Effiziente Verwaltung und Nutzung
verschlüsselter Umgebungen
Platinum Partner Schweiz
Agenda/Themen
I.
Herausforderung Datensicherheit für Unternehmen
II.
Verwaltung verschlüsselter Umgebungen und
Alleinstellungsmerkmale
III. Der Markt / Markttendenz
IV. Bitlocker & SecureDoc
V.
Kosteneinsparungspotentiale
VI. Informationen zu WinMagic
VII. Live Demo
FDE Growing in adoption
 Data breaches a common occurrence today
 More than 660 million records compromised since 2013
 Windows continues its dominance as business OS
 IT faces increased risk with mixed environments & BYOD
 Only takes one lost or stolen unsecured device to ruin
reputation
FDE Growing in adoption
 Data privacy regulations are forcing adoption:




Health Insurance Portability & Accountability Act (HIPPA – US)
Personal Information & Electronic Documents Act (PIPEDA – CDN)
Data Protection Act (UK)
PCI Data Security Standard (PCI DSS – Global)
 The challenge with FDE: keep costs and IT complexity low
Business Challenge
As employees become more mobile and the data they
access can rest anywhere, it is becoming increasingly
difficult for IT to ensure the security of that data.
InformationWeek 2013 Mobile Security Survey
78%
Primary Security Concern: Lost or Stolen Devices
28%
Require Hardware or Software Encryption
39%
Have MDM systems with Remote Wipe
Organizational challenges linked to encryption
often mentioned…
Complicated
Expensive, Bitlocker is for free
Customer experience
Affects performance
Manage encrypted environments
Optimal world: Flexible, Future Proof, OS support, no changes to
existing processes
e.g. UEFI (Win 8)
Hardware Vendors
© 2013 WinMagic. All rights reserved.
SSD - SED
OPAL (OSA)
File Vault II
Bitlocker
7
Our Differentiators
Overcome challenges of pre-boot
authentication
One console, any platform
Streamline IT management while providing a
simplistic end user experience to accessing secured
information.
Centrally manage and secure corporate data,
no matter where it resides.
Unparalleled self-encrypting drive
management
Strong industry validation
Easily deploy and manage SEDs for maximum
performance and data security.
Global computing leaders, including HP and
Lenovo, choose WinMagic to secure their
customers’ most important asset – their data.
One console, any platform
Centralized Management
Easy Integration into accounts with multiple devices
Full Mobile Device Management (MDM) support and tracking
from a single console
Support for Windows, Linux, Android, OS X (FileVault2), iOS
Devices will be secure and compliant
Satisfying requirements for IT Management and End Users
Unparalleled self-encrypting drive management
Opal SED Support
Approaching cost parity with standard HDDs
Fast encryption & system performance
Demand & Supply are Increasing
Best of both hardware & software
Changing Marketplace – Industry Convergence
SSD – SED
- eDrive
Hardware Encryption
OEM’s
Built In Encryption
Strong Industry Validation
OEM Relationships
Pre-installed on all HP Business PCs & Laptops
Seamless upgrade with SecureDoc for HP
First to market with Win8 & UEFI Support
Deep integration with ThinkVantage Tools
Unique pre-boot networking functionality
PBConnex
Pre-boot network authentication
Enables authenticated users to boot their device without a local key file and
validate credentials before ever accessing the operating system.
User
SES
110100100101011
100101100001101
010101101011010
010100101010100
100101010110010
10101
Active
Directory
Recap: Manage encrypted environments
Optimal world: Flexible, Future Proof, OS support, no changes to
existing processes
e.g. UEFI (Win 8)
Hardware Vendors
© 2013 WinMagic. All rights reserved.
SSD - SED
OPAL (OSA)
File Vault II
Bitlocker
14
WinMagic Solution – Flexible, Future Proof, no changes to existing processes
HP Drive
Encryption
SSD - SED
OPAL (OSA)
© 2013 WinMagic. All rights reserved.
OEM’s
Flexible between Bitlocker,
WinMagic SW based or
OPAL , optional e- Drive)
File Vault II
15
Encryption Management evolution
Value
Best
Better
OK
Benefits
SEDs +
Bitlocker +/or
Bitlocker
Best TCO
Highest Level of Security
Extending the Protection
Maximizing Value
Minimum Compliance
at least Key Backup
Optimal BitLocker Management
Choose your pre-boot preference
– SecureDoc pre-boot with
PBConnex or Standard BitLocker
pre-boot with SecureDoc
enhancements
Standard BitLocker TPM
protection options
Manage Conversion Options –
BitLocker defaults to AES 128-bit
Set BitLocker policy on supported
devices or leverage SED or
SecureDoc encryption
SES vs. MBAM - PBA
Microsoft BitLocker
Administration and
Monitoring (MBAM)
SES BitLocker Management
With SecureDoc Pre-boot
With BitLocker Pre-boot
BitLocker
Pre-boot network user authentication (AD)
P
P
O
O
O
O
Multifactor authentication
- Tokens, smartcards, biometrics
P
O
O
Secure network auto unlock
P
P
P
P
O
O
O
O
P
O
O
O
Unique user authentication at pre-boot
Offline self help password recovery option
Challenge and response password recovery
Customizable Pre-boot Screen
SES vs. MBAM – Security Features
Microsoft BitLocker
Administration and
Monitoring (MBAM)
SES BitLocker Management
With SecureDoc Pre-boot
With BitLocker Pre-boot
BitLocker
Single Sign on
P
O
O
Password Synchronization
P
P
O
Policy driven removable media encryption with
key management
P
P
O
Policy driven File and Folder encryption with key
management
P
P
O
Challenge and response pwd recovery for
removeable media encryption
P
P
O
Port Control
P
P
O
SES vs. MBAM – Auditing
Microsoft BitLocker
Administration and
Monitoring (MBAM)
SES BitLocker Management
Client pre-boot login auditing
BitLocker Recovery key access auditing
With SecureDoc Pre-boot
With BitLocker Pre-boot
BitLocker
P
P
O
P
O
O
SES vs. MBAM – Installation & Deployment
Microsoft BitLocker
Administration and
Monitoring (MBAM)
SES BitLocker Management
Single location to configure BitLocker policies (No
need to configure GPO)
Automatic TPM Provisioning
Ability to secure and manage OS that do not
support BitLocker
Supports Self Encrypting drives (TCG OPAL
drives)
Supports Self Encrypting Drives (E-Drive)
Supports importing of standalone BitLocker
enabled machines into centralized management
Silent deployment with no user interaction
With SecureDoc Pre-boot
With BitLocker Pre-boot
BitLocker
P
P
P
P
P
P
O
O
O
P
P
P
P
P
P
P
P
O
P
O
O
SecureDoc BitLocker Management
• Best BitLocker Management solution in
market today
• Better IT administration with pre-boot
network authentication
• Multiple users on single system
• Support for multi-factor pre-boot
authentication
• TPM activation support
BitLocker + PBNA Saves Cost
PBConnex
TCO of Encryption
Cost of FDE solutions only a fraction of overall administration costs
The Value of FDE outweighs costs by 4 to 20x depending on the region
There is no ‘free’ encryption once administration costs are factored in
PBConnex™
Reduce TCO of overall IT administration significantly
 Cut password reset time by 75%
 Cut PC staging time by 75%
Savings of up to $240,000 per year in an 8,000 seat environment
About WinMagic
Headquarters
Toronto, Canada
Founded
1997
Customers
Over 84 countries
Certifications
Timeline
2006
2002
1998
Received first ever NIST
certification for AES
2000
2004
2010 PBConnex
First full-disk
encryption to
receive FIPS 140-2
Level 1 & 2 validations
Introduced first FDE
solution that offers
Pre-Boot Networking
(PBConnex)
2011
2008
PBConnex
2005
2009
2012
© 2013 WinMagic. All rights reserved.
Connect with us
For Switzerland:
Georg Gann
Director Enterprise Sales CEE, Benelux
georg.gann@winmagic.com
+49 176 100 34 551
Jens Albrecht
CEO, Security Engineer
jens.albrecht@insinova.ch
+41 41 748 72 00
www.insinova.ch
26
Web - www.winmagic.com/de
www.twitter.com/WinMagic
www.facebook.com/WinMagicInc
www.linkedin.com/company/WinMagic
Connect with Us
www.youtube.com/WinMagicInc
blog.winmagic.com
27