WHITE PAPER. Data Erasure for Enterprise SSD: Believe It and Achieve It
|
|
- Ellen Lang
- 5 years ago
- Views:
Transcription
1 WHITE PAPER Data Erasure for Enterprise SSD: Believe It and Achieve It
2 Solid state drives possess traits that make end of life data erasure absolutely necessary. But SSD data erasure also presents unique challenges. Here s how to overcome them. If you re like the majority of organizations, you have solid state drives (SSDs) in your desktops, laptops, servers and data center. Half of data centers had deployed SSDs by 2014, and the remaining half planned to consider them by 2015, according to IDC. In fact, global spending on enterprise SSD will more than double from about $5 billion in 2015 to nearly $11 billion in $11 billion Global spending on SSDs will more than double to nearly $11 billion in 2018 Data Erasure Drivers The need for data erasure, especially at equipment end of life, has been well-established. There are several key drivers of this imperative. First, organizations are managing more data, with global volume predicted to mushroom from 4.4 zettabytes (ZB) in 2013 to 44 ZB in Meanwhile, data thieves are becoming more sophisticated, with more cyber attacks backed by organized crime groups and sovereign governments. In fact, organizations suffered 79,790 documented data security incidents and 2,122 confirmed data breaches in And the financial burden of stolen data is rising, with the average cost of a data breach reaching $3.8 million in 2014, or about $150 per record, up 23 percent from $3.8 million Average cost of a data breach Source: IDC Like all data storage devices, SSDs need to be fully erased at key transition points in their life cycle, especially at end of life. To neglect erasing enterprise SSDs is to risk exposing sensitive corporate data, such as employee records, customer information, and intellectual property, when the devices are repurposed, resold or discarded. But SSD data erasure presents unique challenges and risks. To protect your data and your business, you need to understand the requirements of SSD data erasure and invest in an enterprise-class data erasure solution specifically designed for SSD. Source: IDC 44,000 EB Projected global data volume in 2020 Source: Ponemon In the face of data breaches, governments are ratcheting up regulations. At least 75 countries have data protection laws, as do most U.S. states from California to Massachusetts and from Alaska to Florida. Companies must now comply with both general and industry-specific regulations and guidelines, from the Sarbanes-Oxley information security standards, to the Health Insurance Portability and Accountability Act (HIPAA), to the Payment Card Industry Data Security Standard (PCI DSS). More regulations are on the way. The Obama Administration s Consumer Privacy Bill of Rights, proposed in 2015, would require industries to create privacy boards overseen by the U.S. Federal Trade Commission (FTC). Also in 2015, the European Union (EU) expects to complete an overhaul of its 1995 Data Protection Directive. The new regulation would strengthen citizen rights such as the so-called right to be forgotten, or erased from data records. 1 Building Data Centers for Today s Data-Driven Economy: The Role of Flash, IDC, July The Digital Universe of Opportunities, IDC, April Data Breach Investigations Report, Verizon, May Cost of Data Breach Study, Ponemon, May
3 Flash Requirements Whether you maintain enterprise data on SSDs or on traditional hard disk drives (HDDs), you need to employ data erasure at key transition points in the data and equipment life cycle, such as when the device which contains the SSD or HDD is repurposed or when it reaches end-of-life and leaves the organization. But data erasure for SSDs presents unique challenges. SSDs are simpler than HDDs in that they don t have moving mechanical parts. They re also smaller, lighter and less power intensive. But from a data erasure perspective, SSDs are more complicated. SSDs apply complex data management schemes to distribute data across their internal memory chips. They also contain a much larger pool of spare, or overprovisioned, memory capacity accessible only by the SSD. (See Figure 1.) These techniques prolong the performance and life of the drive. But they mean that certain data on the drive remains hidden from the host. HARD DISK DRIVE (HDD) SOLID STATE DRIVE (SSD) Now You See It, Now You Don t When do you need data erasure? There are six key situations where data erasure is necessary for enterprise SSD: At Equipment End-of-Life: When a server, storage device or other piece of IT infrastructure is retired, it s either resold or discarded. In either case, any data it contains must be erased so that it doesn t fall into the wrong hands. During Data Migration: Whenever data is moved from one location to another whether from a retired server to a new server or from one virtual machine to another the original data location must be erased. At Data End-of-Life: Many organizations manage virtual machines that are used by a line of business for a particular project that covers a specific period of time. When the project is complete, the data should be not just deleted, but completely erased. DATA #1 DATA #1 Employee Departure: Whenever an employee s DATA #3 DATA #4 contract is terminated or for whatever reason, all devices and drives - whether company-owned or DATA #4 BYOD - must be properly and completely erased. Data Block Old Hidden Data OS Visible Area Figure 1: SSDs apply complex data-management schemes and contain a large pool of spare memory capacity accessible only by the device. What s more, the rapid growth of the SSD market has meant that much of the technology has come to market before the standards have been defined to properly secure the data on them. While HDDs have been standardized by a handful of manufacturers over time, the SSD ecosystem has been proliferated by many different companies, flooding the market with a lot of models that vary in terms of quality and the technology used. While SSD standards are now emerging from the National Institute of Standards (NIST) and other governing bodies, erasure of data on SSDs that are just a few years old may involve various interfaces and command protocols. 3 When a Customer Demands It: In jurisdictions such as the EU, right to be forgotten rules dictate that if consumers ask you to remove their data from your servers, you must comply. It s not enough to simply delete the record; instead, it must be completely expunged. After Disaster Recovery: During a disaster, data is typically recovered at an offsite location. The same is true during disaster recovery exercises. In either case, once production systems are restored, any data left on recovery disks should be erased.
4 Tentative Techniques There are a variety of potential approaches to erasing data on SSDs, but each carries its own risks: Delete and Format Commands: These commands aren t an effective means of sanitizing SSDs. Delete and Format commands can leave data on the device, and that data can potentially be recovered. Degaussing: Degaussing applies magnetic fields to erase HDDs. But SSDs use integrated circuits to store data and these circuits are electrically programmed. Data stored on the NAND flash of an SSD is unaffected by degaussing. Physical Destruction: Destroying an SSD renders it inoperable. But a sophisticated data thief might still be able to recover data from it. 5 And destroying the device obviously lowers return on investment in a device that might otherwise be recycled or resold. Firmware: Firmware-based erasure techniques, such as ATA s Secure Erase, aren t universally reliable for SSDs, because SSD makers haven t adopted a standardized approach to data erasure. 6 Cryptographic Erasure: This approach modifies the key used to encrypt and decrypt data to sanitize the drive. But the data remains on the device. Improper implementation of the cryptographic system can leave the data vulnerable and it may be difficult to verify the sanitization. Live Environment Erasure: Erasure in a live environment may be required at various points in an SSD s life cycle; for example, to remove individual files. Live environment erasure is effective while the device remains in the desktop, laptop, server or data center. But once the device is removed, a sophisticated data thief might still be able to recover the data. So, live environment erasure is secure only till the end of life of the SSD. Traditional Overwriting: As mentioned before, SSDs apply complex data management schemes to distribute data across their internal memory chips. 6 Overwriting techniques designed for HDDs, such as the NIST SP800-88r1 or British HMG Information Assurance (IA) Standard 5, do not reliably remove data from solid state drives. Wear leveling is one reason for this in which data is spread out evenly over different sectors of the SSD to avoid heavy use of specific sectors. For example, if a PDF file should be overwritten, the SSD might decide to overwrite a different sector which does not contain the PDF simply to spare it from overuse. SSDs require specialized data erasure methods that verifiably remove all user data. (See Figure 2.) What You Need for SSD SSD data erasure calls for an enterprise-class data erasure solution specifically designed for solid state storage devices, backed by a solution provider committed to optimizing data erasure for SSDs. Look for these features and characteristics: Reporting: Your SSD data erasure solution should issue an auditable erasure report proving that data was thoroughly removed. The report should provide specific and customizable details such as the serial number of the device, when the device was erased, who performed the erasure and what data was removed. The report should also be digitally signed and stored, and include a change log to ensure its validity. TRADITIONAL ERASURE METHOD CONTROLLER CONTROLLER RECOMMENDED SSD ERASURE METHOD Figure 2: SSDs require specialized data erasure methods that verifiably remove all user data. Erased Area Erased Area 5 Destroying Flash Memory-Based Storage Devices, Steven Swanson, University of California, San Diego, Reliably Erasing Data From Flash-Based Solid State Drives, Michael Wei, et al., University of California, San Diego,
5 Third Party Validation: The solution provider should have its SSD erasure process tested and validated by an independent third party. For example, the Asset Disposal & Information Security Alliance (ADISA) has developed a methodology for testing SSD sanitization software. Only a vendor whose product has undergone recognized forensic testing can definitively claim to offer a solution effective at erasing SSDs. Removal of Freeze Locks: A key aspect of successful SSD erasure is gaining access to the device s internal erasure commands. The BIOS of most modern computers blocks access to these commands with a freeze lock on the drive s security feature set. Unless the freeze lock is removed, it s extremely difficult to conduct the necessary firmware-based erasure that scrubs SSD storage areas not accessible by software. An effective SSD data erasure solution applies automated techniques to remove freeze locks and ensure all data is erased. OEM Cooperation: Because there has been a lack of standards for solid state devices, providers of SSD erasure solutions should collaborate with SSD makers to share knowledge on solid state functionality. This cooperation ensures best practices in SSD security and data erasure. It also means solution providers can validate an OEM s internal erasure processes to ensure they meet the strictest security requirements. Pursuit of Standards: The SSD market requires an erasure standard that specifies erasure techniques designed to meet SSD-specific requirements. Research shows that a single erasure method isn t advisable for SSDs. The standard should specify a multilayered erasure approach that reflects the realities of SSD technology. It should also require the ability to detect any drive faults and perform the most stringent erasure verification. And it should cover processes designed to mitigate erasure false positives to ensure that data is effectively erased from SSDs. As SSDs play an even more prominent role in data centers, traditional servers, laptops and desktops, to name a few, you need to understand the unique data erasure requirements involved. You also need to invest in a data erasure solution specifically designed for SSDs. Doing so can tangibly improve your security profile, ensure compliance with escalating regulations, optimize your return on investment in SSDs, and mitigate the risk of data exposure. Ultimately, effective SSD data erasure will help protect your brand and ensure that IT is supporting your business goals. 5
Challenges and Solutions for Effective SSD Data Erasure
Challenges and Solutions for Effective SSD Data Erasure Blancco White Paper Published 8 October 2013 First Edition Table of contents Introduction...3 The Simplicity And Complexity Of Ssds...4 Traditional
More informationData Sanitization for Data Center Decommissioning
Data Sanitization for Data Center Decommissioning FROM DATA CENTER DECOMMISSIONING TO STORAGE REMARKETING, WE VE GOT YOU COVERED Contents 1 Data Explosion 2 Managing Your Assets 3 Data Breach Central 4
More informationCybersecurity Conference Presentation North Bay Business Journal. September 27, 2016
Cybersecurity Conference Presentation North Bay Business Journal September 27, 2016 1 PRESENTER Francis Tam, CPA, CISM, CISA, CITP, CRISC, PCI QSA Partner Information Security and Infrastructure Practice
More informationCloud Communications for Healthcare
Cloud Communications for Healthcare Today, many powerful business communication challenges face everyone in the healthcare chain including clinics, hospitals, insurance providers and any other organization
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.7)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.7) Directions and Instructions for completing this assessment The answers provided
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationHow to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model
How to Optimize Cyber Defenses through Risk-Based Governance Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model The Goal: Risk-Based Operationalization Incident Management IT/IS
More informationData Destruction Requirements in Today s Hyper-Risk Environment
Data Destruction Requirements in Today s Hyper-Risk Environment The news is pervasive and affects companies worldwide, from small businesses to Fortune 500 enterprises. At any moment your security can
More informationComplete document security
DOCUMENT SECURITY Complete document security Protect your valuable data at every stage of your workflow Toshiba Security Solutions DOCUMENT SECURITY Without a doubt, security is one of the most important
More informationData Erasure Solutions for Data Center and Cloud Computing Security
Data Erasure Solutions for Data Center and Cloud Computing Security Blancco White Paper Published 23 October 2012 Second Edition Table of contents Abstract... 3 The data explosion and information security...
More informationChallenges Managing Self-Encrypting NAND Flash Devices
Challenges Managing Self-Encrypting NAND Flash Devices Sandler Rubin Senior Product Manager, Symantec Corp. Santa Clara, CA 1 Agenda 1 Business Case for Encryption 2 What s Wrong with Self-Encrypting Flash?
More informationCybersecurity and Nonprofit
Cybersecurity and Nonprofit 2 2 Agenda Cybersecurity and Non Profits Scenario #1 Scenario #2 What Makes a Difference Cyber Insurance and How it Helps Question and Answer 3 3 Cybersecurity and Nonprofit
More informationRSA Solution Brief. The RSA Solution for Cloud Security and Compliance
The RSA Solution for Cloud Security and Compliance The RSA Solution for Cloud Security and Compliance enables enduser organizations and service providers to orchestrate and visualize the security of their
More informationefax Corporate for Independent Agent Offices
Overview Within the finance and insurance industries, independent agent offices have traditionally been an effective means for offering standardized services across diverse geographic regions. They provide
More informationSecure Erasure of Flash Memory
Secure Erasure of Flash Memory Adrian Caulfield, Laura Grupp, Joel Coburn, Ameen Akel, Steven Swanson Non-volatile Systems Laboratory Department of Computer Science and Engineering University of California,
More informationMaximizing IT Security with Configuration Management WHITE PAPER
Maximizing IT Security with Configuration Management WHITE PAPER Contents 3 Overview 4 Configuration, security, and compliance policies 5 Establishing a Standard Operating Environment (SOE) and meeting
More informationIn today s business environment, data creates value so it s more important than ever to protect it as a vital business asset
In today s business environment, data creates value so it s more important than ever to protect it as a vital business asset Seagate Secure Reliable Data Protection Solutions Always-on Data Protection
More informationWHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help
WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationAligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy
Aligning Your Organization s Business Units to Achieve a Cohesive Cybersecurity Strategy Orus Dearman, Director, Business Advisory Services, Grant Thornton Johanna Terronez, Senior Manager, Business Advisory
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationBusiness White Paper. Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data
Business White Paper Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Page 2 of 7 Healthcare IT In The Cloud: Predicting Threats, Protecting Patient Data Table of Contents Page 2
More informationAdministration and Data Retention. Best Practices for Systems Management
Administration and Data Retention Best Practices for Systems Management Agenda Understanding the Context for IT Management Concepts for Managing Key IT Objectives Aptify and IT Management Best Practices
More informationBrian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center
Brian S. Dennis Director Cyber Security Center for Small Business Kansas Small Business Development Center What to expect from today: The ugly truth about planning Why you need a plan that works Where
More informationManaging Cybersecurity Risk
Managing Cybersecurity Risk Maureen Brundage Andy Roth August 9, 2016 Managing Cybersecurity Risk Cybersecurity: The Current Legal and Regulatory Environment Cybersecurity Governance: Considerations for
More informationIs Your Payment Card Data Secure Enough?
January 2018 Is Your Payment Card Data Secure Enough? 2018 KUBRA Is Your Payment Card Data Secure Enough? Payment Security Matters In 2007, TJX Companies (which includes TJ Maxx, HomeSense, and Marshalls)
More informationProjectplace: A Secure Project Collaboration Solution
Solution brief Projectplace: A Secure Project Collaboration Solution The security of your information is as critical as your business is dynamic. That s why we built Projectplace on a foundation of the
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIBM Internet Security Systems October Market Intelligence Brief
IBM Internet Security Systems October 2007 Market Intelligence Brief Page 1 Contents 1 All About AIX : Security for IBM AIX 1 AIX Adoption Rates 2 Security Benefits within AIX 3 Benefits of RealSecure
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationSELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats
SELLING YOUR ORGANIZATION ON APPLICATION SECURITY Navigating a new era of cyberthreats Selling Your Organization on Application Security 01 It's no secret that cyberattacks place organizations large and
More informationPONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY
PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY Benchmark research sponsored by Raytheon. Independently conducted by Ponemon Institute LLC. February 2018 2018 Study on
More informationLayer Security White Paper
Layer Security White Paper Content PEOPLE SECURITY PRODUCT SECURITY CLOUD & NETWORK INFRASTRUCTURE SECURITY RISK MANAGEMENT PHYSICAL SECURITY BUSINESS CONTINUITY & DISASTER RECOVERY VENDOR SECURITY SECURITY
More informationThe Data Protection Rule and Hybrid Cloud Backup
The 3-2-1 Data Protection Rule and Hybrid Cloud Backup IT teams are under extreme pressure to improve backup, disaster recovery and data protection to eliminate downtime and facilitate digital transformation.
More informationMastering Data Privacy, Social Media, & Cyber Law
Mastering Data Privacy, Social Media, & Cyber Law Data Breach Notification and Cybersecurity Developments Melissa J. Krasnow, Dorsey & Whitney LLP, and Certified Information Privacy Professional/US 1 State
More informationCyber Security in Smart Commercial Buildings 2017 to 2021
Smart Buildings Cyber Security in Smart Commercial Buildings 2017 to 2021 Published: Q2 2017 Cyber Security in Smart Buildings Synopsis 2017 This report will help all stakeholders and investors in the
More informationDon t Be the Next Headline! PHI and Cyber Security in Outsourced Services.
Don t Be the Next Headline! PHI and Cyber Security in Outsourced Services. June 2017 Melanie Duerr Fazzi Associates Partner, Director of Coding Operations Jami Fisher Fazzi Associates Chief Information
More informationImplementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide
Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide Securing sensitive client and company data is becoming an IT task of paramount importance. Often
More informationWelcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time
TM Plan. Protect. Respond. Welcome to the CyberSecure My Business Webinar Series We will begin promptly at 2pm EDT All speakers will be muted until that time Registration is open for the April webinar:
More informationAIRMIC ENTERPRISE RISK MANAGEMENT FORUM
AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business
More informationGlobal Security Consulting Services, compliancy and risk asessment services
Global Security Consulting Services, compliancy and risk asessment services Introduced by Nadine Dereza Presented by Suheil Shahryar Director of Global Security Consulting Today s Business Environment
More informationCybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016
Cybersecurity: Considerations for Internal Audit Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016 Agenda Key Risks Incorporating Internal Audit Resources Questions 2 San Francisco
More informationPOWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT
POWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT Network downtime is a business disrupter, cutting off communication between employees and customers, bringing service delivery to a halt. Yet all
More informationPreventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence
Preventing Corporate Espionage: Investigations, Data Analyses and Business Intelligence Presented by Keith Barger and Audra A. Dial March 19, 2014 2014 Kilpatrick Townsend & Stockton LLP Protection of
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationData Erasure Software Changes
Data Erasure Software Changes Current Process Permanent data erasure goes beyond basic file deletion and format commands which only remove part of the information stored on a device. The Secure Data Erasure
More informationPC-Disable Delivers Intelligent Client-Side Protection for Lost or Stolen Notebooks
White Paper PC-Disable Delivers Intelligent Client-Side Protection for Lost or Stolen Notebooks Absolute Software* 1 and Intel deliver a new level of theft deterrence and data defence through integrated
More informationCYBER SECURITY WORKSHOP NOVEMBER 2, Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services
0 CYBER SECURITY WORKSHOP NOVEMBER 2, 2016 Anurag Sharma [CISA, CISSP, CRISC] Principal Cyber & Information Security Services VIDEO: CAN IT HAPPEN TO ME? 1 2 AGENDA CYBERSECURITY WHY SUCH A BIG DEAL? INFORMATION
More informationRun the business. Not the risks.
Run the business. Not the risks. RISK-RESILIENCE FOR THE DIGITAL BUSINESS Cyber-attacks are a known risk to business. Today, with enterprises becoming pervasively digital, these risks have grown multifold.
More informationThe Impact of Cybersecurity, Data Privacy and Social Media
Doing Business in a Connected World The Impact of Cybersecurity, Data Privacy and Social Media Security Incident tprevention and Response: Customizing i a Formula for Results Joseph hm. Ah Asher Marcus
More informationThe simplified guide to. HIPAA compliance
The simplified guide to HIPAA compliance Introduction HIPAA, the Health Insurance Portability and Accountability Act, sets the legal requirements for protecting sensitive patient data. It s also an act
More informationInformation Security in Corporation
Information Security in Corporation System Vulnerability and Abuse Software Vulnerability Commercial software contains flaws that create security vulnerabilities. Hidden bugs (program code defects) Zero
More informationIs Your Compliance Strategy Putting Your Business at Risk?
Is Your Compliance Strategy Putting Your Business at Risk? January 20, 2015 2015 NASDAQ-LISTED: EGHT Today s Speakers Michael McAlpen Exec. Dir. of Security & Compliance, 8x8, Inc. David Leach Business
More informationTRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED SECURITY CONTROLS
SOLUTION BRIEF TRIPWIRE VIA PLATFORM PROTECTING YOUR DATA WITH INTEGRATED CONTROLS..: Tripwire security controls capture activity data from monitored assets no matter if you rely on physical, virtual,
More informationBalancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld
Balancing Compliance and Operational Security Demands Nov 2015 Steve Winterfeld What is more important? Compliance with laws / regulations Following industry best practices Developing a operational practice
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationVMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment
VMware vcloud Air Network Service Providers Ensure Smooth Cloud Deployment RELIABLE, FAMILIAR INFRASTRUCTURE BACKED BY VMWARE AND DELIVERED THROUGH PARTNERS HELPS OPTIMIZE CLOUD INVESTMENTS AS ENTERPRISES
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationDesigning Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America
Designing Secure Storage for the Cloud Jesus Molina Fujitsu Laboratories of America Introduction Trusted Computing and Cloud Overview of Trusted Computing CSA guidelines and TCG standards Trusted Storage
More informationEnhancing Security With SQL Server How to balance the risks and rewards of using big data
Enhancing Security With SQL Server 2016 How to balance the risks and rewards of using big data Data s security demands and business opportunities With big data comes both great reward and risk. Every company
More informationBenefits of Open Cross Border Data Flows
/SMEWG41/039 Agenda Item: 16.3 Benefits of Open Cross Border Data Flows Purpose: Information Submitted by: United States 41 st Small and Medium Enterprises Working Group Meeting Iloilo, Philippines 23-24
More informationWill your application be secure enough when Robots produce code for you?
SESSION ID: ASD-W02 Will your application be secure enough when Robots produce code for you? Hasan Yasar Technical Manager, Faculty Member SEI CMU @securelifecycle With the speed of DevOps It is me! I
More informationAbsolute DDS Data & Device Security Otto Eberstein
Absolute DDS Data & Device Security Otto Eberstein Regional Director EMEA Sales & Alliances WHAT WE DO Absolute provides persistent endpoint security and data risk management solutions for computers, tablets,
More informationFlorida Government Finance Officers Association. Staying Secure when Transforming to a Digital Government
Florida Government Finance Officers Association Staying Secure when Transforming to a Digital Government Agenda Plante Moran Introductions Technology Pressures and Challenges Facing Government Technology
More informationA QUICK PRIMER ON PCI DSS VERSION 3.0
1 A QUICK PRIMER ON PCI DSS VERSION 3.0 This white paper shows you how to use the PCI 3 compliance process to help avoid costly data security breaches, using various service provider tools or on your own.
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationHIPAA Compliance and OBS Online Backup
WHITE PAPER HIPAA Compliance and OBS Online Backup Table of Contents Table of Contents 2 HIPAA Compliance and the Office Backup Solutions 3 Introduction 3 More about the HIPAA Security Rule 3 HIPAA Security
More informationCritical Security Controls. COL Stef Horvath MNARNG Oct 21, 2015
Critical Security Controls COL Stef Horvath MNARNG Oct 21, 2015 Agenda Security Controls the Good, the Bad, the Ugly Emerging Security Controls Critical Security Controls Methodology and Contributors Supporting
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCompliance in 5 Steps
Email Compliance in 5 Steps Introduction For most businesses, email is a vital communication resource. Used to perform essential business functions, many organizations rely on email to send sensitive confidential
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance Context and Alignment Policy 4.1 4.4 800-26 164.308 12.4 EDM01 IT Governance Policy 5.1 800-30 12.5 EDM02 Leadership Mergers and Acquisitions Policy A.6.1.1 800-33 EDM03 Context Terms and Definitions
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationEnhancing the Cybersecurity of Federal Information and Assets through CSIP
TECH BRIEF How BeyondTrust Helps Government Agencies Address Privileged Access Management to Improve Security Contents Introduction... 2 Achieving CSIP Objectives... 2 Steps to improve protection... 3
More informationData Security: Public Contracts and the Cloud
Data Security: Public Contracts and the Cloud July 27, 2012 ABA Public Contract Law Section, State and Local Division Ieuan Mahony Holland & Knight ieuan.mahony@hklaw.com Roadmap Why is security a concern?
More informationHow unified backup and cloud enable your digital transformation success
Key Considerations for Data Protection and Cloud on Your Digital Journey How unified backup and cloud enable your digital transformation success An IDC InfoBrief, Sponsored by February 2018 1 Digital Transformation
More informationSPECIAL REVIEW - SURPLUS COMPUTER EQUIPMENT DATA REMOVAL SPECIAL REPORT OCTOBER 2003
SPECIAL REVIEW - SURPLUS COMPUTER EQUIPMENT DATA REMOVAL SPECIAL REPORT OCTOBER 2003 AUDIT SUMMARY We found sensitive information such as vaccination records, personnel records, credit card numbers, and
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationFIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication
FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication Jeremy Grant Managing Director, Technology Business Strategy Venable LLP jeremy.grant@venable.com @jgrantindc Digital: The Opportunity
More informationGDPR Compliance. Clauses
1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The
More informationGuardTower TM White Paper. Enterprise Security Management Systems
GuardTower TM White Paper Enterprise Security Management Systems 2 1 Table of Contents 1 Table of Contents... 2 2 Introduction... 3 3 Enterprise Security Management Systems... 3 3.1 ESMS Architectures...
More informationSQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY
SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY THE INTERSECTION OF COMPLIANCE AND DIGITAL DATA Organizations of all sizes and shapes must comply with government and industry regulations.
More informationSECURITY STATE OF THE INDUSTRY
SECURITY STATE OF THE INDUSTRY An Interview with Stephen Treglia JD, HCISPP, HIPAA Compliance Officer, Investigations Section, Absolute OVERVIEW The health sector is rapidly adopting new technologies,
More informationWeighing in on the Benefits of a SAS 70 Audit for Third Party Administrators
Weighing in on the Benefits of a SAS 70 Audit for Third Party Administrators With increasing oversight and growing demands for industry regulations, third party assurance has never been under a keener
More informationMultiPlan Selects CyrusOne for Exceptional Colocation and Flexible Solutions
CASE STUDY MultiPlan Selects CyrusOne for Exceptional Scalable, secure and reliable data center solution keeps healthcare company operating seamlessly MultiPlan Inc., the industry s most comprehensive
More informationThe Honest Advantage
The Honest Advantage READY TO CHALLENGE THE STATUS QUO GSA Security Policy and PCI Guidelines The GreenStar Alliance 2017 2017 GreenStar Alliance All Rights Reserved Table of Contents Table of Contents
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationGoogle Cloud Whitepaper September Data deletion on Google Cloud Platform
Google Cloud Whitepaper September 2018 Data deletion on Google Cloud Platform Table of contents Overview 3 CIO-level summary 3 Introduction 4 Data storage and replication 5 Secure and effective data deletion
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationEffective Cyber Incident Response in Insurance Companies
August 2017 Effective Cyber Incident Response in Insurance Companies An article by Raj K. Chaudhary, CRISC, CGEIT; Troy M. La Huis; and Lucas J. Morris, CISSP Audit / Tax / Advisory / Risk / Performance
More informationChecklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)
Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP) ecfirst, chief executive Member, InfraGard Compliance Mandates Key Regulations
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationProtecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014
Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented
More informationGuide: HIPPA Compliance. Corporate HIPAA Compliance Guide. Privacy, productivity and remote access. gotomypc.com
: HIPPA Compliance GoToMyPC Corporate HIPAA Compliance Privacy, productivity and remote access 2 The healthcare industry has benefited greatly from the ability to use remote access to view patient data
More informationSMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE
SMALL BUSINESS CYBERSECURITY SURVIVAL GUIDE Small business cybersecurity survival guide By Stephen Cobb, ESET Senior Security Researcher Computers and the internet bring many benefits to small businesses,
More informationVendor Security Questionnaire
Business Associate Vendor Name Vendor URL Vendor Contact Address Vendor Contact Email Address Vendor Contact Phone Number What type of Service do You Provide Covenant Health? How is Protected Health Information
More informationCybersecurity The Evolving Landscape
Cybersecurity The Evolving Landscape 1 Presenter Zach Shelton, CISA Principal DHG IT Advisory Zach.Shelton@DHG.com Raleigh, NC 14+ years of experience in IT Consulting 11+ years of experience with DHG
More informationTHALES DATA THREAT REPORT
2018 THALES DATA THREAT REPORT Trends in Encryption and Data Security U.S. FEDERAL EDITION EXECUTIVE SUMMARY #2018DataThreat THE TOPLINE Federal agency data is under siege. Over half of all agency IT security
More information