Rest Secured With PGP Whole Disk Encryption for Enterprises
By Kevin Bocek, PRODUCT MARKETING MANAGER - PGP CORPORATION

Mobile computers are emerging as the industry standard for increasing user productivity and efficiency. The portable nature of these devices increases the possibility of loss or theft. Without strong data protection, an enterprise may be exposed to significant financial loss, legal penalties, and brand damage. The compromise of customer, patient, personnel, or partner information due to a lost or stolen computer is not only embarrassing, but presents significant financial consequences for many businesses.

Cost of a Data Breach

When 14,500 customer records at an insurance company were compromised, total costs and lost revenue exceeded $27 million. The cost of investigation, notification, legal, and free services alone exceeded $2 million. Based on the organization's own calculations, lost business from customer turnover and reduced acquisition is estimated to reach $25 million. (1)

Risk of Data at Rest

Customer lists, HR records, patient information, or draft audit reports are often distributed through an organization's internal network and across the Internet. The use of session encryption to protect data in transit as it travels across the Internet, wide area network (WAN), or WiFi network is a basic requirement for organizations. However, once data is stored locally (also known as "data at rest"), there is often little protection beyond domain authentication and operating system access controls. Data is also copied automatically within a system and stored in multiple temporary and system files without the knowledge of users. These files can remain indefinitely and are not removed until they are deleted by direct user intervention or when a drive is erased and formatted. Once a system is lost, stolen, or compromised, an organization must assume that all unencrypted data will be compromised because removing a hard disk is all too easy. Forensic applications and countless hard drive utilities downloadable from the Internet allow data and even files thought to be deleted to be recovered.

Consequences of a Security Breach

Just as the means and mode of a security breach are often different, the subsequent consequences are varied as well. In general, the resulting consequences of a security breach can be separated into five categories: (2)

1. Regulatory - An organization may be compelled by law or corporate governance to take actions, including remediation, paying fines, or discontinuing services.

2. Legal - A variety of interested or affected parties including government prosecutors or agencies, shareholders, and affected individuals may seek criminal or civil action in the courts.

3. Remediation - An organization may be compelled to or voluntarily take corrective actions, including fixing the breach vulnerability, notifying and supporting affected individuals/organizations, and mounting a public relations campaign.

4. Lost business - Because of the breach or resulting publicity, both affected and unaffected customers may end their relationships and the organization may find it more difficult to acquire new customers.

5. Brand equity - Other consequences may have long-term implications on brand equity. Brand damage may subsequently lead to a reduction in pricing power, diminished marketing effectiveness, and other competitive disadvantages, for example.

Solution: Full Disk Encryption

PGP Whole Disk Encryption for Enterprises provides comprehensive, non-stop disk encryption. The solution is centrally deployed and managed, enabling organizations to quickly and cost-effectively safeguard sensitive data from unauthorized access.

Full disk encryption technology allows organizations to lock down all data stored on a laptop or desktop computer, rendering that data unreadable in the event a system is lost or stolen. PGP¨ Whole Disk Encryption for Enterprises allows organizations to immediately address business risks and the resulting consequences of a data breach. Full disk encryption technology protects all data stored on a system by encrypting all files, including often overlooked swap, temp, and hibernation files. Once encrypted, data is rendered useless in the event of loss or theft. With full disk encryption, users do not have to decide which files to protect. With most solutions, users cannot override or deactivate full disk encryption without acquiring special administrative privileges, ensuring that all data is encrypted and locked down. PGP Whole Disk Encryption for Enterprise protects all user files, including those stored on removable media such as USB flash drives. Organizations can protect laptops and desktops without affecting the usability of enduser systems while safeguarding systems even before the operating system launches. Administrators retain access to protected systems, and PGP Whole Disk Encryption for Enterprises leverages corporate directory systems to expedite deployment and provisioning. Designed for enterprise use, PGP Whole Disk Encryption for Enterprises exceeds the key criteria for systems transparency, enhanced security, centralized management, and systems integration. Equally important, PGP Whole Disk Encryption for Enterprises allows organizations to secure multiple applications, including email encryption, through the expandable PGP Encryption Platform. With the PGP Encryption Platform, PGP Universal™ provides all centralized management and deployment functions for PGP Whole Disk Encryption for Enterprises.

PGP Encryption Platform

Installed with PGP Whole Disk Encryption for Enterprise, the PGP Encryption Platform provides a single management and deployment services console. Organizations that have already deployed PGP Whole Disk Encryption for Enterprises can expand PGP Universal as needed, adding new encryption applications and functions that are centrally managed and deployed. This flexibility allows enterprises to choose the encryption solution that best fits their needs, budgets, and deployment timeline.

The PGP Encryption Platform also allows organizations to avoid the development of encryption "silos." Silos result when an organization deploys an encryption application to meet an immediate need and then subsequently deploys another point solution. These encryption silos do not share policy and management interfaces, leading to increasing operational costs from redundant training, administration, and support. At the same time, the lack of shared policy between silos means policies may be inconsistently enforced, increasing business risk. With the PGP Encryption Platform, the first application deployed establishes a foundation for sharing policy and user management across additional encryption applications, eliminating the need for unnecessary administration, training, and support. This approach controls operational costs and reduces overall business risk with consistent policies enforced across users and applications.

(1) The Ponemon Institute, "Lost Customer Data: What Does a Data Breach Cost Companies?", November 2005

(2) Derived from categories developed initially by The Ponemon Institute, "Lost Customer Data: What Does a Data Breach Cost Companies?", November 2005