1 / 9

Lessons Learned from Sandia's Encryption Implementation: Challenges and Solutions

This report outlines the experiences of Sandia National Laboratories in implementing encryption solutions for mobile devices. It highlights the objective of protecting sensitive data, meeting cybersecurity requirements, and the specific solutions evaluated, such as Credant Mobile Guardian and FileVault for various operating systems. The challenges encountered—ranging from hardware compatibility issues, inefficient initial encryption times, and immature enterprise management solutions—are discussed. This summary offers valuable insights into encryption practices and the importance of robust key management and reporting capabilities.

mohawk
Télécharger la présentation

Lessons Learned from Sandia's Encryption Implementation: Challenges and Solutions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lessons learned during Sandia’s encryption implementation NLIT 2009 May 2008 Sam Jones Matt Snitchler Desktop Technology Development Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company,for the United States Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000.

  2. Objective • Protect sensitive data on all mobile devices • Meet NAP 14-2-C Cyber Security Requirement

  3. Windows Solution • Credant Mobile Guardian • FIPS 140-2 Certified • Enterprise key management • Reporting capability • Supports removable media • Not a silver bullet

  4. Mac Solution • FileVault • Credant Mac Client (Beta) • Managed by console • Does not support Windows Credant EMS • WinMagic • Removable media support not integrated

  5. Linux Solutions • GnuPG • RHEL 5.3 • Linux Unified Key Setup (LUKS) • Does not support Windows Credant EMS • Dual Boot problems • Removable media support not integrated • Hardware based FDE software support immature

  6. Encryption hurts • Long encryption times • I/O intensive applications affected • Flash drives cumbersome • Large USB drives experience initial long encryption time • System recovery more complex

  7. Hardware FDE • Works well with I/O intensive applications • No initial encryption hit • Does not work with all hardware vendors • Dell, HP, Lenovo • Enterprise management solutions immature • Key management • Reporting • Wave, Secude, WinMagic • Technically not FIPS 140-2 • Hardware FDE option on Preferred System List

  8. Hardware encrypted flash • IronKey • Multi platform • Windows, Linux, Mac (Beta) • FIPS 140 certified • Expensive • Enterprise management solutions immature • Key management • Reporting • Does not work well with Credant EMS

  9. Questions • ? • sejones@sandia.gov • 505 845-8643 • mdsnitc@sandia.gov • 505 844-7790

More Related