Closed Circuits for Information: 360° Data Protection for the Enterprise
Current Threat: The powerful combination of legislation, negative PR, and legal liability has ensured that data protection is perhaps the most important information technology challenge facing organizations today. The solution landscape is overflowing with products that promise to address just a single aspect of data protection, but for the under-resourced and overstretched CIO in a typical enterprise, implementing multiple point solutions is simply not a practical option.
Tomorrow's Technology Today: Secuware Security Framework (SSF) ensures that only Authorized Individuals using Authorized Devices and running Authorized Applications can access Authorized Data. SSF integrates directly with all major LDAP-based directory services, including Active Directory and ADAM.
A Pre-Boot Authentication process, tightly integrated with Windows and Active Directory, ensures that strong user authentication is required for any data or system access. This process leverages investments in existing security infrastructure and eliminates the need for a separate Identity Management system.
A data-centric approach to media and file encryption enforces data privacy and access controls. Additional data access controls allow system access only to authorized USB and Firewire devices. Application control limits user access to a predetermined list of approved programs. As a side benefit, application control delivers an additional layer of defense against viruses, Trojan Horses and other malware by preventing the accidental or deliberate activation of unapproved executables. Application control also contributes significantly to system stability, as users always have known, tested application configurations.
This combination of controls creates Closed Circuits for Information - zones of security that protect corporate data in much the same way that a CCTV system displays images only in a restricted area. The resulting tight integration with Windows results in a “secure operating system” that protects data from the boot process onwards.
SSF architecture is low-overhead and highly scalable, comprising a lightweight Windows Client and a Management Console. It does not require its own servers or a dedicated database and database server. The client is easily deployed using standard software management tools.
Security configuration and administration (policy creation) is performed through directory snap-ins. System administration (assigning policies to users and systems) is handled through the standard directory console. Security policies, in the form of user and computer profiles containing encryption keys, are stored in the directory as schema extensions. For security, the encryption keys are not directly available to either security or system administrators. Policies take effect at the next login or Group Policy Object push.
SSF provides data protection using symmetric encryption keys. One key is used for local hard disk encryption and additional encryption keys are assigned to non-local storage, including removable media, USB and FireWire devices, and network folders. Each encryption key is associated with a “named device”; there can be multiple named devices for a given device type, such as CD/DVD. Named devices can be assigned to any number of different user and computer profiles, allowing for highly granular security policies. This elegant and straightforward approach eliminates the complex issues associated with a PKI.
SSF provides additional data access controls through profiles for authorized devices and authorized applications. If an authorized device profile is in force, only pre-authorized devices will be able to communicate with a system, whether or not the data on the device is encrypted. If an authorized applications profile is in force, only those applications that were pre-approved by the security administrator can be run by the user.
Conclusion: Users benefit from transparency of data, application and device access. Everything needed to do their jobs effectively is available to them as if no security were in place, regardless of physical location Corporations are assured that sensitive data cannot be accessed by any unauthorized individual, inside or outside the organization.
440 North Wolfe Road
Sunnyvale, CA 94085
Tel: 1 408 524 3070