The Governance, Risk Management, and Compliance (GRC) report by Absolute Software provides executives and IT administrators with a detailed overview of the security and health of each endpoint that is managed by the organization. Absolute customers understand the importance of endpoint security in relation to their GRC initiatives. The organizational risks associated with computers and mobile devices are well understood since these devices often contain sensitive data and information. They also represent an access point to networks and other company infrastructure.

1. Absolute Software
Governance
Risk
Compliance
Sebastien Roques
Senior Territory Account Executive
France-Iberia & NWA| Absolute Software EMEA Ltd.

2. About Absolute Software
Nearly two decades securing and managing diverse endpoints

3. Absolute Software: Track. Manage. Secure.
Endpoint Security
Centrally track and secure IT assets within a cloudbased console.
Remotely manage and administer
self-encrypting drives built into new computers.
Endpoint Management
Manage PC, Mac, Android, iOS and Windows
Phone devices to take strategic and responsive
action.
IT Service Management
Predict potential points of failure and make realtime decisions using ITIL certified best practices.

4. Many Devices. One Solution. Two Magic Quadrants.
4

5. Absolute Computrace for Endpoint Security
Absolute Computrace allows organizations to centrally track and secure all of
their endpoints within a single cloud-based console.
Computers and ultra-portable devices can be remotely managed and secured to
ensure – and most importantly prove – that endpoint IT compliance processes
are properly implemented and enforced.
Computrace provides
foundational support for all
activities related to Governance,
Risk Management, and
Compliance (GRC) for the
endpoint.
The Computrace Agent is automatically installed so that IT Administrators can track, manage, and
secure all devices regardless of user or location

6. Endpoint GRC Risk Factors
•
The endpoint represents a significant point of risk relative to GRC
– Non-Compliance
•
•
•
•
Software license agreements
Blacklisted programs
Government and vertically-specific regulatory bodies
End-of-life protocols
– Data Security
•
•
•
•
•
Unauthorized user access
Industrial espionage
Intellectual property
Encryption failure
Personally identifiable information
– Employee Misconduct
• Dishonest or criminal activities by employees
• Non-compliant behavior
•
Endpoint-specific GRC protocols can be implemented to mitigate the risk
6

7. GRC for the Endpoint
Computrace provides foundational support for all activities
related to GRC for the endpoint including:
•
•
•
•
•
•
•
•
•
•
Proactive alerts on predefined conditions
Data security & protection
Deployment & licensing audits
BYOD policy enforcement
Theft & criminal investigations
Security incident response & remediation
Computer forensics
Compliance reports & certificates
End-of-life protocols
12 months of device history
7

8. GRC for the Endpoint – How Computrace Fits
“What were the most common ways in which the breach(es) occurred in the past 12 months?”
34%
Loss/theft of corporate asset
Inadvertent misuse by insider
28%
22%
External attack targeting corporate servers or users
Abuse by malicious insider
13%
Loss/theft of business partner asset
7%
Inadvertent misuse by business partner
6%
Don’t know
External attack targeting business
partner’s servers or users
Abuse by malicious business partner
Other
5%
4%
80%
of data breach
scenarios can be
mitigated with
Computrace
3%
1%
Base: 508 North American and European IT security executives & technology decision makers whose firms had experienced a breach
in the past 12 months
Source: Forrsights Security Survey, Q2 2012
8

9. GRC for the Endpoint with Computrace
GRC provides an organization with the infrastructure to create rules, oversee
the application of the rules, provisioning of tools to take action to stay within the
rules, and finally the data to prove that they followed the rules and are indeed
compliant.
Governance = Infrastructure = Customer Center
Management of the process to monitor, direct, and control
Risk Management = Tools = Computrace Features
Management of the process to monitor, direct, and control
Compliance= Data = Computrace Data & Reports
Conform to internal and external regulations, must be provable
9

10. GRC Infrastructure: Customer Center
Governance = Infrastructure = Customer Center
Management of the process to monitor, direct, and control
•
•
•
Use Customer Center to identify activity or
device status deemed suspicious
Receive alerts if any of these conditions occur
for proactive response times
Computrace data flags potential
non-compliance:
10

11. GRC Tools: Computrace Features
Risk Management = Tools = Computrace Features
Management of the process to monitor, direct, and control
• Track software
licenses
• Receive alerts to be
notified about
suspicious behavior
• Remotely recover or
delete data from a device
• Freeze a device to block
access
• Remove all data from a
device at end-of-life
• Invoke Intel AT
technology to brick or
lock a device
• Track the location of a
device
• Use geofences to
monitor device
movement
• Investigate and recover
stolen devices
• Initiate an investigation to
determine why a security
incident occurred and
prevent it from happening
again
• Investigate suspicious
employee behavior
• Identify security holes
• Prevent incidents from
happening again

12. GRC Data: Computrace Device Data
Compliance= Data = Computrace Data & Reports
Conform to internal and external regulations, must be provable
•
Use Computrace data to prove compliance with corporate and
government regulations:
– Software license compliance report for contract negotiations and audits
– Encryption status report to show which devices were properly protected
with encryption
– End-of-Life data delete certificate
– Data delete audit log
– Proof if data was accessed post-incident
12

13. Regulatory Landscape
• Increasing corporate and government regulations
• Data breach notification laws commonplace
• IT security failures continue to increase exponentially
• FTC
• SOX
• GLBA
• FERPA
• Title 1
• EDGAR

14. Deconstructing a Data Breach – Healthcare
ID corporate/business entity responsible. Describe data breach with timeline. ID # of individuals affected. ID the
info stored on laptop. ID categories of info on laptop. ID forms of PHI/PI on laptop. Describe why data was stored
on laptop. Describe methods used to determine the contents of missing laptop. Was agreement in place with
vendor? Provide copy. Describe measures taken to safeguard PHI/PI. Describe all steps taken to locate missing
laptop and prevent access to data. Describe policies and procedures in place for compliance, privacy, and security
protection. Provide copies. Describe policies and procedures in place for associates. Provide copies. Provide copy
of investigative reports / audits related to the incident. Describe all steps taken to contact and warn affected
people. Describe details for response to HIPAA, HITECH and other regulations, etc.
Provide two years of credit monitoring services,
identity insurance, and credit report security freezes
for each affected individual at hospital’s expense
Repeat with all other
regulatory bodies.
Respond to patient &
media enquiries.
14

15. Deconstructing a Data Breach – Healthcare
Determine if this was a reportable incident and if
so, provide details to regulatory bodies.

16. GRC for the Endpoint – Large K12 School District
Uses Computrace and Absolute Manage to:
•
•
•
Track and enforce appropriate use in support of regulatory compliance
related to Title 1 equipment
Equipment is limited for use by certain staff and students in a specific
manner
Absolute allows them to locate devices regardless of user or location
(Computrace) and determine who / how the device is being used (Absolute
Manage)
16

17. GRC for the Endpoint – Global Enterprise Organization
Uses Computrace to:
•
•
•
Obtain detailed data from each device to know with certainty which
software licenses are in use
Provide an overview of the entire deployment (or specific groups) using the
Computrace software compliance report, including alerts if software license
quotas are exceeded
Avoid significant costs associated with collecting the same data manually
as experienced during BSA software audit
17

18. GRC for the Endpoint – Global Enterprise Organization
Uses Computrace to:
•
•
•
•
Collect data to identify and catch hard drive thieves
Perform forensic investigations on employees suspected of moonlighting
Investigate any suspicious users and collect more detailed data than typical
forensic tool set can provide
Understand how hardware theft occurred and adjust security accordingly
18

19. GRC for the Endpoint – Midsize Healthcare Organization
Uses Computrace to:
•
•
•
Monitor device status to ensure none are at risk
Determine source of risk and adjust as needed to ensure the event is not
repeated
Perform perpetual data delete commands to at-risk devices to remove all
healthcare data and render the device useless
19

20. GRC for the Endpoint – Large Enterprise Healthcare
Organization
Uses Computrace to:
•
Provide increased endpoint workstation security by supporting the following
functions:
– Disable a specific device to render it unusable and/or wipe data from a specific
device; to at least the latest publicized version of Department of Defense
standard wipe procedure
– Create a forensically sound defensible audit trail that records that the tool has
protected a specific device by disabling and/or removing data
– Certifies that the tool is tamper proof through attempted erasure and persistent
(ability to reinstall itself) when erasure is attempted
20

21. Absolute Computrace – Feature Categories
Asset Administration
Collect incredibly accurate and comprehensive information from each device.
Then create customized policies and alerts to be notified as soon as an
unauthorized change is detected.
Data & Device Security
Remotely delete sensitive data on missing computers including an audit log of
the deleted files to prove the data was removed from the device. Freeze a
device with a custom message to the user. Access and retrieve files regardless
of location.
Geotechnology
Track assets on an internet map including current and historical locations. Build
geofences to contain a device and receive an alert if it strays. If a device is not
where it should be, investigate and determine if further action is required.

22. Absolute Computrace – Feature Categories
Computer Forensics
The Absolute Investigations & Recovery team can forensically mine a stolen
computer over the internet using key captures, registry and file scanning,
geolocation, and other investigative techniques to determine who has the
computer and what they’re doing with it, including whether any data was
accessed post-theft.
Theft Recovery
At our customer’s request, the Absolute Investigations & Recovery team will
work closely with local police to recover a stolen device. We successfully
recover thousands of devices each year.

23. Customers
23