Utimaco Encryption - PowerPoint

Document Sample
Utimaco Encryption - PowerPoint Powered By Docstoc
					George Mason’s role out
of Utimaco’s SafeGuard
    Easy Enterprise
   Whole disk encryption seen as the only solution

   Product evaluation in 2005 led to the selection of
    Utimaco Safeguard Easy

   Safeguard Easy stand alone solution was
    deployed in 2006 to a limited number of laptops
   MESA – Mason Enterprise Services Architecture
       The newly deploy Active Directory - Open Source
       SMS for deployment and support


   Only XP or Vista Clients - At risk systems are
    exclusively Windows XP or Vista with
    bitlocker
   Leverage existing deployment and
    management systems

   Allow for some delegated control

   Provide audit trail

   Minimize impact on end clients

   Ensure a simple, robust & redundant support
    structure
   At first, it was the laptops….

   Policies changed requiring encryption at rest
    for all sensitive workstation with data stores.

   The targets for encryption changed to
    workstations in all business units that routinely
    work with sensitive data.
   SafeGuard Easy Enterprise (SGN) v5.2
   The Management Server
       VMWare ESX hosted Windows 2003 server
         MS SQL 2005
         IIS for client server communication
   The Deployment Vehicle
       A Scripted install for unmanaged XP clients
       MSI install packages for managed clients
   Administrative Interface-
       Heavy client connects over MS SQL ports to server
   Roles
       Master Security Officer
         Manage Roles, Create Security Officer


       Security Officer
         Everything but MSO function


       Help Desk Officer
         Challenge/ Response Process
         View policies , directories and event logs
   Challenge Response

   PE or Bart PE Recovery boot media
       For in the field recovery


   Slaving the Hard drive for OS Recovery
       Security office supported
   Policies driven configuration
   Encryption Protocol AES256
   What Key to use for system encryption
       The default computer
   To synchronize pre-boot authentication with
    OS authentication or not
   To allow for additional device encryption
   To allow for external boot media
       for recovery
   Communication pieces for
       Departmental business and technical leads
       End Clients
       Support Center
       Recovery technicians


   Training for Support Staff
     Technical overview
     Challenge Response process
     Device recovery process
   Ringed Deployment
       Security Office
         Debug and verify install

       ITU internal group
         Support testing and client feedback
       Pilot external group
         Easy sell to groups who had experienced exposure
       All identified external group
   Password resets can be confusing
   Watch Utimaco knowledge base for known
    issues.
   SafeGuard Easy client lags major patch releases
   Creates complexity that needs to be managed
    and communicated clearly.
   Clearly written support documentation is
    critical

				
DOCUMENT INFO
Description: Utimaco Encryption document sample