Encryption

advertisement
Encryption – First line of defense
Plamen Martinov
Director of Systems and Security
Agenda
• Encryption basics
• Importance of encryption
• Encryption solutions
– Laptops/Desktops
– USB/CD
– Email/Cloud
What is Encryption?
• Encryption is a security process that scrambles
information. It changes information from a readable
form into something that can not be read unless you
have the key.
This: Encryption changes data into an unreadable format
Becomes something like this:
Rmvtu[yopm dhqht3w 3qtq isem ze mrxephlebl oermzq
…so ONLY the person with the decryption key or
password can read the information
Encryption vs. Passwords
• Having a password does not necessarily mean
something is encrypted.
– Passwords by themselves do not scramble the information.
• If something is only “password protected,” it is not
enough protection - someone could bypass the
password and read the information.
Original
Password Protected
Encrypted
Why is Encryption Important?
• Laptops and USB devices can be
easily lost or stolen
• Statistics show that as many as one
in ten laptops will be stolen or lost
from an organization over the
lifetime of each computer
Encryption protects confidential information and helps
keep it private!
Why is Encryption Important? (Cont’d)
• HIPAA – Health Insurance
Portability and
Accountability Act to ensure
confidentiality of patient
health information
• Regulatory efforts impose
stiffer fees and fines in the
event that a breach occurs
and steps are not taken to
appropriately protect
sensitive data
• Breach Notification Laws require notification if
information was not
encrypted
Encryption technologies can assist with ensuring the confidentiality of patient
health information and also serve as a strong measure of protection against
today’s commonly anticipated threats, such as unauthorized access,
modification, and disclosure.
HIPAA Fines
• April, 2014 - OCR levies $2 million in HIPAA
fines for stolen laptops:
– $1,725,220 against Concentra Health Services for
an unencrypted laptop that had been stolen from
one of Concentra Health Services facilities.
– $250,000 against QCA Health Plan, Inc. of
Arkansas after an unencrypted laptop containing
personal health information for 148 people was
stolen from an employee's car.
What to Encrypt?
High Risk Confidential
Information:
A person’s name or other
identifier, in conjunction with:
• Personally-identifiable Medical
Information
• Dates (birth date, admission date,
discharge date, etc.)
• Social Security number
• Driver’s license
• State ID or Passport number
• Biometric information
• Medical Record # (MRN)
• Health Insurance #
Other Confidential
Information:
• Human Subjects information
• HR Records
• Credit Card Information
• Whatever you
considers confidential
BSD Encryption Solutions
Type
Encryption Solutions
Filevault 2
Apple
CBIS Credant**
BitLocker*
Windows
CBIS Credant**
Cost/Impact
Purpose
$0; native security feature, easy
Encrypt the contents
setup; vendor-supported; AES
of your entire drive;
128 encryption for data
Solution will work for
protection; can store recover
personally owned and
key with Apple; wellBSD-owned laptops.
documented install guide.
$60; CBIS installed and
managed; CBIS technical staff
required to restore system.
Solution will only work
with BSD-owned
laptops.
Encrypt the contents
$0; native security feature; AES of your entire drive.
128-bit and 256-bit; some
Solution will work for
hardware dependencies.
personally owned and
BSD-owned laptops.
$60; CBIS installed and
managed; CBIS technical staff
required to restore system.
Solution will only work
with BSD-owned
laptops.
* To use BitLocker, your laptop must be equipped with a Trusted Platform Module (TPM) chip, and it must be enabled.
** CBIS Credant is a commercial software solution installed and supported by CBIS. There may be licensing and support fees associated with this product. Contact CBIS for
more information.
BSD Encryption Solutions (Cont’d)
Type
Encryption Solutions
Filevault 2
Files/Volumes
AxCrypt
Aegis Secure USB
Key
External Storage
Aegis Padlock
Fortress
Cost/Impact
$0; native for Apple devices;
AES 128 encryption for data
protection; capable of
creating secure disk images
and file volumes
$0; has native versions for
both Window and Apple;
Uses strong compliant
encryption.
$65; unlocks with onboard
PIN pad, 256-bit AES
hardware-based encryption;
PIN activated 7-15 digits Alphanumeric keypad
$250; Secure PIN Access;
Real-time 256-bit Military
Grade AES-XTS Hardware
Encryption; Software free
design - No admin rights
required; Water and Dust
Resistant
Purpose
Creates secure disk
images and files for
data sharing via email,
cd or cloud
Creates secure disk
images and files for
data sharing via email,
cd or cloud
Securing transport of
data, documents, and
presentations
Securing transport of
data (500GB +),
documents, and
presentations.
Security – “Isn’t this just an I.T. Problem?”
Good Security Standards follow the “90 / 10” Rule:
•
•
10% of security safeguards are technical
90% of security safeguards rely on the computer user
(“YOU”) to adhere to good computing practices
The lock on the door is the 10%. You remembering to
lock, check to see if it is closed, ensuring others do not
prop the door open, keeping control of keys is the 90%.
11
Resources & References
• Center for Research Informatics
– Cri.uchicago.edu
• BSD HIPAA Program Office
– Hipaa.bsd.uchicago.edu
• Apple Encryption – FileVault 2
– http://support.apple.com/kb/ht4790
• Windows Encryption - Bitlocker
– http://windows.microsoft.com/en-us/windows-vista/bitlocker-driveencryption-overview
• Files/Volumes Encryption – Axcrypt
– http://www.axantum.com/axcrypt/
• External Storage Encryption – Aegis Secure Storage
– http://www.apricorn.com/aegis-secure-key.html
Download