Securing the laptop with SafeNet & Sophos
With almost daily disclosures of data leaks and spying activities, it should be clear that simple password protection is a thing of the past. To secure your information, especially on computers that leave the office, two factor authentication should be a requirement.
Whatever security you use, it is important that it is easy, comprehensive, not hampering productivity, and can be used in the field.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The Secure laptop - intro BXL
1. Insert Your Name
Insert Your Title
Insert Date
SafeNet – Sophos
Secure Laptop session
26th of February 2014 – Atomium Brussels
Len Lavens – Yves Van Tongerloo – Richard Nitters
– Vincent Vanbiervliet – Peter Magez
2. Agenda
Introduction: 17.00 - 17.30
Yves Van Tongerloo (SafeNet) & Peter Magez (Sophos)
Challenges of securing the laptop: 17.30 - 18.15
Len Lavens
See it in action - live demo: 18.15 - 19.00
Richard Nitters (SafeNet) & Vincent Vanbiervliet (Sophos)
Dinner: 19.00 onwards
2
3. About Sophos
Founded 1985 in Oxford, UK
Appx. $400 million in FY13 billings
Appx. 2,200 employees
Over 220,000 customers
Over 100 million users
HQ in Oxford, UK and Boston, MA
Best in class renewal rates (90+%)
20,000+ channel partners
OEM Partners: Cisco, IBM, Juniper, Citrix, Lenovo, Rackspace
Key development centers: Abingdon, UK; Vancouver, BC;
Karlsruhe, Germany; Linz, Austria; Budapest, Hungary;
Ahmedabad, India
20+ additional offices worldwide
Sophos in Oxford, UK
4.
5. The idea
Infosec 2008: meeting with Len Lavens
The request: a secure laptop: simple, easy to use and
highly secure
The solution: SafeGuard Device Encryption and
SafeNet e-token
6. A quote
―Complex solutions aren’t solutions. We
make security for the real world – for
the pragmatic enterprise. Simple
security is better security.‖
• Kris Hagerman, CEO Sophos
7. Sensitive data is everywhere today
Cloud storage MobilesPersonal devices
Traditional corporate perimeter
8. Some facts and Figures
86% of organizations has had a laptop lost or stolen1
$49,246 is the average value of one lost laptop2
7.1% of laptops will be lost at some time in their life2
>8,000 laptops left behind in US airports every week3
81% of medium-size (100-1,000) companies don’t
have encrypted laptops4
64% of large-size (1,000+) companies don’t have
encrypted laptops4
1. Ponemon Institute, 2010,
2. Ponemon Institute, 2013
3. Ponemon Institute Research 2008 (67% of 12,000)
4. IDC 2012
9. Sophos Data Protection Strategy
Secure Data
Everywhere
Removable, Network
files, Mobile, Cloud
Multi-platform
Management
Windows, Mac,
Mobile
Performance
Leverage native
OS encryption
Deliver the Best of Both Worlds:
Security and Performance
11. About SafeNet
The Data Protection COMPANY – key facts
We protect the most
money that moves in
the world, $1 trillion
daily
We protect the most digital
identities in the world.
(+ 35 million identities)
We protect the most
classified information
in the world
FOUNDED
1983
REVENUE
+450m
EMPLOYEES
+1,600
- 26 countries
> 800 crypto
engineers
OWNERSHIP
Private
GLOBAL FOOTPRINT
+25,000
Customers in
100 countries
ACCREDITED
Products certified
to the highest
security standard
over 130 FIPS
certificates
11
Recognised by Gartner
as the Leader for
Authentication
13. SafeNet: THE User Authentication market leader 2014
Gartner Recognizes SafeNet in Leaders Quadrant in Magic Quadrant for User
Authentication.
SafeNet positioned as a market leader for its completeness of vision and ability to
execute
13
16. Identities Transactions Data Communications
SafeNet Data Protection Product Portfolio
Offering the broadest
range of authenticators,
from smart cards and
tokens to mobile phone
auth—all managed from
a single platform
Authentication
Offering The most
secure, and easiest to
integrate technology for
securing PKI identities
and transactions.
HSM
SafeNet’s DataSecure – a
Universal platform
delivering intelligent data
protection and control for
information assets
Data Encryption
and Control
SafeNet high-speed
network encryptors
combine the highest
performance with a unified
management platform
High-Speed
Network Encryption
16
17. File Servers
Databases
Applications
SafeNet: Protecting Your Data
Virtual Machines
SaaS Apps
Storage Networks
Encrypt Your Data
1
Internal Users +
Administrators
Cloud Providers
Admins/Superusers
Customers +
Partners
Secure &
Manage Your
Keys
2
Control
Access
3
WHERE IS YOUR DATA? WHERE ARE
YOUR KEYS
WHO AND WHAT IS
ACESSING YOUR DATA
19. • Secure laptop (ex: for 100 users):
• SafeGuard Device Encryption (with SafeGuard Management Center) +
SafeNet Etoken (software included)
Standard buying price: 150€/user
Promo (only for attendees of this session): 99€/user
*Promo valid till June 30th 2014
• How to buy
• Via your preferred Sophos or SafeNet reseller
• Peter.magez@sophos.com
• Yves.VanTongerloo@safenet-inc.com
Secure Laptop Promotion
20. Insert Your Name
Insert Your Title
Insert Date
SafeNet – Sophos
Thank You!
Yves Van Tongerloo – Sales Manager SafeNet
Yves.vantongerloo@safenet-inc.com - +32 476 46 99 11
Peter Magez – Sales Manager Sophos
Peter.Magez@sophos.com - +32 497 44 00 62
Notes de l'éditeur
Over the last decade or so there has been a big shift in how people tend to work and also how they access corporate data and corporate resources. Sensitive corporate and customer data is moving outside the relative safety of the traditional corporate security perimeter – which is computers on site and within the corporate firewall. Users today want to access information in an increasing number of ways: For example accessing files on personal computers at home, on their own tablets and mobiles, or sharing data through public cloud storage providers. Basically, sensitive data can be found EVERYWHERE today. [Having data move to so many places and devices outside the direct control of organization of course creates challenges…]
To give this some perspective, I wanted to share a few interesting stats that are relevant to data protection. It is interesting to note that a large majority of all companies – 86% – has had a laptop lost or stolen at some point. The cost of the hardware when losing a laptop is of course not particularly significant – it is the data it contains that holds the real value. The average value of every lost record is well over US $100 / about €100 per record which adds up to almost US $50,000 per lost laptop as a global average. Another fact that certainly made me raise my eyebrows when I first came across it, is that over 8,000 laptops are being left behind in US airports EVERY WEEK and these were never reclaimed - which is an absolutely astonishing number. The research behind this (by Ponemon Institute) was done quite a few years ago now - back in 2008 – although that with the way people still travel and use laptops, it is quite reasonable to assume that the numbers are at least similar today, if not even higher… Also, over 80% of medium-size companies, with 100-1000 users, don’t even encrypt their laptops – leaving over 4/5ths very vulnerable to the risks associated with data breaches or lost hardware. This of course makes this company size a very attractive target segment for SafeGuard Enterprise.
[So, that brings me to the main cornerstone in our new Data Protection Strategy, (which is) to Deliver the best of both worlds: Security and Performance…]Performance: Recent versions of both Windows and Mac already have disk encryption technology built-in: BitLocker on Windows and FileVault 2 on Mac. To make sure that encryption is as fast, reliable, and as seamless as possible, we now leverage this built-in - or “native” - encryption technology whenever it is available - which dramatically improves performance compared to any proprietary 3rd party encryption technology. Since the built-in encryption processing sits at a lower layer and integrates tighter in the OS – it can boot and run faster, making encryption virtually invisible to the user. SafeGuard Enterprise comes with excellent functions that manage clients encrypted with both BitLocker and the FileVault 2 in the same Management Center console. Meaning that there is no need to maintain separate management processes on Windows and Mac for deployment, key recovery, reporting etc. [Next pillar:]Having the ability to efficiently and centrally manage devices, keys, policies, recovery etc. across all devices in the organization is absolutely critical in order to “keep encryption simple” so the second part of our strategy is Multi-platform Management: Ensuring that all devices can be managed from the same console/Management Center regardless of platform. Windows and Mac are supported from this release and looking into the near future, also mobile devices will follow suit. [Next pillar:]Finally, the third part of our new strategy is to Secure Data Everywhere. As I already mentioned at the very beginning, with the changes to how people work these days, knowing that data is safe, no matter from where it’s accessed or shared means peace of mind and ultimately security (RM, NW files, mobile, cloud etc)[Before we take a look at the new features, I just would like to quickly cover what all of this means to who we believe is the ideal customer for SafeGuard Enterprise…]
An organization has to consider three factors when building a comprehensive data protection strategy. First, where does their sensitive data live? There is customer and employee data residing typically in databases, financial information in file servers, and back-up in storage networks. Then there is enterprise data sitting in the cloud – associated with applications such as SFDC. At least in physical data centers, enterprises are aware of where the data is…but as data centers get virtualized and move to cloud, the enterprises fear losing control over their sensitive data. But, in all scenarios, the bottom line is that organizations have to be able to encrypt their data: structured, unstructured, virtualized or cloud. To support encryption you need key management – your encryption can easily be undermined if you don’t have strong key management. Key management is a complex problem – strength of the keys, rollover policies – all depending upon the type of application or data you are encrypting. And finally, it is not just about encryption, you still have to control who has access to what application, data. Compliance mandates require clear separation of duty – which plays into strong authentication and authorization implementations within the enterprise.