Post on 23-Dec-2015
Secure BYOD applications using hardware based security and Windows To GoBob AdharMD & Practice Manager, CISSP Nadia VostrikovSoftware Support Engineer, MCP Randtronics Pty Ltd
WCL315
AgendaIntroductionBYOD and Windows to GoSecure Portable Workplace for Windows To GoManagement of SPW devicesDemoQ&A
Introduction
Randtronics & SPYRUS at a glance: Who we areRandtronics Pty LimitedAustralian company, HQ in North Ryde, NSW in operation for 12 yearsEncryption solutions for complex IT environmentsEncryption practice Distributor of SPYRUS technologies
SPYRUS, Inc.Manufacturer of portable hardware encryption devices Private corporation with HQ in San Jose, California20 year history of developing security solutionsMade In USA Product Focus
BYOD & Windows to Go
Market drivers for trusted BYOD & Mobility solutions
Trusted mobility solutions
Consumerisation of IT
MicrosoftWindows
To Go
Attacks from National
adversaries
Compliance & control Rise in attacks
& data breaches
Growth in cloud
computing
Work anywhereany time,
BYOD
Windows To Go, portable workplace
Microsoft ecosystem focus for enterprise customers supporting mobilityWindows 8 experience on any deviceCost effectiveLightweight solution in USB formatWorks in corporate environment of remote locationsEasy to useEasy to deploy and manage
Windows To Go use cases
ContractorsBring Your Own Device (at work)
Travel Light / Work from Home
Shared PCs
Secure Portable Workplace for Windows To Go
SPYRUS Secure Portable WorkplaceEncrypted USB drive boots Windows 8 OSPocket sized PC USB 3.0 and SSD performanceEasy provisioningZero footprint
Boots directly from USB
USB 3.0
& 2.0
Security featuresXTS-AES 256 full disk encryptionHardware encryption embedded into USBBased on Suite B cryptographic algorithmsDesigned for FIPS 140-2 Level 3 Optional BitLocker for double-layer encryption
USB 3.0 I/F
USB 3.0 to SATABridge Chip
SATA to NANDController NAND
Flash
ROSETTA Micro Security Chip &
SPYRUS security firmware
SPYRUS WTGFirmware
Developed by SPYRUS
Provided by 3rd party
Provided by NAND Manufacturer
Security Boundary
SATAI/F
NAND FlashI/F
SPW architecture
Memory architectureBOOT PARTITION (CLEAR)
ToughBoot™ Loader
Windows To Go PARTITION (ENCRYPTED)
Applications
User Utilities
OS BOOT PARTITION
OPERATIONAL PARTITION
Windows Boot Loader
ReadOnly(opt)
USER DATA PARTITION(Optional)
Data
Windows 8 OS
Boot from Secure Portable Workplace
Demo
Provisioning SPW devicesMust use SPYRUS tools for provisioningFrom 64-bit PC with Windows 8 EnterpriseWindows 8 Enterprise WIMSPYRUS WTGCreatorPowershell scriptsUp to 8 units at a time
SPYRUS WTG CreatorCreate clear & encrypted compartmentInitialise boot loader & encryptionGenerate encryption keysSet passwordLoad Enterprise WIM imageSetup Microsoft BitLocker keyJoin domain
Provisioning USB’s with SPYRUS WTG CreatorDemo
Management of SPW devices
Management of OS & applicationsDeploy custom WIM imagesUse your existing infrastructureSystem Centre Configuration Manager or 3rd partyInventory softwareDeploy applications, updates, patches as normal
Configure user & system settings with group policiesFolder redirection & data synchronisation
SPYRUS Enterprise Management SystemSPW device managementDisable/Enable devices Destroy device remotelyOffline use enforced by policyPassword complexityAudit log & device status
Secured with SPYRUS HSMTwo-factor authentication for administrators
SEMS architecture
SEMSClient
SEMSWindows
Domain Controller
AdminConsoleAccess
SEMS management of SPW devices
Demo
SPW & WTG: Bridging the gapHigh fidelity BYOD & Mobility experience with defence grade data protection
A Secure Bootable Portable PCin your pocket
Boot, Compute, and Scoot
Contact Details• Nadia.Vostrikov@Randtronics.com• Bob.Adhar@Randtronics.com
• www.Randtronics.com• Ph: +612 8873 1999• Product Enquiries :
enquiry@Randtronics.com
Developer Network
Resources for Developers
http://msdn.microsoft.com/en-au/
Learning
Virtual Academy
http://www.microsoftvirtualacademy.com/
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd/Australia/2013
Resources for IT Professionals
http://technet.microsoft.com/en-au/
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.