Home > Financial Services Information Security Tips > Data Protection Essentials > Case Study: Allstate Insurance Company's Local Data Protection Project
Financial Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

DATA PROTECTION ESSENTIALS

Case Study: Allstate Insurance Company's Local Data Protection Project


Eric Leighninger, Contributor
07.03.2008
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


More on this:
Check out our security school lesson on data leak prevention

View more presentations from Financial Information Security Decisions

Learn more about Financial Information Security Decisions
Financial services companies have been under siege in terms of trying to meet the protection requirements for sensitive corporate and personal data imposed by statutes such as CA-1386, Sarbanes-Oxley and Gramm-Leach-Bliley Act, state and federal banking and insurance regulations, industry standards and competitive market pressures.

Protecting data-at-rest, data-in-transit and data-in-use in large information intensive enterprises is a daunting challenge from technological as well as financial perspectives.

In this presentation, Eric Leighninger, chief security architect for Allstate Insurance Company, shows how his company is attacking this problem in general and in particular with regard to data-at-rest on mobile devices and removable media. In this role he is responsible for creating and articulating the information security architectural vision, communicating that vision to the enterprise, creating security architecture models and roadmaps, recommending security technology options and validating information security architectures against enterprise requirements.

Attacking the data-at-rest protection problem requires a combination of encryption and compensating control mechanisms such as data obfuscation, filtering and masking. Allstate, like many comparable companies, has developed a data encryption strategy that takes into account the sensitivity and value of the data itself, the context in which it is used and the associated risk of compromise. In the context of mobile devices such as laptop computers and USB storage media, local data encryption is an effective tool for protecting corporate data on mobile media that is inadvertently lost or intentionally stolen or maliciously attacked. Download this presentation for a solid understanding of Allstate's Local Data Protection Project that dealt with laptop and media encryption with an emphasis on:

  • A description of the problem to be solved and its relationship to the larger set of enterprise data protection considerations
  • Technical and procedural challenges and issues that arose
  • An overview of the project, implementation and support issues that arose during test and deployment of the encryption solution
  • Lessons learned

Download this presentation

Rate this Tip
To rate tips, you must be a member of SearchFinancialSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Data Protection Essentials
Lessons learned: The Montgomery Ward breach
Lessons learned: The Citibank ATM breach
How to lay the foundation for role entitlement management
Single sign-on options for financial services firms
Privileged password management steps to success
The evolving value proposition and impact of identity management
Removable media encryption adds extra layer to laptop security
Key management challenges and best practices
Using full disk encryption in the battle against laptop data theft
Laptop encryption options

Data encryption techniques
Lessons learned: The State Street Corp. breach
Removable media encryption adds extra layer to laptop security
Key management challenges and best practices
Using full disk encryption in the battle against laptop data theft
Laptop encryption options
State Street breach highlights encryption limits, vendor due diligence
Encryption methods for financial organizations
Cryptography's future
Look before leaping into database encryption
Encryption may help regulatory compliance

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts