WIXLIB

CREDANTData SecurityPartner GuideRevision: H2CY10

Using this Data SecurityPartner GuideRelated DocumentsThis document is for the reader who: Has read the Cisco Smart Business Architecture (SBA) for GovernmentLarge Agencies—Borderless Networks Design Overview and the CiscoData Security Deployment GuideBefore reading this guide Wants to connect Borderless Networks to a CREDANT data securityendpoint solutionDesign Overview Wants to gain a general understanding of the CREDANT data securityendpoint solutionInternet Edge Deployment Guide Has a level of understanding equivalent to a CCNA certification Wants to prevent sensitive data, including intellectual property andcustomer data from leaving the organization without protectionInternet Edge Configuration Guide Wants to solve data security compliance and regulatory problems Is mandated to implement data security policiesData Security Deployment Guide Wants the assurance of a validated data security solutionDeployment GuidesDesign GuidesDesign OverviewSupplemental GuidesFoundation DeploymentGuidesData SecurityDeployment GuideInternet EdgeDeployment GuideCREDANT Data SecurityPartner GuideInternet EdgeConfiguration GuideNetwork ManagementGuidesUsing this Data Security Partner GuideYou are Here

Table of ContentsOverview of Cisco Borderless Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1Agency Benefits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2CREDANT Product Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3CREDANT Deployment Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4How to Contact Us. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6Appendix A: SBA for Large Agencies Document System. . . . . . . . . . . . . . . . . . 7ALL DESIGNS, SPECIFICATIONS, STATEMENTS, INFORMATION, AND RECOMMENDATIONS (COLLECTIVELY, "DESIGNS") IN THIS MANUAL ARE PRESENTED "AS IS," WITH ALL FAULTS. CISCO AND ITS SUPPLIERSDISCLAIM ALL WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OFDEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THE DESIGNS, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCHDAMAGES. THE DESIGNS ARE SUBJECT TO CHANGE WITHOUT NOTICE. USERS ARE SOLELY RESPONSIBLE FOR THEIR APPLICATION OF THE DESIGNS. THE DESIGNS DO NOT CONSTITUTE THE TECHNICALOR OTHER PROFESSIONAL ADVICE OF CISCO, ITS SUPPLIERS OR PARTNERS. USERS SHOULD CONSULT THEIR OWN TECHNICAL ADVISORS BEFORE IMPLEMENTING THE DESIGNS. RESULTS MAY VARYDEPENDING ON FACTORS NOT TESTED BY CISCO.Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposesonly. Any use of actual IP addresses in illustrative content is unintentional and coincidental. Cisco Unified Communications SRND (Based on Cisco Unified Communications Manager 7.x) 2010 Cisco Systems, Inc. All rights reserved.Table of Contents

Overview of CiscoBorderless NetworksThe Cisco SBA for Large Agencies—Borderless Networks offers partnersand customers valuable network design and deployment best practices;helps agencies to deliver superior end-user experiences using switching,routing, security and wireless technologies; and includes comprehensivemanagement capabilities for the entire system. Customers can use theguidance provided in the architecture and deployment guides to maximizethe value of their Cisco network in a simple, fast, affordable, scalable andflexible manner.Figure 1. CREDANT Data Security Integrated into the SBA for LargeAgencies—Borderless NetworksModular design means that technologies can be added when the organization is ready to deploy them. Figure 1 shows how the CREDANT data security solution integrates into the Borderless Networks architecture.This guide is part of a comprehensive data security system designed tosolve agencies’ operational problems, such as protecting intellectual property and sensitive customer information assets, and meeting compliancerequirements. The guide focuses on Cisco’s partnership with CREDANTTechnologies to deliver affordable endpoint encryption as a part of Cisco’sbroader data security system.Overview of Cisco Borderless Networks1

Agency BenefitsThe globalization of information has forever changed the security landscape. Information is exchanged in less than a millisecond. Financialservices companies process transactions involving billions of customerfinancial records. Healthcare providers store and access information on lifethreatening illnesses and confidential patient records. For better or worse,our new, more digitized world exposes sensitive corporate, personal, andemployee data to loss or theft at the corporate endpoint. As a result of thisprofound shift in computing, the regulatory and compliance landscape hasevolved as fast as the technological landscape.In the United States, Canada, and Europe, national regulatory standardsincreasingly supplement local reforms as the government pressures industries and businesses of all sizes to protect consumers’ personal information. Inmany cases, the penalties for non-compliance can be crippling. No organization is exempt from data tampering. And without proper measures, none canescape the risk of fines, loss of reputation, or possible bankruptcy.Data encryption isn’t just a best practice. It is an imperative for survival in theglobal, digitized marketplace. Companies failing to meet their compliancerequirements and adequately protect against a data breach face fines andother costs extending into the tens of millions of dollars. Yet every organization is unique. The right combination of data encryption solutions must bedefined by the existing infrastructure, regulatory requirements and agencypractices. By partnering with Cisco and CREDANT, agencies can begin toadopt a holistic approach to data security—encrypting data on the network,at the gateway, via VPN, or at rest at the endpoint.Protecting sensitive information is critical, and with CREDANT, agencies gainflexibility in how they choose to protect sensitive information. Encryptiontechnology is built on well established standard algorithms, but the solutionsbuilt on that technology include a variety of software- and hardware-basedencryption options to meet different operational needs.As there is a wide range of options to secure critical data, there is also awide range of criteria to consider when deciding how to best protect youragency. Power users or developers tend to be very sensitive to even thesmallest impact on system performance. Less technically savvy end userswill likely inundate the help desk with calls for assistance if they encounter asolution that forces them to change the way they work. Executives may carrymore sensitive information than end users and thus require different security policies. Traveling employees naturally incur more risk of data loss fora number of reasons than do employees working on a desktop system in asecure office. These are just a few of the criteria that agencies must navigatewhen choosing the right solution or solutions for their operations.Agency Benefits2

CREDANT ProductOverviewCREDANT offers both hardware and software encryption with centrallymanaged or unmanaged options, depending on your needs. All managedsolutions include extensive reporting to satisfy compliance needs and toease deployment and day-to-day use. Products can be mixed and matchedto find an overall solution that best fits your needs: CREDANT Mobile Guardian provides software encryption and securityfor Windows or Mac OS X laptops and desktops, removable media,and PDAs and Smartphones. Windows systems are protected withCREDANT’s Intelligent Encryption and full disk encryption (FDE) is usedto protect Mac computers. External media encryption is provided forboth Windows and handhelds. Windows protection is available in bothmanaged and unmanaged varieties. CREDANT FDE DriveManager technology fortifies the SeagateMomentus self-encrypting 2.5” hard drives with remote management,strong authentication, and extensive auditing and reporting features,thus allowing companies to more easily implement Seagate hardwareencryption. FDE DriveManager can be configured during installation torun as a managed or unmanaged client.Figure 3. CREDANT Drive ManagerFigure 2. CREDANT Mobile Guardian CREDANT Protector offers fine-grained port control capabilities toagencies wishing to control data at the device or file level. CREDANT FDE for Windows provides full disk software encryption forWindows laptops and desktops. All data on the local drive is encryptedat the sector level, including any blank space on the drive. This fullymanaged solution includes mandatory, pre-boot authentication andAES-256 encryption. CREDANT’s network-aware pre-boot authenticationallows the end user to access the system via an existing domain login.Administrators avoid the high overhead setup and maintenance of proprietary pre-boot user and administrator accounts.As operational environments differ, so do the options CREDANT offersto secure critical data in those environments. All CREDANT solutions aredesigned to provide the most comprehensive security available for datastored on laptops, desktops, removable media and mobile devices. Eachsolution ensures mandatory authentication and provides industry-standardencryption so agencies can select a product or a combination of productsthat best fit their needs without having to go to multiple vendors. CREDANT’sbroad range of solutions helps to keep corporate data secure while allowingusers to focus on doing their jobs.CREDANT Product Overview3