1. Protecting Data at Rest Through Encryption CIO Summit November 30, 2007

2. Topics Portable devices and data security issue Portable devices and data security issue What we did What we did Why we did it that way Why we did it that way Benefits of collaboration Benefits of collaboration Services offered Services offered

3. What’s the problem? Data on small portable devices Data on small portable devices –Laptops –USB drives, CDs, DVDs, portable hard disks Easy to lose and steal Easy to lose and steal Often hold confidential or sensitive data Often hold confidential or sensitive data Loss or theft can cost big $ Loss or theft can cost big $ Have to assume if data is gone it could be used illicitly. Have to assume if data is gone it could be used illicitly.

4. Addressing the Problem Protect “data at rest” Protect “data at rest” –If a device is lost or stolen, must know, with certainty, the data can not be read –Does not address other problems like data in transit –Requires more than authentication and authorization controls Provide other controls, including user education Provide other controls, including user education

5. What We Did Established enterprise-wide standards requiring encryption of laptop computers and removable storage devices Established enterprise-wide standards requiring encryption of laptop computers and removable storage devices Worked together to test products and select a common solution Worked together to test products and select a common solution Providing centralized services so many departments use the same server, support, recovery, etc. Providing centralized services so many departments use the same server, support, recovery, etc.

6. Laptop Encryption Full disk, pre-boot, AES 256, centrally managed, remotely supportable Full disk, pre-boot, AES 256, centrally managed, remotely supportable Server handles key management, distributes software, provides recovery services and logs activities Server handles key management, distributes software, provides recovery services and logs activities If a laptop is lost or stolen, a log will show the laptop was encrypted If a laptop is lost or stolen, a log will show the laptop was encrypted

7. Encryption Software The interdepartmental evaluation team selected SecureDoc software from WinMagic Corporation because: The interdepartmental evaluation team selected SecureDoc software from WinMagic Corporation because: –Meets all requirements –Provides flexible and simple management –Has remote support and recovery features –Includes features to encrypt portable media –Coincidentally: already used at one dept.

8. DAS-ITE Encryption Services Offering two services to customers: Offering two services to customers: –Infrastructure Use of a central encryption server Use of a central encryption server Use of communications links to reach server both locally and remotely Use of communications links to reach server both locally and remotely Key management, backup, disaster recovery, hardware and software maintenance, etc. Key management, backup, disaster recovery, hardware and software maintenance, etc. –“Full Service” Above services plus Level 1 user support Above services plus Level 1 user support

9. Local Government Opportunities Purchase off state contract Purchase off state contract –$58.50 per laptop for 3 years –Includes software maintenance and updates –Includes removable storage encryption Use DAS-ITE encryption services Use DAS-ITE encryption services –Infrastructure only –Full Service

10. For More Information Contact: Greg Fay 515-281-4820 515-281-4820 greg.fay@iowa.gov greg.fay@iowa.gov greg.fay@iowa.gov