Case Study: Allstate Insurance Company's Local Data Protection Project

Eric Leighninger, Contributor

    Requires Free Membership to View

More on this:
Check out our security school lesson on data leak prevention

View more presentations from Financial Information Security Decisions

Learn more about Financial Information Security Decisions
Financial services companies have been under siege in terms of trying to meet the protection requirements for sensitive corporate and personal data imposed by statutes such as CA-1386, Sarbanes-Oxley and Gramm-Leach-Bliley Act, state and federal banking and insurance regulations, industry standards and competitive market pressures.

Protecting data-at-rest, data-in-transit and data-in-use in large information intensive enterprises is a daunting challenge from technological as well as financial perspectives.

In this presentation, Eric Leighninger, chief security architect for Allstate Insurance Company, shows how his company is attacking this problem in general and in particular with regard to data-at-rest on mobile devices and removable media. In this role he is responsible for creating and articulating the information security architectural vision, communicating that vision to the enterprise, creating security architecture models and roadmaps, recommending security technology options and validating information security architectures against enterprise requirements.

Attacking the data-at-rest protection problem requires a combination of encryption and compensating control mechanisms such as data obfuscation, filtering and masking. Allstate, like many comparable companies, has developed a data encryption strategy that takes into account the sensitivity and value of the data itself, the context in which it is used and the associated risk of compromise. In the context of mobile devices such as laptop computers and USB storage media, local data encryption is an effective tool for protecting corporate data on mobile media that is inadvertently lost or intentionally stolen or maliciously attacked. Download this presentation for a solid understanding of Allstate's Local Data Protection Project that dealt with laptop and media encryption with an emphasis on:

  • A description of the problem to be solved and its relationship to the larger set of enterprise data protection considerations
  • Technical and procedural challenges and issues that arose
  • An overview of the project, implementation and support issues that arose during test and deployment of the encryption solution
  • Lessons learned

Download this presentation

This was first published in July 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.