NLIT 2009
1 / 14

- PowerPoint PPT Presentation

  • Uploaded on

NLIT 2009. CREDANT Confidential. . 1. CREDANT Company Overview. Founded - September 17, 2001 To enable customers to manage security of data on any device – PDA, PC, MAC, USB Product Line - CREDANT Mobile Guardian (CMG)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about '' - johnson

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Slide1 l.jpg

NLIT 2009

CREDANT Confidential.


Credant company overview l.jpg
CREDANT Company Overview

  • Founded - September 17, 2001

    • To enable customers to manage security of data on any device – PDA, PC, MAC, USB

  • Product Line - CREDANT Mobile Guardian (CMG)

    • Data-centric, policy based, centrally managed data protection solution that "Protects What Matters"- your critical information

  • US-Based Company

    • Code developed in Addison TX.

    • Cisco Systems & IntelCapital are key investors

  • Accomplishments

    • More than 775 customers, 7 million endpoints

    • Solution recognized by leading industry experts

    • INC 500 Fastest Growing Security Company 2007 & 2008

2007 & 2008: #1 Fastest Growing

Private (Security) Company

2007 Data Security Leadership Quadrant

Testergebnis: 8.6

Very Good

CREDANT Confidential. Subject to NDA


Agenda l.jpg

  • The Business Problem

  • Centralized vs. Decentralized Management

  • Compliance with Federal Desktop Core Configuration (FDCC)

  • Supporting Imaging Across Platforms

  • Managing Shared PCs

  • Authentication Support

  • Roadmap

Encryption Solution Issues

The business problem l.jpg
The Business Problem



Internet Cafe







Test Data

Research Data

Purchasing Information

Social Security Numbers

SBU or Classified Government Information

Intellectual Property

Critical enterprise data resides on numerous endpoint devices — and the storage capacity and criticality of information continues to increase

CREDANT Confidential. Subject to NDA


The business justification encryption cost l.jpg
The Business Justification – Encryption Cost

  • Assume 1000 employees/contractors

  • Assume 250 use laptops that need protection

    • The ratio of machines that need protection and that don’t need protection will vary but the business justification is the same

  • Cost after discounts = $75/laptop

  • Internal labor/training costs to implement = $50/laptop

  • Total = $125/laptop x 250 laptops = $31,250

  • Just to be safe – double that to $62,500 to implement Data-at-Rest encryption solution (DAR)

CREDANT Confidential. Subject to NDA


The business justification breach cost l.jpg
The Business Justification – Breach Cost

  • Assume 10,000 personnel records lost

    • A 200GB HD can hold 2,000,000 100KB records

  • Cost to change each bank/credit card account

    • $15/record = $150,000

  • Cost per individual for a year of credit monitoring service

    • $60/individual = $600,000

  • TOTAL = $750,000

  • Does not include any legal fees, or the cost of security implemented after the fact

  • DoE data breaches carry risk that cannot be monetized


Slide7 l.jpg

Management Choices

Automatically detect users added to Enterprise directory and create encryption keys and policies. Detect media devices automatically.

Centralized Management


Encrypt and enforce encryption policies. Manage keys for hardware-based encryption. Control data usage outside the enterprise.



Manage and Audit – show device state at time of loss. Adapt to changing regulations. Securely Automate key escrow.

Encrypt &


Operate &








Operate and Support – reduce administrative costs. Centralize key escrow and access control (forensics).

Manage &


A centrally managed solution integrates with the Enterprise directory, providing enforcement of encryption policies and reducing management effort and cost.

CREDANT Confidential. Subject to NDA


Fdcc compliance l.jpg
FDCC Compliance

  • Users cannot have administrative rights on the PC

    • Impacts removable media support most

      • User cannot mount volumes

      • Users cannot install software

  • Users file system rights should be restricted

    • Incompatible with some encryption solutions

    • Pagefile must still be encrypted

      • Solution must be able to run outside of user privileges

  • Ports and protocols are managed/restricted

    • Encryption solutions must have flexible network settings

  • Automated Patching and Scanning Systems deployed

    • Encryption solution must not prevent malware detection remediation

  • IDS solutions are likely in use

    • Must be compatible with deployed IDS(s)

Imaging is now the standard way to deploy l.jpg
Imaging is Now the Standard Way to Deploy

This can be problematic if the DAR solution encrypts or generates keys for the image at install time

  • All devices may end up with same key

    • Changing the key requires decryption/re-encrypt

  • Encrypted images cannot be changed

    • The encrypted volume is not editable

  • Can add considerable time to imaging process

    • Requires unecessary encryption of an empty drive

  • Some solutions do not support standard imaging processes

    • Especially true if images are deployed to hard drives with different geometries

Shared pcs l.jpg
Shared PCs

Multiple Users per Device Create Management and Security Issues

  • Will users share boot passwords?

    • If not, then pre-boot accounts must be managed for each user

  • Does data access need to be controlled across users?

    • Does User A need to be prevented from seeing User B’s data

    • All users of the device may end up with same key

    • Pooled-devices may need to be wiped/re-imaged between users

  • Is Audit required to track system access?

    • Can you show who used which PC and when?

Authentication support l.jpg
Authentication Support

Many organizations have multiple authentication types

  • UID/Password

  • Tokens

  • Smartcards (HSPD-12m PIV)

  • Mixed-mode authentication

  • Are these supported by the DAR solution?

    • What does it take to get a new authentication type supported?

    • Do code updates may require decryption/re-encryption?

    • What tools need to be used to upgrade?

  • Can users switch between authentication types?

    • eg: UID/Password or CryptoCard and still access data on the PC

    • Temporary access while a token/smartcard is being re-issued

  • Does data access need to be controlled across users?

    • Does User A need to be prevented from seeing User B’s data?

    • Can this be tied to the encryption solution?

  • All users of the device may end up with same key

    • Pooled-devices may need to be wiped/re-imaged between users

  • Roadmap l.jpg

    Now there’s a Better Way:

    Full Data Encryption

    technology to solve

    current and future problems

    • Intelligent Encryption benefits:

    • User Cannot Choose – All Data Protected

    • User Encrypted Data Privacy

    • Single Console for all Management

    • Broad ALL mobile platforms

      • PC, USB Media, Handhelds

    • Avoid compatibility & operational impacts

    • Single agent can grow with future needs

    In the past there were

    two options in data




    • User Chooses Files

    • to encrypt

    Full Disk


    • No User Data Privacy

    • Patch management issues

    • System compatibility problems

    • Operational & performance issues

    • Dead-end Technology

    CREDANT Confidential. Subject to NDA


    CREDANT Confidential

    Management across platforms l.jpg
    Management Across Platforms

    Full Compliance Reporting

    Low Operational Impact

    All Solutions Managed within One Console

    Transparent to End-users

    CREDANT Confidential. Subject to NDA


    Slide14 l.jpg


    Contact Information:

    Eric Hay

    Director, Federal Field Engineering

    Ofc: 703.532.2720

    [email protected]

    Reduce the Risk of Data Compromise!