Home
.
.
.
Whitepapers
.
Whitepapers
Data Leakage Landscape: Where Data Leaks and How Next Generation Tools Apply
Data protection programs at most organizations are concerned with protecting sensitive data from external malicious attacks, relying on technical controls that include perimeter security, network/wireless surveillance and monitoring, application and point security management, and user awareness and education.
But what about inadvertent data leaks that aren’t so sensational, for example unencrypted information on a lost or stolen laptop/USB or other device? Like the steady drip from a leaking faucet, everyday data leaks are making headlines more often than the nefarious attack scenarios around which organizations plan most, if not all, of their data leakage prevention methods.
However, to truly protect their critical data, organizations also need to plan a more data-centric approach to their security programs to protect
against leaks that occur everywhere sensitive data lives, rests or is used.
In this paper, the different leakage points are mapped with regulations and best practices.
Legal aspects of security for mobile PCs and data media
The number of legal standards for IT security has increased considerably world-wide. The consequences for companies and their associates are significant: higher liability risks, the increased likelihood of claims for damages or even fines, the possible loss of insurance, the risk of having reduced creditworthiness or the refusal of qualified auditors to issue certification. Nowadays, it is increasingly commonplace for sensitive data, and often large amounts of it, to be stored on notebooks and mobile data media. Protecting the sensitive data that is stored on notebooks and mobile data media is therefore a critical element of IT security. This white paper is intended to support companies when they plan protection measures for sensitive data. It provides an overview of the current legal standards - with emphasis on the USA and Germany - and describes the legal requirements that concern the protecting of data against misuse. It also recommends the most suitable security mechanisms that can be used to provide protection. Finally this document outlines how effective security measures can be implemented using the SafeGuard product family from Utimaco, in particular, SafeGuard Easy.
Security for mobile PCs and data media
The planning and implementation of security measures used to protect mobile PCs and data media is always performed in a complex environment. The people who are responsible for IT security in companies must take into account a multitude of organizational and technical aspects. This white paper is designed to help them in this process. It describes the typical demands for an effective and efficient means of protecting mobile PCs and data media used in companies and can therefore provide a way of supporting decision-makers in specifying their own requirements for a (new) security solution. This document also introduces SafeGuard Easy, one of Utimaco's products, which fulfills all the requirements a company could have for protecting mobile PCs and data media.
Do "standard OS tools" meet your needs of security?
Modern PCs, notebooks and desktops running Windows XP offer a multitude of options to provide a certain level of security "out of the box". Many companies use them to protect their clients. The document is intended to help companies determine the extent to which a solution that uses "standard tools" can meet their security requirements. The "checkpoints" contain a selection of the requirements that Utimaco has recognized as important over its more than 20 years of experience in providing IT security for companies. For each requirement the "standard tools solution" is compared with the solution that SafeGuard Easy offers. The solution has been specially developed for protecting mobile PCs and data media against misuse.
File security as a factor in organisation's success
Today, almost every company, public authority or non-profit organisation has PC workstations on which information that should not be accessed by unauthorized persons is available in data files. However, it seems almost impossible to control the utilisation and distribution of internal company data in modern IT environments. It is already difficult enough to restrict the company's own, legitimate users' access to the necessary files, but even more demands are being made on data security. In addition, since users are not conscious of these risks, they cannot be expected to participate fully when it comes to storing sensitive and valuable data properly. For this reason solutions are required that provide data with automatic protection against unauthorized access, without any user interaction. This paper describes the necessity to implement solutions for file encryption, and the demands made on security mechanisms, and describes the implementation process, using a solution that has been proven in practice as an example.
Security aspects and technologies for data security on PDAs
As Personal Digital Assistants (PDAs) become more powerful computers and merge with wireless technology, new means are necessary to ensure security of such devices as well as the enterprise network they are participating in. Not all traditional security concepts known from workstations today apply equally to mobile devices. Besides technological topics also some organizational issues need to be addressed when preparing for security concepts in the mobile working world. This whitepaper discusses some of these issues to inform about threats and possible security solutions on this new generation of computing devices.
Plug and Play devices: intelligent access control
The Plug and Play (PnP) concept offers simple and convenient hardware handling. Protocols supporting this approach are amongst others USB, Firewire or Bluetooth. However, what seems to be a desirable goal with respect to efficient usage of peripheral hardware, gives security conscious companies and their administrators a headache, since PnP introduces a security problem that can't be solved out of the box. As the operating system itself does not offer the possibility to enforce a usage policy on PnP devices, specialized products from third party vendors need to come into play to fill this gap. Learn more about chances and risks of Plug and Play devices.
Creating a trustworthy environment on windows computers
The IT infrastructures of today are often a complex network of machines and related software. Maintaining a consistently high level of security and trust in the integrity of these machines can prove a difficult task. Often the latest technologies offered by operating systems and compilers (e.g. .NET) cannot be used to their full advantage since many older legacy applications need to be supported, or simply not all existing machines can be upgraded in time due the problems of costs and logistics. The document describes how SafeGuard Advanced Security realizes a 3-dimensional control for security objects (user, data and application) and thus guarantees a consistent enterprise wide security policy, even in mixed Windows environments.
SafeGuard MailGateway: the central post office
The e-mail exchange is the most used internet application. The electronic exchange of information within a company does not necessary reflect its specific organizational structure. For some procedures, possibly bearing far-reaching consequences, it should be handled this way. The usage of encrypted and/or signed e-mails is absolutely imperative, especially with regard to representation arrangements, processing of documents distributed to several people or issuing of receipts. But cryptographic operations can constrict the workflow, especially if bound to single persons or workplaces. That is the starting point of the SafeGuard MailGateway concept. More information about the concept in our attached white paper.
