• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Implementation of Device encryption for the enterprise

Implementation of Device encryption for the enterprise






Total Views
Views on SlideShare
Embed Views



1 Embed 4

http://www.slideshare.net 4



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.


11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • Found this PPT on Enterprise encryption
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment
  • The goal was to protect data theft in case of physical theft or attack on hardware for those systems registered to store sensitive data. The initial first targets were laptops.Only whole disk solutions were considered because of the need to guarantee encryption Other products that were considered included Pointsec, PGP, Bitlocker, Hardware based encryption chip technology for laptops
  • The newly deploy Active Directory - Open Source hybrid network operating system for.70% of campus Windows XP systems are managed my the MESA environment
  • Provide a centrally managed device encryption solution that leveraged existing management infrastructure to ease administrative and support costAllow for some delegated control for Unit administrators
  • The drive for whole disk encryption was a reaction to security incidents being reported in the news involving stolen laptopsWe recognized that many business units routinely stored sensitive data locally on their workstations in the.While users routinely store sensitive data on the approved network data store, the likelihood that some sensitive data was being cached intentionally or unintentionally was high.
  • The security office installed the server, secured the SQL server and SGN services then handed the server over to ITU server support group for support.The installs are 2 msi’s. One for the client. One for configuration to the GMU management server.Clients use port 443 to push logs to and pull configurations from the IIS service on the SGN management server
  • The Master Security Officer To ensure that business technical leaders, end users and support staff understand the impact on systems and can support the software we will create informational pieces for business leads, technical point of contact, end users, We will also create support oriented documentation and training for Support Center and Desktop Support.
  • Allowing passthrough authentication enforces password complexity requirements
  • Security office deployment to test systems, then production systemsThe first test system experienced the BSOD , kernel stack sizing problem with Symantec antivirus v10. Ouch.The recovery tools were tested and documentation was created
  • When users change they net id password, they’ll need to log into POA with old password, then into OS with new password then reboot to synchronize for single sign on.There are known bugs. Symantec AV Version 10 produced a BSOD. My Dell XT Tablet had an issue with BIOS USB configuration.Currently does not support xp sp3 expected with release 5.30If your policies are restrictive, users will need to adjust. If you create stricter access rules with SGN policies then established with GPO’s, OU administrators need to understand that.

Implementation of Device encryption for the enterprise Implementation of Device encryption for the enterprise Presentation Transcript

  • Implementing Device encryption INthe enterprise
    George Mason’s role out of Utimaco’sSafeGuardEasy Enterprise
  • Some History
    Whole disk encryption seen as the only solution
    Product evaluation in 2005 led to the selection of Utimaco Safeguard Easy
    Safeguard Easy stand alone solution was deployed in 2006 to a limited number of laptops
  • The Environment
    MESA – Mason Enterprise Services Architecture
    The newly deploy Active Directory - Open Source
    SMS for deployment and support
    Only XP or Vista Clients - At risk systems are exclusively Windows XP or Vista with bitlocker
  • Project Goals
    Leverage existing deployment and management systems
    Allow for some delegated control
    Provide audit trail
    Minimize impact onend clients
    Ensure a simple, robust & redundant support structure
  • Project Scope
    At first, it was the laptops….
    Policies changed requiring encryption at rest for all sensitive workstation with data stores.
    The targets for encryption changed to workstations in all business units that routinely work with sensitive data.
  • The Technology
    SafeGuard Easy Enterprise (SGN) v5.2
    The Management Server
    VMWare ESX hosted Windows 2003 server
    MS SQL 2005
    IIS for client server communication
    The Deployment Vehicle
    A Scripted install for unmanaged XP clients
    MSI install packages for managed clients
    Administrative Interface-
    Heavy client connects over MS SQL ports to server
  • The Support Roles
    Master Security Officer
    Manage Roles, Create Security Officer
    Security Officer
    Everything but MSO function
    Help Desk Officer
    Challenge/ Response Process
    View policies , directories and event logs
  • Client Recovery Methods
    Challenge Response
    PE or Bart PE Recovery boot media
    For in the field recovery
    Slaving the Hard drive for OS Recovery
    Security office supported
  • Configuration Choices
    Policies driven configuration
    Encryption Protocol AES256
    What Key to use for system encryption
    The default computer
    To synchronize pre-boot authentication with OS authentication or not
    To allow for additional device encryption
    To allow for external boot media
    for recovery
  • Communication
    Communication pieces for
    Departmental business and technical leads
    End Clients
    Support Center
    Recovery technicians
    Training for Support Staff
    Technical overview
    Challenge Response process
    Device recovery process
  • Deployment Process
    Ringed Deployment
    Security Office
    Debug and verify install
    ITU internal group
    Support testing and client feedback
    Pilot external group
    Easy sell to groups who had experienced exposure
    All identified external group
  • Lessons Learned
    Password resets can be confusing
    Watch Utimaco knowledge base for known issues.
    SafeGuard Easy client lags major patch releases
    Creates complexity that needs to be managed and communicated clearly.
    Clearlywritten support documentation is critical
  • System Overview