default mode when embedded Security is Un-initialized Drive Controller Encryption Data Encrypted In ATA mode the encryption key has no access control Boot Block ATA Mode Operation When drive security is not enabled the drive functions as a normal ATA drive. At power-up the drive executes the code in the boot block and then execute normal windows boot-up from the drive.
Wave Software: Initialization of Trusted Drive embedded security All these steps can be remotely managed from a Domain console with the Embassy Remote Administration Server . Drive Controller Authentication Encryption Data Encrypted Provision pre-boot Enroll Users / Admin
Hardware vs. Software Encryption DELL CONFIDENTIAL INTERNAL ONLY Dell Hard Drive Encryption Software Encryption Computer Memory Resources Consumption No Yes CPU Cycles Consumption No Yes Encryption Key Access No Yes Encryption Key Generation Risk No Yes Turn Off Possibility No Yes Decryption need for OS Maintenance No Sometimes IT Deployement and Management Easy Moderate to Difficult Secure and instant Erase Yes No Recovery password Yes Sometimes Windows Password Synchronization Yes Sometimes Compliance Certification NSA approved FIPS 140-2 Remote Management Yes Yes Specific Drive need Yes No Non-Microsoft OS support No Sometimes
The Trusted Drive Solution Seagate ® DriveTrust ™ Technology
Strong pre-boot access control
Simple user interface
Advanced administrative controls
Centralized remote management
Activity logs for auditing and compliance validation
“ As providers of software and services for payroll providers, we understand the importance of keeping client and employee information secure. We evaluated data protection solutions from other vendors, but early on we were sold on the inherent advantages of hardware based encryption for our mobile data. That’s why the clear choice was Wave—their product was in a class above all others ,” noted David Virkler, Chief Information Officer at AdaptaSoft Inc. “ All of our future laptops will include Wave’s software, FDE hard drives from Seagate. With Wave’s EMBASSY Remote Administration Server, we’ve been able to manage Seagate’s drives . We chose Wave because they had the enterprise infrastructure in mind when they designed their solution, thus enabling a low-touch, fully functional, data protection solution.”
“ As one of the largest healthcare services and management providers in all of Canada, with more than 2,300 clinical and support providers on staff, it’s our obligation to safeguard our patients’ information and take proactive measures to mitigate the risk of data breach. Wave offers a technically progressive solution that was compelling when compared to the other market offerings.” said Ken Waring, Director of IT at CBI Health. “ We chose Wave because of its ease of use, low total cost of ownership and their strategic relationship with Dell. ”
CBI was an acquisition account and selected Dell primarily due to the Wave solution being shipped as standard . This solution is now part of the standards within CBI for all future buys.