Trusted Computing a better alternative! © 2011 Wave Systems Corp. Confidential. All Rights...
-
Upload
lauryn-kershaw -
Category
Documents
-
view
213 -
download
0
Transcript of Trusted Computing a better alternative! © 2011 Wave Systems Corp. Confidential. All Rights...
Trusted Computing
a better alternative!
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Threats and liability have increased
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Security technologies
EnterpriseNetwork
Threats
Liability
SecurityTechnology
ClientServer
Distributed Computing
Hackers Viruses
Password Token/SmartCard
Software FDE
DLP
1990
2000
2010
Future
kept pacehave not
HIPAAFERPAEU Directive
SOXPIPEDA (CA)Notice of Breach
Threats and liability have increased
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Security technologies
EnterpriseNetwork
Threats
Liability
SecurityTechnology
ClientServer
Distributed Computing
GlobalNetworks
Hackers Viruses
Malware
Advanced Persistent Threats (APT)
Password Token/SmartCard
Software FDE
DLP TPM
1990
2000
2010
Future
kept pacehave not
Encrypting
Drive
HIPAAFERPAEU Directive
SOXPIPEDA (CA)Notice of Breach
PCIFFIECHITECH
NERCFED RegsState/Local Regs
Data Leakage and Targeted AttacksA Clear and Present Danger
What is your security plan?
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Insanity: Doing the same thing and expecting a different result.
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Security should be this easy
Makes on-going security decisions easier.
Solves today’s challenges and tomorrow’s.
Is an integral part of the systems you buy.
Allows for “plug-n-play” choices (universal).
Operates seamlessly and transparently
Covers devices, data and applications
Delivers comprehensive centralized control
Provides the knowledge to prove information is protected.
Cost-effective, transparent and hassle-free
The ideal security solution
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Trusted Computing Group
Founded in 2003 - currently137 Member Organizations
Standardized by Trusted Computing Group
Created by industry experts
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Framework to solve security challenges
Mobile Phones
Authentication
Storage
Applications• Software Stack• Operating Systems• Web Services• Authentication• Data Protection
Infrastructure
Servers
Desktops & Notebooks
Security Hardware
NetworkSecurity
Printers & Hardcopy
Virtualized Platform
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
NSA Trusted Computing Conference
2010 – 375 attendees; 40 vendors
2011 – 620 attendees; 60 vendors
September 2012 - ??
application layer
software FDE
integration with OS
Microsoft BitLocker
hardware integration
Self Encrypting Drives
Encryption solutions have evolvedBetter integration means better security
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Self Encrypting Drives: the technical basics
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Opal Self Encrypting Drives (SED) were introduced in 2009 SEDs have their own processor and RAM – making them
impervious to software attack. Encryption keys are stored in the drive controller chip
and never leave. Always-on AES encryption means all of the data is
protected all of the time. Drive-level verification blocks all read/write functions
until the user is verified. Support SATA interfaces and are FIPS 140-2 certified. Available in spinning disks or solid state. A wide selection from Hitachi, Micron, Samsung
and Seagate Seagate has shipped over 1M drives Dell, HP and Lenovo sell at little to no added cost
SEDs have zero impact on performance
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00
Read
Write
Extensive Data Read / Writes
Seagate Momentus 7200 Seagate Momentus 7200 SED
0.00 10.00 20.00 30.00 40.00 50.00 60.00 70.00 80.00 90.00
Software Encryption #3
Software Encryption #2
Software Encryption #1
Avg Software FDE
Seagate SED
Seagate (No Encryption)
Drive Throughput - Heavy Data Reads
1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010
SED encryption is virtually instantaneous
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
1 Trusted Strategies LLC, "FDE Performance Comparison, Hardware versus Software Full Drive Encryption" February 9, 2010
41.26
54.76
26.37
40.80
23.22
21.42
0.00 10.00 20.00 30.00 40.00 50.00 60.00
Software Encryption #3
Software Encryption #2
Software Encryption #1
Avg Software FDE
Seagate SED / Wave Embassy
Seagate (No Encryption)
Time to Return from Hibernation
23 Hr 46 Min
8 Hr 9 Min
3Hr 16 Min
0 Minutes - Data Encryped as loaded
0 200 400 600 800 1000 1200 1400 1600 1800 2000
Software Encryption #3
Software Encryption #2
Software Encryption #1
Self Encrypting Drive
Time Required to Encrypt Drive
SEDs offer big savings
Total Numer of PCs that require FDE 1,000PC Lifespan 3 Managed Software Wave Managed SED
Acquistion CostsClient Software $0.00 $0.00Enterprise Software (Mgmt) $75.00 $100.00SW Maintenance $56.25 $75.00Hardware $40.00 $20.00Total Acquisition Cost (per seat) $171.25 $195.00Total Acquisition Cost $171,250.00 $195,000.00
Deployment CostsFDE Setup & Configuration $76.34 $19.60Total Deployment Cost (per seat) $76.34 $19.60Total Deployment Cost $76,336.71 $19,602.27
Ongoing Mgmt CostsAvg. Incremental Cost to Maintain w/FDE $299.66 $117.61Added IT Cost for Re-imaging a PC with FDE $33.43 $0.00User Productivity Cost (do to re-imaging) $29.61 $0.00Avg Cost to Sanitize (Wipe) a Hard Drive $3.29 $0.00Total Mgmt Cost (per seat) $365.98 $117.61Total Mgmt Cost $365,981.42 $117,613.64
Total Cost of Ownership (TCO) Per Seat $613.57 $332.22 Total Cost of Ownership (TCO) $613,568.13 $332,215.91
Processor: I5 2.5GHz to 2.6GHzMemory: 2GB to 4GB
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
SED Case Study: Big 3 US Automaker
100,000 + end users with various backgrounds and technical skill sets
Very complex and global infrastructure. Needed for a single solution that was hassle free and low
cost Attempted software FDE but could only deploy about 4500
platforms over 3 years – high costs and failure rates SED Pilot phase – 45 days and 250 users Deployed about 100,000 SEDs over a 2 year period
Passwords can be easily guessed or stolen
Software certificate private keys can be readily and unknowingly exported with “jailbreak”
RSA tokens have been shown to be vulnerable to attack
Consider: additional layers of device security
+ =
The status quo is no longer good enough
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Data Encryption
Known Users
Known Devices
+ REAL SECURITY
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Trusted Platform Module:the technical basics.
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
The Trusted Platform Module (TPM) was introduced in 2003. Today over 500 million systems have TPMs. Creates and protects secrets.
Inherently secure against brute force attacks. Establishes “chain of trust” for keys and credentials. Supports PKI X.509 digital certificates. Performs digital signature operations.
Securely measures, stores and reports on integrity metrics. Holds platform measurements (hashes).
It’s already in every computer you own!
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Devices are a proven foundation for network security
Mobile phones, cable and satellite boxes
Billions of devices connect directly to today’s sophisticated global networks
Eliminates the risk of unknown devices infecting the network with viruses.
Strengthens user authentication by providing a second factor – the device.
Security you already own and have deployed across your entire organization.
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
TPM Case Study: PricewaterhouseCoopers (PwC)
Security footprint: 150,000 employees, across 850 locations in 142 countries
Concerned about non-authorized users on the network. The use of TPM proved successful in mitigating “Jailbreak”
risk. Virtually all of PwC’s computers had TPMs. TPM-based certificates for VPN and WiFi access Cost analysis found that smartcards were at least 2X TPM
and USB tokens were 3X TPM. 85,000 seats into their rollout TCG standards can be implemented in small, manageable
steps without changing the current infrastructure
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.
Choose Trusted Computing
How can I get started today?
Add self-encrypting drives to all new laptop orders If using BitLocker, ensure TPMs are used for BL key
protection and they are managed Protect your VPN and WiFi software certificates with the
TPM Restrict network access to only known devices Consider platform integrity to defend against APTs Question your vendors about their plans for delivering
provable security
Ask us how
877-228-WAVE
www.wave.com
Visit our web site for case studies and white papers.
© 2011 Wave Systems Corp. Confidential. All Rights Reserved.