Today we announced a new addition to our endpoint security solutions called Dell Data Protection | Encryption. It is a file-based encryption solution that protects the system disk and removable storage on or attached to a system. It also is designed to be easily deployed in pretty much any IT environment, allow IT to flexibly manage and audit encryption state and help customers reach compliance for a number of regulations.
Why encryption now from Dell? The answer is simple. We’ve talked to customers and have our own experiences with deploying encryption and it became clear that there was a better, more efficient way to tackle data protection. Several solutions available today can be cumbersome, hard to deploy and may require changes to everyday system administration. So we decided to go a different route to help simplify the entire process and give our customers a single, comprehensive solution that covers the system disk and removable media.
Dell Data Protection | Encryption is a filed-based encryption solution as opposed to sector-based full-disk encryption that most customers are aware of today. Sector-based offerings encrypt an entire disk (minus the files needed to actually boot a system) whether there is data on a given sector or not. Because sector-based solutions rely on the physical media of a hard drive, it is recommended that customers run defragmentation and CHKDSK prior to deployment to help avoid any system errors during deployment.
With our solution data is encrypted at the file level and doesn’t require any defrags prior to deployment. Essentially, we put a filter on the file system within Windows that encrypts/decrypts data as it goes through it, whether creating data, changing data, etc. It encrypts all file types that contain data, including source files and temporary files created by applications, file and folder copy and paste, print to file, screen copy and paste, back-up files and page, and swap files.
Dell Data Protection | Encryption gives IT extreme flexibility in how to enforce encryption policies. Let me paint a couple of scenarios to show how our encryption offering works:
- Encrypt just the data on a system’s disk – With our intelligent file-based encryption offering, IT can encrypt just data on a drive, not the operating system or application files. This can provide better performance because you are only encrypting data that is produced or changed.
- Encrypt the system data and removable media – Encrypt system data plus removable media – USB, 1394, SD, etc.…basically anything that Windows reads as a drive letter. When encrypting removable media, you have the flexibility to enforce passwords (length, number of attempts, etc.), set group policies for sharing or enforce no sharing at all.
- Encrypt everything – With Dell Data Protection | Encryption we have flexibility to deliver multiple encryption keys, which are released to decrypt data when a user is authenticated to a system. You can set up a scenario where there is a common encryption key to protect the OS and applications on a system and a separate key tied to the end user to secure data. This allows IT to maintain a system without access to the most sensitive data in an organization.
There are two reasons our customers want to encrypt data – data privacy and protection of intellectual property (new products, proprietary formulas, engineering drawings, etc.). There are also several laws internationally that require customers to protect personally identifiable data. Dell Data Protection | Encryption helps make compliance easy with preset compliance policy templates that allow customers to quickly setup policies based on their needs. These are designed for customers that may have little or no IT resource and as a starting point for power users who can customize the templates further. The levels of protection include:
- Basic Protection for system, fixed and/or removable drives: Encrypt using a common key for all or some fixed drives and system drive with a prompt to encrypt removable media.
- Aggressive Protection for All Drives: Encrypt applications and data with a user key (vs. a common key).
- HIPPA Targeted: Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare organizations implement a number of technical safeguards to protect the confidentiality and integrity of all individually identifiable health information.
- Data Breach Regulatory Targeted: Designed for organizations that have regulatory requirements under state or federal law where the only way an organization can avoid notifying customers of a breach is the ability to prove all personal information was encrypted prior to the breach.
- PCI Data Security Standard Targeted: Payment Card Industry Data Security Standard (PCI DSS) is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
The common misperception of file-based encryption is that there may be end user intervention required to encrypt data. With Dell Data Protection | Encryption, there is no end user intervention required. IT determines the policy they need for their organization, sets the policy up in the remote management console, enforces it and monitors their environment to ensure that systems have the latest policy enforced.
Our encryption solution works with Dell, legacy Dell and non-Dell Windows-based systems. And, given that we co-developed the solution CREDANT, you can also protect Mac-OS systems.
To learn more about Dell Data Protection, click here.