Data Security: Privacy Laws and Compliance
It is essential to implement a technology that both securely encrypts the data, and has a verifiable audit trail so that in the event of a breach it can be readily proven that proper encryption protection was implemented on the affected device or data. When correctly designed and implemented, this can effectively secure data, while not interfering with end-users’ day-to-day operations. More importantly, policies can be enforced upon the end-user, thus ensuring compliance.
OMB M-06-16 may have established the mandate for encryption, but it did not release security groups from the need to manage federal information resources responsibly and efficiently as established in OMB Circular A-130, among other places. The temptation might be for a group to look for and purchase the cheapest possible technology that accomplishes the encryption requirement, however; we know that the initial technology purchase is only a small evident part of the expenses to be incurred. Costs of integration, maintenance and administration all contribute to the total cost of owning a piece of technology. To truly be responsible with the taxpayer’s money, a federal information security program needs to be sure the solution they purchase will
integrate inexpensively with enterprise directories, public key infrastructures, strong authentication systems and management. Both the technology and the people affected need to be considered in the short-term and long-term.
When we look at the list of reported security incidents in the United States, we can see that in September of this year alone, there was a case of identity theft almost every day.4 The ease and frequency of this criminal activity is largely due to the fact that companies have not taken reasonable measures to protect information.
SafeBoot: Vendor-of-Choice for Data Encryption
SafeBoot integrates with a dizzying array of enterprise-class directories, public key infrastructures and strong authentication
systems out of the box. With SafeBoot’s expertise in building
connectors for so many platforms, custom and even uncommon implementations are a snap to integrate. Similarly, the SafeBoot Management Center reduces costs by placing all the necessary tools needed by administrators right at their fingertips:
1. Upgrading and patching clients is quick and easy with SafeBoot’s dynamic update technology;
2. Robust auditing features can prove that a specific computer was fully encrypted at the time of loss; and
3. Running reports that prove data is protected and encrypted requires minimal time to generate with SafeBoot’s report engine, keeping administrative costs very low.
Beyond NIST FIPS 140-2 and Common Criteria EAL 4 certifications, as well as low cost of ownership, SafeBoot encrypts not only the entire disk, as mandated by OMB M-06-16, but also offersproducts that encrypt USB flash drives or prevent their use entirely. In addition, SafeBoot can encrypt CDs and other removable media to protect data from being exchanged. SafeBoot provides products to selectively encrypt files and folders, both manually and according to policies set in the central management system.
The SafeBoot suite of mobile data security solutions protects data, devices and networks against the risks associated with loss, theft and unauthorized access, anytime and anywhere. SafeBoot is the vendor-of-choice for leading global organizations and provides them with powerful encryption and strong access control technologies that seamlessly integrate with existing enterprise systems. SafeBoot’s centralized management capabilities provide organizations with operational efficiency and ensure
the lowest possible total-cost-of-ownership. For more information, visit
www.safeboot.com1 www.privacyrights.org
2 Information Week
3 USA Today
4 www.privacyrights.org/ar/ChronDataBreaches.htm