Innovative SaaS-Delivered PC Data Security Enforces Encryption and More

Beachhead Solutions

Concern over the privacy of personal information, such as social security and credit card numbers, medical records, and other data has led to a proliferation of state and federal regulations in recent years. There is the Gramm-Leach-Bliley Act (GLBA) in the financial sector and the Health Information Portability and Accountability Act (HIPAA) in the healthcare industry. Modeled after California’s SB1386, 44 states now mandate companies to notify individuals in writing whose personal information has been compromised, which can be costly for companies and result in loss of customers.

In addition to personal information, organizations must also protect their own intellectual property (IP), such as customer lists and proprietary technologies. PC data security is an integral component of an organization’s IT strategy for ensuring regulatory compliance and preventing the compromise of sensitive company secrets.

But in order to be effective, a PC data security solution must provide a number of key capabilities. It must be easy to deploy. Once deployed, it should offer confirmation that it is deployed and working as intended. It must not inhibit productivity. It should deliver organizational control and security while being transparent to the user (i.e., without dependence on end users’ acceptance or adherence to policy). Furthermore, it cannot be reliant on the user to deploy or maintain, and it can’t be circumvented by the user. It has to be enforced. And it must enable administrators to quickly and dynamically modify policy when business circumstances change.

Following are three examples of how organizations are protecting their mobile data with Lost Data Destruction ® (LLD) from Beachhead Solutions.

Validare

Validare, located in San Ramon, California, is on the leading edge of a major shift in the healthcare industry, moving procedures from hospital outpatient and ambulatory surgery centers to accredited physicians’ offices. Using a combination of proprietary, web-based software and highly qualified consultants, Validare helps medical practices attain and maintain accreditation through The Joint Commission and bill for facility services to health plans nationwide. Validare has successfully guided more than 200 practices in more than 20 states through the accreditation process.

Challenge
As a small start-up with finite resources, Validare was very concerned about potential competitors who could adopt Validare’s unique model. “If someone got hold of our process and recreated it, they could easily eclipse us,” says Matthew Schmuck, Validare’s Director of Information Technology. “We needed to keep a tight lock on our proprietary company information and sales data – our intellectual property.”

One of the greatest concerns for Schmuck was a widely distributed sales force who carried laptops packed with sensitive company information. How could the company limit or deny access to that data at any time to prevent its use by unauthorized parties, even though that data was remote and on a PC outside of his control?

Solution
Schmuck considered a number of PC security products, but all fell short of his needs. Encryption alone did not protect against an authorized individual who became unauthorized. The Director of IT had very serious concerns of proprietary data falling into the wrong hands. Once an individual had the password and credentials, the data would be wholly decrypted and viewable in plain text.

Then he found LDD from Beachhead Solutions. LDD is the first PC security solution to combine intelligent encryption with enterprise-controlled destruction of at-risk data. Unlike most other data security products, the software-based solution is transparent to the user and doesn’t depend on user compliance or involvement. “The employees wouldn’t even know it was there,” says Schmuck. “They wouldn’t be able to uninstall it or change parameters.”

Schmuck liked the fact that LDD could be installed remotely and, as a Web-based solution hosted by Beachhead, it didn’t require the expense or management of a local server. And as opposed to full disk encryption, LDD allowed Schmuck to enforce encryption on all data files.

Schmuck found LDD easy to deploy. “I built a group for the sales and marketing team and applied the rules and distributed it to everybody in one fell swoop. It was done in seconds.” LDD is also easy to manage through the Web-based interface from any computer anywhere with a supported browser. As circumstances change, Schmuck can dynamically change policies.

Benefits
Not long after Beachhead LDD was deployed, a key sales and marketing employee at Validare resigned on a Friday afternoon, promising to return his laptop the following week. “All of his sales leads and customer data were on that laptop,” recalls Schmuck. “Rather than worry that he might use the proprietary client files, we hit the ‘kill switch’ and wiped specific folders on his hard drive. We decided to ensure his honesty and our peace of mind with the flip of a switch. Then LDD provided confirmation that data was removed from the device.”

Because Schmuck backs up his data on a regular basis, he had access to a backup copy and was comfortable in irrevocably destroying all sensitive data on that PC. LDD also has the ability, known as Data Quarantine, to remotely deny and restore access to data residing on a PC. The feature allows the administrator to quickly and remotely destroy the encryption key. If the threat is removed, the administrator can just as easily push the key back to the PC and access to the data is again restored.

Investment Bank

Many organizations responsible for the privacy of client and consumer data are reluctant to discuss security issues regarding such data. Therefore, this case study does not identify the organization by name. However, the circumstances detailed are accurate.

This leading independent, full-service investment bank offers a broad range of investment products, brokerage services, and investment banking services to its retail, institutional, and corporate clients with operations in Canada, the United States, and Great Britain. Among its core values are the integrity and respect for client confidentiality.

Challenge
Protecting the confidentiality of client information is a high priority for this organization. Significant effort and resources have been dedicated to protecting it, wherever it resides. One of the concerns was client information stored on laptop computers, which could be at risk if a mobile device were lost or stolen.

Solution
After carefully evaluating a number of options, this investment bank chose Beachhead Solutions LDD, which combines intelligent encryption with enterprise-controlled destruction of at-risk data. Because the software-based solution is transparent to the user, it doesn’t depend on user compliance or involvement. Installed remotely and, as a Web-based solution hosted by Beachhead, LDD doesn’t require the expense or management of a local server.

Benefits
Like an insurance policy, the investment bank hoped the LDD solution would never be needed. Then, its worst fears were realized when a laptop was stolen. The theft wasn’t reported by the user until the next day. The laptop was found in a dumpster the day after the theft and returned to the investment bank, thanks to an identification tag. However, the same tag may have also prompted the thief’s initial interest in the device.

The recovered laptop had an interesting story to tell. Sensitive files had been properly encrypted as directed by LDD policies. The thief attempted to log on to the device eight times during which time the computer was shut down by LDD policy and the encryption key was destroyed. Without the key, no one – not even the authorized user or a thief who either found or correctly guessed the password – would be able to access the encrypted records. It was at this point that the thief apparently gave up and discarded the laptop.

When possible breaches like this occur, it is typical for companies to insist that the thief was only interested in the laptop, not the confidential data it contained. In this instance, because the device had been discarded, the thief was clearly more interested in the data.

This incident has given the investment bank peace of mind and substantiated their decision to deploy Beachhead Solutions LLD. “In our business, encryption of data is essential. But we wanted additional assurances that even if a password was stolen or guessed, we’d still be protected,” says a representative of the investment bank. “We were relived to know that sensitive data didn’t get into the wrong hands, and that the LDD solution worked exactly as designed.”

Healthcare Provider

Due to the reluctance to publicly discuss security issues regarding patient data , this case study does not identify the organization by name. As with the investment bank above, however, the circumstances detailed are accurate.

This is a large East Coast healthcare organization comprised of multiple hospitals and numerous satellite facilities. It is a technologically advanced, not-for-profit healthcare system with several thousand employees.

Challenge
Like most healthcare organizations, this institution must comply with the Health Insurance Portability and Accountability Act (HIPAA), which governs the security and confidentiality of patient data. A significant volume of sensitive data is stored on laptops of employees who frequently travel between facilities. The healthcare provider needed a way to ensure the privacy of this mobile data and demonstrate HIPAA compliance.

The organization initially committed to a full-disk encryption solution. When a new Information Technology Analyst came on board, he was given the task of deploying the full-disk encryption product. “It was supposed to be remotely installable,” says the analyst. “I tried several times to get the remote program to work. Several network technicians tried. Each time it bombed. I’m through wasting time.” Each laptop must be brought in by the user to complete the installation and setup.

Another problem the analyst found with the product was its enormous footprint that noticeably affected performance of the laptops. “Users who didn’t have the newest and fastest PCs pleaded to with me not to have to have the software installed.”

Solution
Frustrated by his inability to deploy the software company-wide and easily add protection for new PCs coming on line, the analyst sought a solution that didn’t require physical installation of the software on each PC. After learning about LDD from Beachhead Solutions, the analyst soon began an evaluation of the product. LDD is a subscription-based software-as-a-service (SaaS) where policy is managed and monitored by business decision makers through a secure web-based console. Encryption and other security policies are enforced at the PC level without reliance on, or impact to, the PC user. To the delight of this analyst, silent deployment is handled remotely, and day-to-day management of the tool is easy.

LDD offers the flexibility to encrypt only data that’s highly sensitive. There’s no need to encrypt the entire disk. “I like that ability,” says the analyst.

Benefits
With a smaller footprint, the impact on performance for users would be negligible. “I have it installed on my laptop, which isn’t the quickest machine, and I can’t even tell it’s there,” says the analyst. “With the full-disk encryption solution I’d know it.”

Because LDD is a Web-based solution hosted by Beachhead, there’s no need to set up and manage a local server on site, reducing operating costs and simplifying management. “Web hosting makes it easy for one person to manage,” says the analyst. “And it’s highly customizable. I can set up rules at a macro or micro level.” LDD allows the administrator to modify rules over and above encryption, such as remote elimination and restoration of encryption keys, a feature called “Quarantine.” This capability allows the administrator to remotely deny and restore access to the data on a PC (or group of PCs). Not only is compliance assured through enforced encryption but the analyst is provided peace of mind that the data is secure even if the password is known or knowable.

The analyst particularly likes the anonymity of LDD. The software is designed for fast and easy remote installation transparently to the user. “It keeps honest people very honest.”

About Beachhead Solutions Inc.

Beachhead provides security software and services to enterprise and government customers responsible for controlling access to data on PCs and mobile devices. Beachhead's software is a complete encryption and security solution that is both easy to administer and user-transparent, and will automatically eliminate data on lost or stolen computers. For more information, visit www.beachheadsolutions.com.