Choosing a Full Disk Encryption solution A simple first step in preparing your business for GDPR
beinformed Understand the impact Under GDPR, your organisation is required to protect data stored on devices, so encryption is a good place to start. This guide will help you understand the role of Full Disk Encryption in your data protection and GDPR strategies. One Full Disk Encryption product may not be like another and that s more important than you might think. A solution s suitability depends on a range of factors, including the nature of your organisation, your existing IT environment, and the influence of GDPR on your business. Traditional file encryption operates on a granular level. It requires users to manually encrypt individual files making it inherently less secure, and demanding active, ongoing user management. This guide presents some key considerations for a Full Disk Encryption product, and offers a better solution for data security. Data encryption is a simple first step in preparing your business for GDPR - let s get going. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 2
beprotected Identify the challenge The way your organisation collects, stores and manages information is about to change. Under the GDPR s new definition, Personally Identifiable Information (PII) includes not only names, addresses and financial information, but content like photographs and IP addresses. You re obligated to protect this data. There are penalties in the event of a security breach, but you can reduce your liability for them. Encryption should be supported by an audit trail proof that your organisation has deployed and is managing its encryption process. As an SME, you might not be required to appoint a Data Protection Officer (DPO), so you need a Full Disk Encryption solution that is easily managed, and does not impact device performance or user experience. In order to get the best solution for your organisation, you need to fully consider your requirements. In the next section of this guide, we ll take you through the key considerations for a Full Disk Encryption solution. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 3
beconfident Consider your requirements Ease of implementation Data encryption should be an easy first step, so make sure you find an encryption product that is simple for IT administrators to deploy remotely. Some free and open-source products require physical access to the device to be deployed. In instances where you have a lot of users, or employees who work remotely, implementation of these solutions can be resource intensive. Best practice authentication Any good Full Disk Encryption solution will feature a robust and flexible authentication capability. Multi-factor authentication requires more than one layer of verification for users to log on. This is best practice under GDPR, but security can also be bolstered by forced periodic password updates. You will need to consider how a Full Disk Encryption solution will fit into your existing processes. If your environment is relatively complex, you ll want to ensure your chosen product can easily merge multiple Active Directory domains. If you ve got more than one employee using a device, check your product supports multiple users some free solutions don t, and sharing a password between employees creates unnecessary weak points in your digital security. Efficient ongoing management The main cost of encryption is often not the software, but the ongoing administration. To ensure complete control without massive cost, choose a product with usable and robust management features, and central administrator control. A good credential management capability is essential centrally create and delete accounts as users come and go, and ensure employees can t take sensitive data with them. Choose a solution that enables management from a single platform. Many OS or device vendors don t offer this, yet it s essential for streamlined management of multiple users and devices. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 4
Compatibility with your IT environment Make sure your solution is compatible with the devices, platforms and applications already in use across your organisation. Consider if users prefer a mix of Windows and OS X, hard drives use disk utilities and asset management programs, or employees use Virtual Private Networks (VPN) for network access. Most important, remember that technology is always evolving. Your encryption solution of choice should be ready to adapt to whatever changes your organisation might undertake. Minimal end user impact Consider how your Full Disk Encryption impacts performance you don t want security getting in the way of productivity by making a device take longer to boot. Single sign-in is a key indicator of efficiency. If it takes more than one password for a user to log on, you increase the risk of them making a note of their details, which defeats the whole point. The best products can link pre-boot and Windows authentication so that the user only needs to sign in once. Compliance and auditability Full Disk Encryption has a very important part to play in preparing your business for GDPR. Ensure any product you deploy has third party certifications in line with any regulations your organisation is bound by. And make sure your solution allows you to maintain a detailed audit trail, if your compliance needs to be proven. The most stringent industry standards include FIPS 140-2 and Commercial Product Assurance (CPA). But also, judge a prospective solution by its clients if they hold security in as high regard as you expect to, you can build a picture of their suitability in your organisation. Eliminating data leakage Full Disk Encryption defends data in the event it is leaked, but consider the supporting measures you ll take to ensure data isn t stolen in the first place. With a product as part of a broader offering, you can take control of your data monitoring the way it moves through your organisation, and identifying points of weakness in the saving and sharing processes across media and devices. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 5
beencrypted Choose the solution Now you have a good understanding of what to look for in Full Disk Encryption solutions, it s time to choose what s best for your organisation. Disk Protect the Full Disk Encryption solution from Becrypt is the easy-to-implement solution for your GDPR data encryption needs. It allows you to deploy for your organisation with little fuss, and the best thing is, you don t need to be an expert in data encryption. With Becrypt s UK based support centre, you can easily call for practical advice and next steps. 33% of IT practitioners believe that the number of insecure mobile devices in the workplace is increasing significantly * Disk Protect encrypts data on PCs, laptops, tablets and servers. The process is invisible to the user data on the hard drive is encrypted with no impact on device performance or user experience. Even if the device is stolen, the content is secure. Full Disk Encryption even creates more time for business development. Deployment is zero-touch, and management, auditing and reporting are centralised from just one console. With encryption from Becrypt, you re taking a simple first step towards preparing your business for GDPR. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 6
beincontrol Realise the opportunity Deploy with zero-touch. Disk Protect can be set up and managed from one portal on a single device, for mass deployment across your organisation. Implement with ease. Initial encryption doesn t delete any existing data though we do recommend keeping your data backed up at all times. Enforce authentication. Whether through local policy in the standalone variant, or a server-based policy in the managed variant. With an Active Directory domain, Disk Protect supports single sign-on. Support multiple users. A single Disk Protect device supports up to 25 pre-boot users. In the managed variant, all users can be provisioned and administered remotely via the management console. Decommission safely. Disk Protect s secure wipe function destroys essential data, rendering the device unbootable and ensuring that any user data it contains is inaccessible. Protect device recovery. If a user forgets their password, a dynamically generated challenge code is used by a Service Desk operator to generate a response code. The user enters this into the computer to gain temporary access, and set a new password. Receive automatic patches. To keep your organisation ahead of the latest digital security threats, Disk Protect checks for, receives and applies patches and updates automatically. Control your policy. Configurable settings include password policy (expiry, length, complexity, etc.), password management and user account management. Becrypt GDPR Buyer s Guide www.becrypt.com/gdpr 7
besupported Take a simple first step With over 15 years experience of helping governments and organisations secure their valuable data, Becrypt has a long heritage of providing enterprise data protection solutions to the most security conscious organisations. GDPR demands we all improve security practices and ensure transparency. Disk Protect Becrypt s Full Disk Encryption solution helps make this possible. Deployment is zero-touch, and management, auditing and reporting are centralised. With encryption from Becrypt, you re taking a simple first step towards preparing your business for GDPR. Find out how Becrypt can help secure data in your organisation www.becrypt.com/gdpr info@becrypt.com * State of the Endpoint Report; Ponemon Institute, 2016