This document summarizes Dell's full disk encryption solution featuring Seagate hard drives and Wave encryption software. The solution provides hardware-based encryption to securely protect laptop data and includes centralized remote management capabilities. Customers can purchase Dell laptops with this pre-installed encryption software and hardware to help satisfy data security and compliance requirements.
6. Dell Data Security Solution For Mobile Users Wave Embassy Remote Administration Server Dell Latitude D531, D630, D631, D830, E4300, E5400, E5500, E6400, E6400 ATG and E6500 Dell Precision M2300, M2400, M4300, M4400, M6300 and M6400 Seagate Momentus 5400 FDE.2 HDD Wave Client Trusted Drive Manager
7.
8. Trusted Drive operating in ATA Mode Default mode when embedded Security is Un-initialized Drive Controller Encryption Data Encrypted In ATA mode the encryption key has no access control Boot Block ATA Mode Operation When drive security is not enabled the drive functions as a normal ATA drive. At power-up the drive executes the code in the boot block and then execute normal windows boot-up from the drive.
9. Wave Software: Initialization of Trusted Drive embedded security All these steps can be remotely managed from a Domain console with the Embassy Remote Administration Server . Drive Controller Authentication Encryption Data Encrypted Provision pre-boot Enroll Users / Admin
11. Hardware vs. Software Encryption DELL CONFIDENTIAL INTERNAL ONLY Dell Hard Drive Encryption Software Encryption Computer Memory Resources Consumption No Yes CPU Cycles Consumption No Yes Encryption Key Access No Yes Encryption Key Generation Risk No Yes Turn Off Possibility No Yes Decryption need for OS Maintenance No Sometimes IT Deployement and Management Easy Moderate to Difficult Secure and instant Erase Yes No Recovery password Yes Sometimes Windows Password Synchronization Yes Sometimes Compliance Certification NSA approved FIPS 140-2 Remote Management Yes Yes Specific Drive need Yes No Non-Microsoft OS support No Sometimes
21. THANK YOU ! Stanley Mtshali [email_address] South Africa Rep (Agent) Wave Systems Corp +27 78 861 33 88
Notas do Editor
Where the buck stops on a lot of these threats is at the CEO’s desk. There are four key things to consider: The first is Regulatory compliance— It has become a mandate, whether you want to do it or not. Second is the Safekeeping of customer data —This is critical, particularly in the case of any organization that talks to individual customers. Examples are credit card companies or government agencies. There are numerous organizations where losing a pile of data could expose the personal information of thousands or even millions of customers, putting those individuals at risk of identity theft. CEOs also have to worry about abiding by their organization’s own Internal Security Policies —many times this is the fundamental check and balance against maintaining compliance to external regulations. And last is Protecting Corporate Intellectual Property which is simply a fundamental requirement of the job.
So if it is so obvious that organizations need to encrypt, why are people not doing it. In 2005, Ponemon did a study and found that 5 to 10% of laptops were not being encrypted at all. When asked why, there were 3 primary reasons. The first is System Performance - most full disk encryption software hits the hard drive and CPU pretty hard. Every time a bit has to get written back and forth to the drive, the CPU has to spend cycles there to crypt and decrypt . As applications and OS’s have gotten more complex the hard drives get hit a lot and that can slow system performance to a crawl. The second is Complexity – installation can be a complex and lengthy process. Turning on a full disk encryption software package can take many hours as it goes through existing data and encrypts every bit back and forth to the drive. Maintaining these systems can be time consuming as well. And last is Cost - encryption is not free, it costs something to do this. And much more than the modest cost of the software, is the cost of maintaining it. It’s the IT person having to touch every machine – every time something has to be changed; or every time you install an application that doesn’t play nice with the encryption software; or when an employee loses their password, or leaves the organization and they have to re-permission the machine
So what is the Dell data security solution for mobile users? Dell listened to its customers, from C-level Executives to End Users, partnered with IT industry leaders (Seagate and Wave systems) and created a comprehensive, hardware-based, data security solution. First box : We start with our Award-winning Latitude notebooks and Precision workstations. Second box: Then add the Seagate Momentus full disk encryption hard drive as a factory installed option and bundle it with Wave’s Embassy Trust Suite Trusted Drive Manager software to locally manage the encrypted drive. Third box: By adding Wave’s Embassy Remote Administration Server software, this enables remote deployment, lifecycle management, and automated compliance/reporting. Fourth box : And finally, when combined with Dell’s security best practices such as BIOS settings, Anti-virus software, utilization of multi-factor authentication solutions…. Fifth box: Dell has delivered The World’s Most Secure Commercial Notebook!
The Seagate Momentus 5400 FDE.2 hard drive is hardware based data protection device that prevents unauthorized access to data on a lost or stolen notebook – You could also say that it is protection for data at rest. The drive is available today from Dell in capacities up 120GB A few of the features provided by Seagate’s DriveTrust technology include: Full disk encryption , the drive employs the government standard of encryption algorithms (AES 128 bit) Pre-boot authentication , the OS will boot in a protected storage partition until the user successfully authenticates, only then will the drive unlock, and the system will boot normally to the Windows OS Quick erase , the administrator can simply delete the user’s hard drive password, thereby rendering all of the data on the hard drive inaccessible.
With your “Trusted Drive” solution out of the box your bring your customers strong pre-boot access control and a simple user interface. This makes things easier for the end user and the administrator – and this is what they have been looking for. You give them advanced administrative controls from a centralized remote management console and the ability to view logs so that they can prove that these systems conform to auditing and compliance requirements.
The Trusted Drive Manager is the basic client application that allows you to perform the basic utility functions to integrate the FDE drive into your daily workflow. When you initially boot the encrypted hard drive, the notebook will see it as a normal SATA drive. The Trusted Drive Manager enables the DriveTrust features, such as: Adding users Deleting users Unlocking the drive Setting Security Policies Set up for Pre-boot Authentication; which most users will utilize for additional security And it provides the hooks required to talk to the backend management software provided in the form of Wave’s Embassy Remote Administration Server
This overview was to provide you with a high-level understanding of a great way to position your full disk encryption options with your customer. These slides come from a more in-depth Dell overview on the same information. Today, we stressed the merits of hardware-based FDE and the management software your customer will need to activate the advanced security functions for their corporation. At Dell, the concept is that Seagate’s FDE drives are a “seismic shift” in the data protection landscape. Here at Wave we will continue to support your getting the message out ASAP. This is a win-win situation. If you’d like more information on the topic, please feel free to download Wave’s white paper “Protecting Your Business from Costly Data Theft” and the “Trusted Drive Manager Walkthrough Guide” offering you step-by-step instructions on implementing the TDM software for your Seagate FDE drives. These can be found on wave.com in the solutions section on the upper left hand side of the home page. For local sales and technical support in the Scandinavian Region, please call Bruno Chatellier, Wave’s RSM at +33674407099. Email bchatellier@wavesys-emea.com