"Data Security Solutions" (Riga, Latvia) is is known as IT security specialist with international experience who defends its customers against the greatest threat of the 21st century - cyber-criminals and as well against disloyal employees by using the most innovative data security solutions from global IT market. In this presentation DSS presents one of the world leading solutions in encryption area - Symantec.

1. ARROW INSPIRATION DAY, RIGA
Symantec Deepens
Encryption Offerings
Raivis Kalniņš

2. Agenda
2
Data Lifecycle
Encryption can Start Anywhere
Whole Disk Encryption
Removable Storage Encription
File and Email Encription
File/Folder Encription
Encyiption Management

3. Data Lifecycle
The director of finance
downloads data from the
customer database. He drafts
the “Year End” results
spreadsheet and saves it on
his desktop PC.
3

4. Data Lifecycle
The director of finance
downloads data from the
customer database. He drafts
the “Year End” results
spreadsheet and saves it on
his desktop PC.
The director stores a copy
of “Year End” results in a
shared directory on a
corporate server for the
finance team.
4

5. Data Lifecycle
The director of finance
downloads data from the
customer database. He drafts
the “Year End” results
spreadsheet and saves it on
his desktop PC.
The director stores a copy
of “Year End” results in a
shared directory on a
corporate server for the
finance team.
The finance manager accesses the “Year End”
results, adjusts the numbers, and emails the file to
the company’s outside accountant.
5

6. Data Lifecycle
The director of finance
downloads data from the
customer database. He drafts
the “Year End” results
spreadsheet and saves it on
his desktop PC.
The director stores a copy
of “Year End” results in a
shared directory on a
corporate server for the
finance team.
The accountant accesses the
email on a handheld and
forwards it with comments
to a colleague. She reviews
“Year End” results and saves
it on a laptop and a thumb
drive.
The finance manager accesses Year End results,
adjusts the numbers, and emails the file to the
company’s outside accountant.
6

7. Data Lifecycle
The director of finance
downloads data from the
customer database. He drafts
the “Year End” results
spreadsheet and saves it on
his desktop PC.
The director stores a copy
of “Year End” results in a
shared directory on a
corporate server for the
finance team.
The accountant accesses the
email on a handheld and
forwards it with comments
to a colleague. She reviews
“Year End” results and saves
it on a laptop and a thumb
drive.
The colleague gives the thumb
drive to the onsite auditor, who
transfers “Year End” results to
his laptop so he can review it
later at home.
The finance manager accesses Year End results,
adjusts the numbers, and emails the file to the
company’s outside accountant.
7

8. Data Lifecycle
How many people had access to data today?
- Director of Finance
- Finance Team
- Outside Accountant
- Outside Accountant’s Collegue
- Onsite Auditor

9. The Encryption Discussion Can Start Anywhere
9
Field
Data Center
Headquarters
Field Offices
What is the
organizational
policy on USB
drives? Could there
potentially be
intellectual property
(IP) on these drives?
Email protection regulations and
mandates?
What is being downloaded to employee
systems? Trojans, malware, unauthorized
software?
Tangible/intangible
costs of a lost
laptop – customer
data? Personnel
data? IP?
Are there customer
addresses stored on
mobile phones?
Data on HR/Legal/Finance/Other
Shared servers residing in the clear?
Nightly transactions / backups sent
outside the organization?

10. Barriers to Sale and Value Proposition
10
Potential Barriers Description Value Proposition
Encryption solutions
are complex
Ease of implementation, ongoing
management, long-term cost of
ownership
Experience: Solutions are
easy to deploy
Limited resources
Need to share IT staff across
multiple activities. Endpoint
encryption should integrate with
existing IT infrastructure
Leverage: Uses existing
infrastructure architecture
Substantial training
required
Substantial upfront and on-going
investment in training costs
Simple: Little or no training
required for end-users
Resistant end-users
Need to preserve existing
workflows; not change how users
perform their job
Transparent: User behavior
need not change
significantly
Diverse devices
Mandated to protect all devices
containing sensitive data.
Comprehensive: Protection
across devices, platforms

11. Symantec Strategy

12. Things to remember
Encryption is not a new technology, but it is a security control
that has NOT been introduced into a majority of environments.
Most companies don’t have a lot of experience with Encryption
and their criteria is based off of Internet research (hastily done) or
a vendor. There is rarely expertise in the field.
Most companies are looking at Encryption in the face of an
event: lost/stolen system, audit and/or regulatory hit.
Most companies are on an aggressive deployment schedule.

13. Encryption on the Endpoint

14. PGP – Whole Disk Encryption
Whole disk encryption for desktops, laptops, and Windows®
servers. Supports Windows®, Mac OS® X, and Linux® platforms
Encrypts desktops, laptops, and USB drives
Protects against personal computer loss, theft, compromise and
improper disposal
Reduces risk of loss of PII (Personally Identifiable Information) and
other sensitive data
Protects against reputation damage
Demonstrates compliance to regulatory standards
Supports Windows, Mac OS X, and Linux

15. Whole Disk Encryption – How it Works

16. Symantec EE Management System
High availability
Web services transport, communications
Database server mirroring, failover and HA
Active Directory replication, failover
Supports Windows cluster services
Seamless integration
Directory services
Software deployment
User authentication
Workgroup encryption
Wake on LAN
Leverages familiar, proven technologies
Active Directory, IIS, SQL Server, Linux, ASP.NET, PKI, and so on
Simple to deploy, easy to learn and support
Scalable >100,000 endpoints per server
16

17. Symantec Endpoint Encryption – Full Disk
17
Policies Auditing
Full-Disk
Encryption
Opal Self-
Encrypting
Drives
High-performance, true full disk
encryption
Pre-boot user authentication
Rapid deployment and activation
Extensive support for smart cards,
CAC, and PIV
Non-disruptive maintenance and
patching
Supports Windows and Mac OS X

18. Symantec EE – Removable Storage
Secure portable data at rest
– Enforce mandatory removable storage
encryption policies
– Access and re-encrypt data from any PC or
Mac
Granular file and folder based
encryption
– Allow encrypted and unencrypted data on
user devices
– Enforce policy-controlled exemptions by file
type and device
18
Centralized – Integrated
Management Console
Policies Auditing
Removable
Media
Encryption

19. File and Email Encryption

20. Where Is Sensitive Data at Risk?

21. Gateway Email Encryption – How it Works

22. Desktop Email Encryption – How it Works

23. File/Folder Encryption
23
User file protection
Shared file protection
Distributed file protection
Protect shared files and folders
Protect transferred files and folders
Protect individual files and folders
PGP NetShare, PGP Command Line

24. PGP NetShare
24
Client-based Protected File Sharing
?
Finance encrypts a file
on the server using
PGP NetShare
11
Finance allows HR to
view/edit the file on
the server
22
HR can view and edit the
file on the server33
HR saves the file to the
server and PGP NetShare
maintains protection
44 55 Sales tries to view the
document and the
document is unreadable
When the document is copied
to backup tape, it remains
protected
66

25. PGP Command Line
Scriptable Encription
– A complete library of encryption commands
– Simplifies encryption integration into business practices
Wide Range of Platforms
– Supported on over 35 supported operating systems
Windows, Linux, Solaris, Mac OS X, HP-UX, IBM AIX, iSeries, zSeries
– Runs with most scripting languages, such as Perl, Python, JavaScript, and more
Many Uses
– End-to-end protection for the internal or external transfer of files
– SDA enabled distribution of files via CD, DVD or file servers lockboxes
– Encryption protection and recovery of backed-up and archived files
25
File encryption for server protection & file transfer

26. PGP Command Line – How it Works
26
Data DistributionData Distribution
File TransferFile Transfer
Data BackupData Backup
> pgp –es dbdump.sql – r admin@company_a.com
dbdump.sql:encrypt (0:output file dbdump.sql.pgp)
> pgp –es dbdump.sql – r admin@company_a.com
dbdump.sql:encrypt (0:output file dbdump.sql.pgp)

27. Encryption Management
Centralized management for all of the PGP® Applications
27
Central Administration
- Manages users from a central location. Supports LDAP
integration
- Provides tools to help manage and deploy clients
Policy Enforcement
- Controls when encryption must be used
Reporting and Logging
- Tracks device and data encryption and user events
Key Management
- Ensures that keys stay protected with proper access
controls, along with mechanisms available for safe data
recovery

28. Defense-In-Depth: Encription + DLP
28

29. Encryption Management
29
Thank you!
Raivis Kalniņš
raivis@dss.lv
info@dss.lv
GSM: +37129162784
GSM: +37126113545