Case Study: Allstate Insurance Company's Local Data Protection Project

In this presentation from Financial Information Security Decisions, Allstate's Chief Security Architect, Eric Leighninger, explains how his company is keeping their data protected through use of encryption, data obfuscation, filtering and more.

More on this:
Check out our security school lesson on data leak prevention

View more presentations from Financial Information Security Decisions

Learn more about Financial Information Security Decisions
Financial services companies have been under siege in terms of trying to meet the protection requirements for sensitive corporate and personal data imposed by statutes such as CA-1386, Sarbanes-Oxley and Gramm-Leach-Bliley Act, state and federal banking and insurance regulations, industry standards and competitive market pressures.

Protecting data-at-rest, data-in-transit and data-in-use in large information intensive enterprises is a daunting challenge from technological as well as financial perspectives.

In this presentation, Eric Leighninger, chief security architect for Allstate Insurance Company, shows how his company is attacking this problem in general and in particular with regard to data-at-rest on mobile devices and removable media. In this role he is responsible for creating and articulating the information security architectural vision, communicating that vision to the enterprise, creating security architecture models and roadmaps, recommending security technology options and validating information security architectures against enterprise requirements.

Attacking the data-at-rest protection problem requires a combination of encryption and compensating control mechanisms such as data obfuscation, filtering and masking. Allstate, like many comparable companies, has developed a data encryption strategy that takes into account the sensitivity and value of the data itself, the context in which it is used and the associated risk of compromise. In the context of mobile devices such as laptop computers and USB storage media, local data encryption is an effective tool for protecting corporate data on mobile media that is inadvertently lost or intentionally stolen or maliciously attacked. Download this presentation for a solid understanding of Allstate's Local Data Protection Project that dealt with laptop and media encryption with an emphasis on:

  • A description of the problem to be solved and its relationship to the larger set of enterprise data protection considerations
  • Technical and procedural challenges and issues that arose
  • An overview of the project, implementation and support issues that arose during test and deployment of the encryption solution
  • Lessons learned

Download this presentation


This was first published in July 2008

Dig deeper on Data encryption techniques

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close