3. Why is this an issue? 47% of computer security professionals surveyed reported a laptop theft over the past twelve months. FBI & CSI’s annual Computer Crime and Security Survey, 2008 From 2007 to 2008 there was an 81% increase in the number of companies reporting stolen laptops containing sensitive information. 2008 Annual Study: The Cost of Data Breach. Ponemon Institute, LLC, A third of all thefts of equipment in large businesses are carried out by employees. DTI Information Security Breaches Survey 2006, May 1st, 2007 79% of participants cite the human factor as the root cause of information security failures 2008 Global Security Survey - Deloitte Touche Tohmatsu Since early 2005, more than 200 million personal records have been exposed. Privacy Rights Clearinghouse, A Chronology of Data Breaches, April, 2008
4. It Happens Everyday.. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports. 65% of those laptops are not reclaimed. About 77% of people surveyed said they had no hope of recovering a lost laptop at the airport, 16% saying they wouldn’t do anything if they lost their laptop during business travel. About 53% said that their laptops contained company confidential information. 65% said they took no steps to protect this information.
5. Just to reinforce the issue “ Over 80% of all enterprises suffered a laptop data loss within the last year. More than 2/3 aren’t sure what was on the laptop.” Beyond Encryption can solve this problem
6. Data Breach Average Costs per Incident in 2008 Customer Opportunity Costs $4.1 million $128 per record Direct Incremental Costs $1.4 million $44 per record Indirect Productivity Costs $0.8 million $25 per record $6.3 million per Breach Incident or $197 per Record indicates the size of the problem Ponemon Institute, Nov 2008
7. A More Complete Security Picture is Required Where is this critical data located? How sensitive is your data? How can you protect your sensitive data? How can you retain control of your sensitive data AND the device? Data at Rest Discovery Tools Data Classification Technology Encryption Tools End Point Control Beyond Encryption Cue the change from Defense to Offense How can you track your sensitive data? Data in Motion Discovery Tools
8. The Beyond Encryption end-point security solution enables any organization, individual or government agency to target, with pinpoint accuracy, any sensitive information on any device, regardless of location, and protect it.
9.
10.
11.
12.
13.
14.
15.
16.
17. Geo Fencing – Slide Two Large Scale Fencing Pinpoint Fencing
18.
19. Customer Case Studies Beyond Encryption takes customer privacy very seriously and has stringent confidentiality agreements in place with its customers around the world. As a result, we cannot name our customers as in many cases the customers do not want it to be known that they are using our applications. We can, however, provide a sample set of customers as follows:
20.
21.
22. Scenario: The organisation has over 3,000 suppliers and consultants that access its internal servers using their own devices. Managing the level of access by these external suppliers to corporate data was becoming increasingly difficult. The third-party users needed access to perform their roles but there was a serious concern regarding the security of data on these devices. Utilisation: The organisation installed the B.E. Client on a limited number for devices for each third-party user. Only these devices are allowed to connect to the data servers. The organisation is using another DLP Vendor’s document scanning solution to monitor how the supplier/consultant uses the data that it accesses. The B.E. solution is utilised to control the device and the data on the device. Any data that should not be there is remotely retrieved and deleted and the device is remotely deep-cleaned at the end of the third-party contract. Since July 2009, the organisation has used Beyond Encryption to successfully take control of data on several compromised devices and enforce data control, using a combination of B.E. security functions. Major Consultancy Organisation in New York, USA
23. Scenario: The hospital is moving its patient record keeping from paper-based to electronic data, using always-connected Tablet devices. This presents a large data security issue, due to the volume of devices and the ease of theft. Utilisation: The hospital has installed the B.E. Client on every data device. As long as the device is connected to the hospital LAN it can connect to the hospital servers and perform its function. If a device is stolen and leaves the hospital it leaves the range of the hospital LAN and any data on the device is immediately securely deleted. In addition the hospital has requested the B.E. upgrade that will allow it to schedule a data clean on the device in the early morning each day, so that any cached data on the device is automatically and securely cleaned. Major hospital in Boston, USA
24. Scenario: The organisation has over 1,000 desktops which its employees use from 0800 to 1800 each day. There are no employees authorised to be in the office after 1800 and there was concern that the employees were not logging out of their systems at the end of the day. In addition several devices had either been misplaced or stolen in the previous six months and the company was concerned that sensitive customer data could be exposed. Utilisation: The company is now using the B.E. solution to remotely lock down the devices from 1800 to 0800 each night. This is done automatically, so that there is no unauthorised use of the organisation’s desktops during the night, thereby guaranteeing data security on the devices. In addition, the company has several policies in place using B.E. to enforce the control of data on devices, both inside and outside their organisation. Accountancy Company in the UK
25. Scenario: This Police department has over 20,000 employees accessing sensitive data in a variety of ways and from a variety of devices. In addition to looking for a security solution to enable the department to enforce data security control on all of it devices, they also needed a solution that could automatically lock/freeze/destroy sensitive data if the device is stolen or removed from a remote police car. Utilisation: In addition to using the security features available in Version 3.6 of Beyond Encryption to enforce data security and control, the Police department has installed wireless routers inside each police car. As long at the device can communicate with the IP address of the router it will remain in an unlocked state but as soon as it moved outside of the range of the router (moved away from the car) the device will locally run a predefined security action, thus guaranteeing the security of the device and the data that resides on it. In addition this Police Department is using Beyond Encryptions Geo Tracking capability to track where the devices are at all times. Police Department
Notas del editor
Example of an airport
Data discovery and classification is a critical first step towards securing data in most organizations, as IT departments grapple with an explosion of digital information to store, manage and protect. This challenge is complicated by the fact that sensitive data exists in three different forms (database records; messages, such as email; and loose files) and in three different contexts (at-rest on datacenter storage; in-motion through the network; or in-use on laptops, mobile devices and portable storage). Comprehensive data discovery and classification must directly address this complexity. Data classification is necessary to determine what type of data you have, why you have it, and where it is located within your company. Monitoring multiple network channels (typically IM, FTP, HTTP and generic TCP/IP) using advanced monitoring techniques is a mature Data in Motion market space for effective tools. Newer agent-based systems are available to monitor data outside the DMZ. Current data security practice focuses on the use of data encryption to protect against the External Security Threat and then ensuring that there is efficient data monitoring and successful blocking of all channels at the end-point for the Internal Security Threat. These technologies, properly deployed, make it difficult for both Insiders and Outsiders to access the critical information that they shouldn’t really have access to . However the data is on a device outside the direct control of the organization so this really is a case of effective but PASSIVE security. Cue the change from defense to offense! The BE solution allows the organization to take an offensive approach and pursue the device and its data and put it beyond the use of the current user. For the first time the organization will know for sure what the status of the device and its data is. This is the new frontier for remote data control.