Comprehensive Data-Protection for Computers Contact [email protected] or call us at (877) 375-2468...

1

Contact [email protected] or call us at (877) 375-2468 for more information • ©2010 DiskAgent®

Contents

Executive Summary ...............................................................2

Data Loss ...................................................................................3

Data Compromise ..................................................................3

Hardware Loss .........................................................................3

DiskAgent: Comprehensive Data Protection ................3

Backup ........................................................................................4

Remote Wipe ............................................................................7

Hardware Recovery ...............................................................7

DiskAgent in the Organization ..........................................8

Privileges ...................................................................................8

Policy Management...............................................................8

Organizational Deployment ...............................................8

Two-Party Authorization ......................................................9

A Partnership You Can Trust ...............................................9

Comprehensive Data-Protection for Computers

Our reliance on electronic information boosts productivity and lowers the cost of collaborating and managing quantities of information. Yet that reliance exposes costs and risks unacceptable in today’s competitive environment. Trends in connectivity, mobility and data breach legislation demand solutions quite different from those that sufficed in the recent past. DiskAgent provides a comprehensive data-protection solution to address these needs in our new environment.

WWW.DISKAGENT.COM

2


Executive Summary

For many organizations, electronic information is the single most valuable asset outside personnel. Protecting that asset from loss — the inability to access information you need — and from compromise — the exposure of critical information to unintended parties — is tantamount to protecting your business.

Today’s data environment is no longer confined to an organization’s local network, presenting new challenges and opportunities for data-protection. With laptops now the most common computers sold1, an organization’s critical information is spread across more working locations and schedules than ever before. Compounding the data-protection challenge, smartphones increasingly carry copies of work email, contacts, and documents.

WWW.DISKAGENT.COM

2

Data breach costs an average of $204 per record. How many records do you have?

3


Data Loss

Fifty percent of businesses that lose their data due to disasters are out of business within 24 months2 and 93% are out of business within five years3. Yet every hard drive that stores our critical information will fail at some point (Google reports that 1 in 14 drives fail in their second year of service). And unfortunately, the time to failure varies widely, so many drives don’t make it that long. More than 600,000 laptops per year are lost or stolen each year from U.S. airports alone4. Others are lost to more mundane problems such as fire and flood. All of us have experienced the mini-disasters that result from simple human error.

Without fool-proof data protection in place, every business that relies on electronic information is at risk from its loss.

Data Compromise

The persistence of data — in the wrong hands — can be as costly as its loss. How much of your electronic information would you want a competitor, identity thief, or even a stranger to have? What customer records, accounts, contacts, and financial documents would you be comfortable with them seeing?

The consequences are sufficiently grave that seasoned regulations such as HIPAA for healthcare, PCI-DSS in financial services, and FRCP for any company in a law suit specify requirements and best practices for handling data, backups, and preventing compromise. Newer legislation increases the stakes. Forty-six states now have data breach legislation, requiring that organizations publicly disclose incident details, and inform parties whose personal information is compromised5.

According to the Ponemon Institute, a typical data breach costs organizations an average of $204 per compromised data record6. The biggest component of that cost is lost business. A third of breach cases involve lost or stolen

laptop computers or smartphones, up 22% over the same survey two years prior.

Hardware Loss

$49,246. That’s the average cost of a lost laptop after accounting for replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity and legal, consulting and regulatory expenses7. Of course the computer replacement cost is a small proportion of that total, so why sweat the hardware? Because it may represent a repeatable pattern whose root-cause you must uncover to prevent a recurrence, such as deficient building security, or a problem employee. Tracking and recovering lost

computers and smartphones helps identify such causes, and prevent a repeat.

DiskAgent: Comprehensive Data Protection

These risks highlight the need for a comprehensive data-protection solution combining data backup, remote data wipe and hardware tracking. DiskAgent by Spearstone addresses these needs in a manner that works the way today’s organizations do, to deliver enterprise-level data-protection at a fraction of its traditional cost.

DiskAgent involves lightweight software installed on machines to be protected, and a web-based management area providing account, policy management and backup access. Users can balance central administration with

WWW.DISKAGENT.COM

3

Fifty percent of businesses that lose their data due to disasters are out of business within 24 months.

4


user autonomy according to an organization’s needs. DiskAgent uses a Software-as-a-Service model, so it requires no additional IT infrastructure, is highly scalable, and can be easily and rapidly deployed.

Backup

While the idea of backup is not complex, the features that make it usable are critical to the value its users can achieve from it.

Easy to use. DiskAgent can be configured in minutes, enabling users to set and forget their backup, until the data is needed. Users can specify their backup by file type — backing up all instances of a particular type wherever it is stored on a user’s system — or by folder location.

By making restores easy, DiskAgent serves not only the catastrophic loss, but also the day-to-day mistakes that plague productivity. Users can restore from their installed software, or from web-based access to their backups. If you’re on a different computer, you can search your backup for a particular file, choose from dated versions of it, and download anything from a single file to your entire backup.

Powerful. DiskAgent runs silently on a user’s computer, watching for files to backup. To minimize data loss since the last good backup preceding a failure, DiskAgent continuously captures changes to backed-up files. To minimize storage requirements and cost, only the portion of a backed-up file that changed is backed up on successive versions. Because it captures a version history of backed-up files, you can restore to the latest version or to a specific point in time.

DiskAgent recognizes a common assortment of large, frequently-changing file types such as Outlook email archives, and prevents bandwidth and CPU resource burden by enabling users to specify a frequency for updates to their backup.

WWW.DISKAGENT.COM

4

Google reports that one in 14 drives will fail within two years.

5


For databases, such as Microsoft Exchange, Active Directory or SQL Server, where multiple files must be “in-sync” to achieve a viable backup, DiskAgent can back them up without taking them offline. Simply define the file group to be synchronized, and DiskAgent does the rest.

Local or Remote Storage. DiskAgent is unique among backup solutions by enabling users to choose between – or combine – local and remote data center storage for their backups. With this option, users can make tradeoff decisions that balance cost, reliability, and recovery time.

With online backup, users get the most reliable and

secure storage possible with no administrative burden. DiskAgent stores backed-up data in at least two distinct data centers with best-in-class physical and network security administered by Amazon and DiskAgent technicians. Because restores are sensitive to Internet download speeds, the time required for complete restores of large (>100 GB) backups may be measured in days. Organizations can circumvent this problem by selectively restoring high-priority data first, on the theory that no one utilizes all their data at once. Alternatively, DiskAgent enables users to be shipped a copy of their backup on physical media via FedEx.

With local storage, users can select a resource on their local network as a backup storage destination. This

provides lower cost storage, and faster real-time restores (assuming local network speeds exceed their Internet speeds), at the cost of lower reliability and security and higher administration expenses.

DiskAgent enables organizations to combine local and remote backup storage thereby achieving the best of both worlds.

Secure. Any backup runs the risk of enlarging the “surface area” exposed to attack. It’s critical, therefore, that data protection customers carefully consider the security measures employed by their backup solution. This section summarizes the security measures that have made DiskAgent earn its customers’ confidence. If tech-speak isn’t your thing, feel free to skip to the next section.

DiskAgent employs a layered approach to security to ensure backed-up data is accessible only to the appropriately-privileged user.

Interactions with DiskAgent’s webserver are protected with an Extended Validation8, High Assurance 256-bit AES SSL certificate from DigiCert, Inc. DiskAgent validates user credentials passed via SSL before granting web access. DiskAgent stores only encrypted versions of any user password, meaning no DiskAgent employee can access or recover a user’s password (users must reset a password if lost). DiskAgent offers multi-factor authentication for web access: users can optionally incorporate a chosen a secret question and answer into their web sign-on and password-reset processes.

Analogous protections secure interactions between the DiskAgent software and its remote data centers.

After authenticating a user by comparing hashed values via SSL with credentials in secure data centers, the software receives a temporary permission (which must be periodically renewed) to interact with the data center.

WWW.DISKAGENT.COM

5

The average cost of a lost and breached laptop is $49,246.

6


Each backup gets a unique 256 bit AES encryption key (generated from cryptographically secure sources of randomness) enabling it to work with its own remote backup, and no other.

All user data is compressed and encrypted before it ever leaves a user’s machine. In fact, DiskAgent parses the encrypted file at the block level and stores those data blocks separately from the system that can reassemble the blocks. Neither system on its own can rebuild user data. All data transfers occur via yet another layer of encryption (SSL). Data that DiskAgent stores on your local storage device is compressed, encrypted, and parsed using the same algorithm described above. Therefore, any compromise of a DiskAgent storage device is useless to the attacker because they have no ability to reassemble the file let alone decrypt the data.

DiskAgent’s security measures exceed HIPAA and other regulatory requirements for all backed-up data to be secured, encrypted and stored off-site.

WWW.DISKAGENT.COM

6

DiskAgent’s security measures exceed HIPAA, SOX, PCI-DSS, state and federal data protection requirements.

7


Remote Wipe

Almost every organization has had a laptop lost or stolen. What’s troubling is that 71% report that it resulted in a data breach9.

DiskAgent provides protection from data breach by allowing users to remotely wipe (forensically erase) sensitive data from their hard drives on-demand. From DiskAgent’s secure login site, customers can initiate two forms of remote-wipe. As soon as their lost or stolen machine connects to the Internet, it begins executing the remote wipe action.

Two options trade-off different qualities important to users seeking to prevent data compromise.

Wipe Data. When a delete is performed, most operating systems do not actually remove the contents of a file. Instead, they simply remove the file system’s reference to the file because it is faster. The data actually remain on the drive, and until overwritten, can be read by software that reads disk sectors directly.

DiskAgent’s first remote wipe option addresses this risk by overwriting data according to the U.S. Department of Defense specification for secure delete10. This approach overwrites each file three times before deleting it, so it cannot be recovered by digital forensics techniques.

Tests show this approach requires approximately 35 minutes to securely wipe 50 GB. As a result, DiskAgent applies this wipe option only to files a user has backed-up within DiskAgent. If your laptop is recovered the next day, you can recover exactly what was deleted by performing a DiskAgent restore.

Destroy Drive. When a user believes that time is critical in erasing his data, the DiskAgent Destroy option can be employed to render the entire drive unusable in just a few seconds. The Destroy option renders a drive unbootable, and unmountable to be read as a secondary drive in another computer. This makes its data out of reach of everyone except for experts utilizing specialized recovery tools to recover data.

For those who want to combine both options, DiskAgent also provides an option to Wipe Data immediately followed by the Destroy Drive action.

Hardware Recovery

Ninety-two percent of IT security practitioners report that someone in their organization has had a laptop lost or stolen11. And with the all-in cost of each loss $49,264, you can’t afford not to track each down.

DiskAgent can track a lost computer by activating forensic data gathering component within its software. To be activated, users must complete an electronic request and provide a copy of a police report detailing the loss. Once activated, DiskAgent works with Internet service providers and local law enforcement where your report is filed to recover your computer. If DiskAgent fails to recover a laptop, the user gets $1,000 to help replace it.

WWW.DISKAGENT.COM

7

8


DiskAgent in the Organization

In organizational settings, DiskAgent helps administrators balance central administration with user autonomy according to their particular needs. It supports privilege levels, policy management, and remote/silent installation for larger deployments.

Privileges

DiskAgent’s privilege system enables administrators to grant users the privileges they need while defining limits that uphold team member privacy.

• Administrator users can create and fully manage any user accounts in their organization.

• Team Leads can administer user accounts, but not access others’ backups or perform restores.

• Power users have full control over their own backup.

• Read-Only users can access but not alter their backup or backup settings.

• DiskAgent even supports a No-Access configuration that shows no visible footprint of the software on their machine.

Policy Management

Most companies publish policies on what and when to backup. But despite these policies, busy workers often subvert written policies, undermining data-protection efforts.

DiskAgent policy administration centralizes configuration for DiskAgent administrators while enabling them to choose the level of control they extend to users.

Does your organization use specific file types such as those related to a practice management, graphic design, or financial analysis? Administrators can identify particular filetypes required for backup throughout their organization. Don’t want to pay for storage of

your employees’ music and video collections? Particular filetypes or folder locations can be prohibited.

Version Retention Policy empowers administrators to control how long versions and deleted files remain in a backup so they can make tradeoff decisions balancing the granularity of their recoverability, storage space required for backup, and their exposure to legal discovery efforts. Administrators choose the duration of a retention period within which files deleted from a users machine remain in backup and all file versions or a specified number are retained. Outside the retention period, organizations often choose to retain only the latest version of each file.

Schedule Policies enable organizations to optimize their Internet bandwidth usage by assigning their backups to take place at low-contention times of the day. When scheduled to transfer data during a part of the day, DiskAgent can nonetheless capture all file version changes that occur outside the backup schedule for upload once the scheduled period arrives.

Organizational Deployment

While DiskAgent provides an easy wizard-based setup for user installations, it also supports enterprise deployments through a command-line based installation that can be invoked from Active Directory, LANDesk, BMC, or other enterprise software management tools

Command-line installs can be tailored to optionally display the user interface during or after installation, and can be configured for a particular user, thereby prevent any user-login dialog from appearing when DiskAgent launches the first time.

WWW.DISKAGENT.COM

9


Two-Party Authorization

Under its standard configuration, a DiskAgent administrator has full control to set backup policies. However, because organizations rely on data-backup when all else fails, some executives want the assurance that their organization’s backup cannot be altered or deleted by any single person. After all, IT administrators often have control over much or all of a company’s active digital assets. If they also have full control over all its digital backups, it represents a vulnerable concentration of power that could be abused to destroy an organization’s electronic information.

Much as the military requires multiple approvals to launch weapons, DiskAgent’s optional Two Party Authorization spreads responsibility for certain actions

across two parties: a DiskAgent Administrator, and the Executive Approver. Once activated, Two Party Authorization requires the approval of both parties for any changes that apply to an organization’s backup, or to its backup policies.

A Partnership You Can Trust

Spearstone started in 2005 with a commitment to innovation and continuous improvement in data-protection. It drew on deep experience building solutions for Fortune 500 teams in legal, financial and professional services, as well as small-office users in healthcare and related fields. DiskAgent is the expression of its goal to deliver the protections large enterprises enjoy with the affordability that smaller professional organizations require.

Our drive to be the best-in-class commits us to providing a level of service that you’ll notice. We seek and act on customer feedback, as we consider you the most qualified judge of our success.

71% of organizations report that a lost or stolen laptop resulted in a data breach.

WWW.DISKAGENT.COM

1 Brian Gammage et al, “How to Reduce Your PC TCO 30% in 2011,” Gartner Inc., March 2009.

2 Faulkner Information Services.

3 US Bureau of Labor.

4 “Airport Insecurity: The Case of Lost Laptops,” Ponemon Institute, 2008.

5 “Bill 1386 Chaptered,” California State Senate February 12, 2002.

6 “2009 Annual Study: Global Cost of a Data Breach,” Ponemon Institute, LLC, April, 2010.

7 “The Cost of a Lost Laptop,” Intel Corporation and Ponemon Institute, April 2009.

8 ”Guidelines for Extended Validation Certificates,” CA/Browser Forum <http://www.cabforum.org/Guidelines_v1_2.pdf>.

9 “The Human Factor in Laptop Encryption,” Ponemon Institute, December, 2008.

10 NISPOM Standards, US Dept of Defense Standard 5220.22-M, Section 5, Subsection 8-5-3.

11 ”The Human Factor in Laptop Encryption,” Ponemon Institute, December, 2008.

Comprehensive Data-Protection for Computers Contact [email protected] or call us at (877) 375-2468...

Documents

Transcript of Comprehensive Data-Protection for Computers Contact [email protected] or call us at (877) 375-2468...