1

Encryptie:

Zo doen wij het21 juni 2016Erik Remmelzwaal, CEO | erik@dearbytes.nl

6/21/16

OPENBAAR

2

GoToWebinar

§ Vragen?

– Mondeling: Raise Hand

– Schriftelijk: Questions

6/21/16 OPENBAAR

3

Business Case

Encryptie voorkomt negatieve publiciteit

6/21/16 OPENBAAR

4

Meldplicht datadinges voor bestuurders

6/21/16 OPENBAAR

Pag 11:

Enz, enz, enz….

Pag 34:

Bron: https://autoriteitpersoonsgegevens.nl/sites/default/files/atoms/files/beleidsregels_meldplicht_datalekken.pdf

5

Nog duidelijker: management summary

6/21/16 OPENBAAR

6

Restrisico?

6/21/16 OPENBAAR

7

Zo versleutelen wij

Disk & File Encryptie

6/21/16 OPENBAAR

8

Oplossingen§ Classificatie

– Location based à FRP zelf– Policy based (bijv extensie) à DLP + FRP

§ File / Folder Encryptie– McAfee File & Removable Media Protection– Windows & Mac OS X

§ Drive Encryptie– McAfee Drive Encryption OF:– McAfee Management for Native Encryption

§ ePolicy Orchestrator– Policy enforcement altijd overal

6/21/16 OPENBAAR

9

Use Case Klant Data“Hoe beveiligen jullie onze data in jullie netwerk?”

§ Mappen structuur:– \\server\share\Protected Data\ (klanten map)

§ Usergroup in Domein:– “Access to Protected Data”

§ McAfee File & Removable Media Protection:– Key per klant– Assigned aan teamleden– Auto encrypt data met juiste key in juiste klanten map

6/21/16 OPENBAAR

10

Netwerk Encryptie

6/21/16 OPENBAAR

.

Intel Security Confidential11

Shadow ITProtecting Data Moving To/From the Cloud

Uploading Downloading

12

Cloud Encryptie

6/21/16 OPENBAAR

13

Disk Encryptie

§ Native Encryption:– Apple FileVault / Microsoft

BitLocker– Managed from ePO– Compliance

§ McAfee Drive Encryption:– Microsoft Windows– Intel AES-NI– Security

6/21/16 OPENBAAR

.

Use Drive Encryption for Enterprise-Grade Encryption for Highest Level of Protection and Security Policy Enforcement • Near Native Performance makes encryption

nearly imperceptible to End Users• Certified to FIPS 140-2, Common Criteria EAL2+,

Intel AES-NI• Best Reporting Dashboard proof of encryption,

compliance reporting• Failure Prevention with drive health inspections,

ongoing health monitoring and alerting• Accelerates Existing System Build Processes • Single Console, highly integrated, with enterprise

grade scalability, managed by ePO• Automatic Protection monitors environment,

encrypts new systems as they come online to enforce security policies

Endpoint Assistant App

ePO Deep Command

File & Removable Media Protection

Management of Native Encryption

Drive Encryption

DLP Endpoint & Device ControlWindows

Drive Encryption Use Case:“I need the most security and have specific policies to enforce.”

Management of Native Encryption Use Case: “I just want basic, simple encryption for compliancy.”

14

Use MNE to manage Microsoft BitLocker & Apple FileVault Encryption for Compliance List Check Off and BYOD Deployment• Manage Microsoft BitLocker for Windows• Manage Apple FileVault for Macs• Easy Deployment of MNE from ePO • BYOD Mode for just monitoring encryption status• Full Management Mode to not only monitor status, but

manage keys, develop workflows, implement security policies, etc.

• For Windows Systems: no need for Microsoft BitLocker Administration and Management (MBAM) Server and Software. ePO can manage all your security software and policies. MNE is simpler and reduces TCO

WindowsMacs

Applicable Suites: CDA, CDB, CDE, CEBOPENBAAR

.

Management of Native Encryption (MNE) Great Administrative Experience

ON/OFF type Security Policy

in one click

showing you everything you need at a glance

DB

used wherever possible

“FileVault”“BitLocker”

OPENBAAR

.

Microsoft BitLocker Management Made Simple

McAfee Management of Native Encryption enables IT admins to manage the native encryption solution of Windows using BitLocker, directly from McAfee ePO software.

OPENBAAR

17

Endpoint Assistant

1. Password recovery method tbv Drive Encryption

2. Secure Access cloudstorage (Box, Dropbox, Google Drive, OneDrive)

6/21/16 OPENBAAR

.

Reference Guide: Complete Data Protection & Encryption

McAfee Complete Data Protection – Advanced

(CDA)

McAfee Complete Data Protection

(CDB)

McAfee Complete Data Protection – Essential

(CDE)

Data Loss Prevention Data Loss Prevention Endpoint ü

Device Control ü

Full Disk EncryptionDrive Encryption – for Windows ü ü

Management of Native Encryption – for FileVault & BitLocker ü ü ü

File, Folder & Removable MediaFile & Removable Media Protection - for Windows ü ü ü

Management and Intel vPro SupportePO Deep Command – for Intel vPro and Intel AMT ü ü

ePolicy Orchestrator – deployed on ePO Server only ü ü ü

End User Password Recovery AppEndpoint Assistant App* – for iOS and Android ü ü ü

* Endpoint Assistant App available Q4 ’15 for CDE

The McAfee Complete Data Protection – Essential Suite provides basic native encryption management for data-at-rest by managing BitLocker, supplied with Microsoft Windows and management of FileVault, native encryption of Mac OS X. Both solutions are certified for FIPS 140-2 and Common Criteria EAL4+. The suite includes encryption for files/folders & removable media. The suite thus helps you establish and enforce a data protection policy for PCs, Macs, File and Folders, CDs, DVDs and removable FLASH drives, centralizing data security management using McAfee ePolicy Orchestrator (ePO) software, providing a key component to help meet compliancy.

19

Meer resources (FRP)§ Intel Security Community:

– Google: “McAfee FRP expert center”– https://community.mcafee.com/community/business/expertcenter/products

/frp

§ Videos:– How to encrypt USB removable media?

https://www.youtube.com/watch?v=FEISVZVtrF0

– How to use FRP to encrypt files sent to the cloud? https://www.youtube.com/watch?v=jZq8aqaNIdE

– How to use FRP to encrypt files over the network? https://www.youtube.com/watch?v=1xas9S-YWBY

6/21/16 OPENBAAR

20

Encryptie:

Zo doen wij het21 juni 2016Erik Remmelzwaal, CEO

6/21/16

OPENBAAR