Secure BYOD applications using hardware based security and Windows To GoBob AdharMD & Practice Manager, CISSP Nadia VostrikovSoftware Support Engineer, MCP Randtronics Pty Ltd

WCL315

AgendaIntroductionBYOD and Windows to GoSecure Portable Workplace for Windows To GoManagement of SPW devicesDemoQ&A

Introduction

Randtronics & SPYRUS at a glance: Who we areRandtronics Pty LimitedAustralian company, HQ in North Ryde, NSW in operation for 12 yearsEncryption solutions for complex IT environmentsEncryption practice Distributor of SPYRUS technologies

SPYRUS, Inc.Manufacturer of portable hardware encryption devices Private corporation with HQ in San Jose, California20 year history of developing security solutionsMade In USA Product Focus

BYOD & Windows to Go

Market drivers for trusted BYOD & Mobility solutions

Trusted mobility solutions

Consumerisation of IT

MicrosoftWindows

To Go

Attacks from National

adversaries

Compliance & control Rise in attacks

& data breaches

Growth in cloud

computing

Work anywhereany time,

BYOD

Windows To Go, portable workplace

Microsoft ecosystem focus for enterprise customers supporting mobilityWindows 8 experience on any deviceCost effectiveLightweight solution in USB formatWorks in corporate environment of remote locationsEasy to useEasy to deploy and manage

Windows To Go use cases

ContractorsBring Your Own Device (at work)

Travel Light / Work from Home

Shared PCs

Secure Portable Workplace for Windows To Go

SPYRUS Secure Portable WorkplaceEncrypted USB drive boots Windows 8 OSPocket sized PC USB 3.0 and SSD performanceEasy provisioningZero footprint

Boots directly from USB

USB 3.0

& 2.0

Security featuresXTS-AES 256 full disk encryptionHardware encryption embedded into USBBased on Suite B cryptographic algorithmsDesigned for FIPS 140-2 Level 3 Optional BitLocker for double-layer encryption

USB 3.0 I/F

USB 3.0 to SATABridge Chip

SATA to NANDController NAND

Flash

ROSETTA Micro Security Chip &

SPYRUS security firmware

SPYRUS WTGFirmware

Developed by SPYRUS

Provided by 3rd party

Provided by NAND Manufacturer

Security Boundary

SATAI/F

NAND FlashI/F

SPW architecture

Memory architectureBOOT PARTITION (CLEAR)

ToughBoot™ Loader

Windows To Go PARTITION (ENCRYPTED)

Applications

User Utilities

OS BOOT PARTITION

OPERATIONAL PARTITION

Windows Boot Loader

ReadOnly(opt)

USER DATA PARTITION(Optional)

Data

Windows 8 OS

Boot from Secure Portable Workplace

Demo

Provisioning SPW devicesMust use SPYRUS tools for provisioningFrom 64-bit PC with Windows 8 EnterpriseWindows 8 Enterprise WIMSPYRUS WTGCreatorPowershell scriptsUp to 8 units at a time

SPYRUS WTG CreatorCreate clear & encrypted compartmentInitialise boot loader & encryptionGenerate encryption keysSet passwordLoad Enterprise WIM imageSetup Microsoft BitLocker keyJoin domain

Provisioning USB’s with SPYRUS WTG CreatorDemo

Management of SPW devices

Management of OS & applicationsDeploy custom WIM imagesUse your existing infrastructureSystem Centre Configuration Manager or 3rd partyInventory softwareDeploy applications, updates, patches as normal

Configure user & system settings with group policiesFolder redirection & data synchronisation

SPYRUS Enterprise Management SystemSPW device managementDisable/Enable devices Destroy device remotelyOffline use enforced by policyPassword complexityAudit log & device status

Secured with SPYRUS HSMTwo-factor authentication for administrators

SEMS architecture

SEMSClient

SEMSWindows

Domain Controller

AdminConsoleAccess

SEMS management of SPW devices

Demo

SPW & WTG: Bridging the gapHigh fidelity BYOD & Mobility experience with defence grade data protection

A Secure Bootable Portable PCin your pocket

Boot, Compute, and Scoot

Contact Details• Nadia.Vostrikov@Randtronics.com• Bob.Adhar@Randtronics.com

• www.Randtronics.com• Ph: +612 8873 1999• Product Enquiries :

enquiry@Randtronics.com

Developer Network

Resources for Developers

http://msdn.microsoft.com/en-au/

Learning

Virtual Academy

http://www.microsoftvirtualacademy.com/

TechNet

Resources

Sessions on Demand

http://channel9.msdn.com/Events/TechEd/Australia/2013

Resources for IT Professionals

http://technet.microsoft.com/en-au/

© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.