Case Study: Allstate Insurance Company's Local Data Protection Project

Protecting data-at-rest, data-in-transit and data-in-use in large information intensive enterprises is a daunting challenge from technological as well as financial perspectives.

In this presentation, Eric Leighninger, chief security architect for Allstate Insurance Company, shows how his company is attacking this problem in general and in particular with regard to data-at-rest on mobile devices and removable media. In this role he is responsible for creating and articulating the information security architectural vision, communicating that vision to the enterprise, creating security architecture models and roadmaps, recommending security technology options and validating information security architectures against enterprise requirements.

Attacking the data-at-rest protection problem requires a combination of encryption and compensating co...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Essentials By addressing data privacy, companies avoid public scrutiny Lessons learned: The LendingTree case Lessons learned: The Countrywide Financial breach The Societe Generale fraud story: Keith White on fraud Institutionalizing risk management for ongoing management support Risk assessments: Internal vs. external Putting risk analysis into words Lessons learned: The Texas Insurance Claims Services case Lessons learned: The Montgomery Ward breach Lessons learned: The Citibank ATM breach Data encryption techniques How to secure data backup Too many encryption methods make secure communications difficult Massachusetts data protection law has mixed impact on financials RBS WorldPay agrees to market VeriFone end-to-end encryption Download presentations from Financial Information Security Decisions 2009 Data encryption: Pre-implementation best practices Data encryption: Lessons learned from implementation Data encryption: Q&A with Eric Leighninger Community banks to increase security spending, survey finds Lessons learned: The State Street Corp. breach

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ntrol mechanisms such as data obfuscation, filtering and masking. Allstate, like many comparable companies, has developed a data encryption strategy that takes into account the sensitivity and value of the data itself, the context in which it is used and the associated risk of compromise. In the context of mobile devices such as laptop computers and USB storage media, local data encryption is an effective tool for protecting corporate data on mobile media that is inadvertently lost or intentionally stolen or maliciously attacked. Download this presentation for a solid understanding of Allstate's Local Data Protection Project that dealt with laptop and media encryption with an emphasis on:

• A description of the problem to be solved and its relationship to the larger set of enterprise data protection considerations
• Technical and procedural challenges and issues that arose
• An overview of the project, implementation and support issues that arose during test and deployment of the encryption solution
• Lessons learned

Download this presentation