Docstoc

willett

Document Sample
willett Powered By Docstoc
					Trus ted Tec hnologies : Development,
        P roduc tion, and Us e –
          L es s ons L earned
                      Michael Willett - Moderator
                      Storage Security Strategist
                                      SAMSUNG
                      Trus ted Tec hnologies


• ABSTRACT
 This panel of experts will focus on selected
 technologies defined by the Trusted Computing
 Group, including self-encrypting drives (SEDs)
  and the Trusted Platform Module (TPM).
 Practical lessons learned in the development,
 production, and use of such trusted technologies
  will be described, including their integration into
 environments requiring a basis for trust. Bring
 your questions!
                                                    2
                                             P anel Members



• Michael Willett, Samsung, Moderator
  Storage Security Strategist

• Bob Thibadeau, Wave Systems
  Chief Scientist

• Darren Lasko, Toshiba
  Principal Engineer, SoC Development

• Mike Boyle, NSA
  Lead: Trusted Computing in the Vulnerability Analysis Office at NSA

• Monty Forehand, Seagate
  Security Engineering Director


                                                                        3
                    Drives with Self-Encryption Built In




   Since 2005, over 345,124,400 records containing                     In 2008, the average cost of a data breach was
   sensitive personal information have been involved in                $6.65 million per affected corporation
           security breaches                                                $6.65 Million Per Incident!

- Breach notification laws : avoid public notification if the lost/stolen data is encrypted
- Hardware-based encryption BUILT IN has superior properties
    • Simplified management
                                                                “Many organizations are considering drive-level
    • Interoperable: standards-based                            security for its simplicity in helping secure
    • Full drive industry participation                         sensitive data through the hardware lifecycle from
    • No performance impact                                     initial setup, to upgrade transitions and disposal”
                                                                                                          Eric Ouellet
    • Transparent to end user                                                               Research Vice President
                                                                TCG                                           Gartner
     http://www.privacyrights.org/ar/ChronDataBreaches.htm
                                                                                                                  4
     Ponemon Institute, Fourth Annual US Cost of Data Breach Study – Jan 2009 www.ponemon.org
                               SELF-ENCRYPTING DRIVES (SED)
                      LAPTOP                                                                       SERVER
                      DESKTOP             USE CASES                                                DATA CENTER
                                     Lost, Stolen, Re-purposed,
                                     End-of-Life, Warranty Repair:

                                     Whenever the stored data
                                     leaves the owner’s control

        SELF-ENCRYPTION is SUPERIOR to SOFTWARE-BASED SOLUTIONS:
   •Transparency: SEDs come from factory with encryption key already generated
   • Ease of management: No encrypting key to manage
   • Life-cycle costs: The cost of an SED is pro-rated into the initial drive cost;
      software has continuing life cycle costs
   • Disposal or re-purposing cost: With an SED, erase on-board encryption key
   • Re-encryption: With SED, there is no need to ever re-encrypt the data
   • Performance: No degradation in SED performance; hardware-based
   • Standardization: Whole drive industry is building to the TCG/SED Specifications
   • No interference with upstream processes
                                                                                                                   5
PRODUCTS: http://www.trustedcomputinggroup.org/community/2010/03/selfencrypting_drives_take_off_for_strong_data_protection
                                  S E Ds : L es s ons L earned

• The whole drive industry (fiercely competitive) was/is extremely
  cooperative in the multi-year TCG Storage Specs development
  effort: we know that standards are for the common good
• SED Marketing challenges:
    –  “Replace your existing storage with SEDs” is a tough sell, especially with
      tight/no budgets
    – Much tougher to market/sell a component (SED) versus a whole system
    – Have to sell to the OEMs; no direct channel to the end users

• Many users consider software-based solutions “good enough”; they
  are not
• Rare convergence of business requirement (breach laws),
  standardization (TCG), and products from all the drive vendors
• With SEDs, security is NOT an overhead or add-on; built in


                                                                                    6

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:4
posted:8/5/2011
language:English
pages:6