Download ppt - Ohio Digital Government Summit 2007 1 Laptop Disk Encryption Colorado’s Approach Presented to: Ohio Digital Government Summit October 16, 2007

Ohio Digital Government Summit 2007

1

Laptop Disk EncryptionLaptop Disk EncryptionColorado’s ApproachColorado’s Approach

Laptop Disk EncryptionLaptop Disk EncryptionColorado’s ApproachColorado’s Approach

Presented to:Ohio Digital Government Summit

October 16, 2007

Ohio Digital Government Summit 2007 2

OverviewOverview

Colorado’s Data Security Environment

Acquisition Strategy

The State’s Acquisition Process Trade-Offs

Results

Current Status

What We’ve Learned


Colorado’s Data Security Colorado’s Data Security EnvironmentEnvironment

Background Appointment of CISO House Bill 1157 Laptop Related Incidents

Goals Pre-empt the Problem with a Solution Get It Done Fast Solve it for the Enterprise Make It Comprehensive Provide a Solution With Staying Power


Acquisition StrategyAcquisition Strategy

What’s Available What Does Gartner Think What’s the Scope? RFP? Agency Collaboration/Communications State Employee Teams


Requirements TradeoffsRequirements TradeoffsCapability vs PriceCapability vs Price

TechnicalTechnicalRequirementsRequirements

TechnicalTechnicalRequirementsRequirements

Cost and PricingCost and PricingConsiderationsConsiderations

Cost and PricingCost and PricingConsiderationsConsiderations

Walking the tight ropeWalking the tight ropeWalking the tight ropeWalking the tight rope

Capabilities DesiredCapabilities Desired

FULL DISK ENCRYPTIONFULL DISK ENCRYPTIONFULL DISK ENCRYPTIONFULL DISK ENCRYPTION

CENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENT

CENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENT

PRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATION

PRICEPRICEPRICEPRICE PROF. SERVICESPROF. SERVICESPROF. SERVICESPROF. SERVICES SUPPORTSUPPORTSUPPORTSUPPORT TRAININGTRAININGTRAININGTRAINING

LINUXLINUXLINUXLINUX MACMACMACMAC W95W95W95W95 W98W98W98W98 WNTWNTWNTWNT WMEWMEWMEWME W2KW2KW2KW2K WXPWXPWXPWXP VMVMVMVM

REMOTE USER MGT.REMOTE USER MGT.REMOTE USER MGT.REMOTE USER MGT. LOG MGT.LOG MGT.LOG MGT.LOG MGT. SYSTEM MGT.SYSTEM MGT.SYSTEM MGT.SYSTEM MGT.

FILE FILE ENCRYPTIONENCRYPTION


FOLDER FOLDER ENCRYPTIONENCRYPTION


USB / CD / USB / CD / DVDDVD


PHONE / PHONE / PDAPDA


TOKEN TOKEN SUPPORTSUPPORTTOKEN TOKEN

SUPPORTSUPPORTSSOSSOSSOSSO PKI PKI

INTEGRATIONINTEGRATIONPKI PKI

INTEGRATIONINTEGRATION

DIGITAL DIGITAL SIGNATURESIGNATURE


S/MIME S/MIME ENCRYPTIONENCRYPTION


CAPI CAPI COMPATIBLECOMPATIBLE


IDENTITY MANAGEMENT

IDENTITY MANAGEMENT


Capabilities “Proposed”Capabilities “Proposed”

FULL DISK ENCRYPTIONFULL DISK ENCRYPTIONFULL DISK ENCRYPTIONFULL DISK ENCRYPTION

CENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENTCENTRAL PRODUCT MANAGEMENT

CENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENTCENTRAL KEY MANAGEMENT

PRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATIONPRE-BOOT AUTHENTICATION

PRICEPRICEPRICEPRICE PROF. SERVICESPROF. SERVICESPROF. SERVICESPROF. SERVICES SUPPORTSUPPORTSUPPORTSUPPORT TRAININGTRAININGTRAININGTRAINING

LINUXLINUXLINUXLINUX MACMACMACMAC W95W95W95W95 W98W98W98W98 WNTWNTWNTWNT WMEWMEWMEWME W2KW2KW2KW2K WXPWXPWXPWXP VMVMVMVM

REMOTE USER MGT.REMOTE USER MGT.REMOTE USER MGT.REMOTE USER MGT. LOG MGT.LOG MGT.LOG MGT.LOG MGT. SYSTEM MGT.SYSTEM MGT.SYSTEM MGT.SYSTEM MGT.









TOKEN TOKEN SUPPORTSUPPORTTOKEN TOKEN

SUPPORTSUPPORTSSOSSOSSOSSO PKI PKI

INTEGRATIONINTEGRATIONPKI PKI

INTEGRATIONINTEGRATION







IDENTITY MANAGEMENT

IDENTITY MANAGEMENT


The Tight RopeThe Tight Rope

Technical Requirements Full disk encryption Password at boot Secure storage of keys Removable devices User transparency Multiple operating systems Network based solution Key backup/recovery Remote installation Central pass-phrase

management Training

Cost and Pricing Considerations

Firm-fixed-price initial buy Enterprise price agreement Mandatory price agreement Specified size of initial buy License mobility 4-year product support term Optional feature

considerations Total bid price


The State’s Acquisition The State’s Acquisition Process Trade-OffsProcess Trade-Offs

The Tradeoffs were made: IFB – 3 Months, Significant Risks RFP – 8 Months, Less Risk, Too Long

RFP Selected - We Had 5 Months Adopted Accelerated Project Management

Approach


LTE Project’sLTE Project’sApproach - AcquisitionApproach - Acquisition

Write and Issue RFP Respond to Bidder Questions Evaluate Bidder Responses

Step One – Technical Evaluation/Demo Step Two – Price Evaluation/Selection Step Three – Acceptance Testing

Negotiate Mandatory Price Agreement


LTE Project’s Approach – LTE Project’s Approach – Leveraging A SolutionLeveraging A Solution

All Departments Funded by CISO ($450K)

6,700 Laptops in the Baseline

Executive Departments Must use the Mandatory Price Agreement for Future Product Purchases

Secretary of State, Attorney General, Higher Education, and Local Governments May Use Price Agreement

Coordination/Communications with Departmental CIO’s

Technical Evaluators from Executive Branch Departments

Acceptance Testing Involved Same Departments

Centralized Training Provided to All Agency Technical Personnel


ResultsResults

Pre-emptive Solution Accepted Near On-Schedule Completion of Acquisition

Component of the Project Coordination/Communication with

Departments – Beneficial Technical Training of Agency IT Personnel

Completed On-Schedule Enterprise Solution Accepted Implementation Rate - Acceptable


Current StatusCurrent Status

Laptop Encryption Progress - All 26 Agencies

0.00%

10.00%

20.00%

30.00%

40.00%

50.00%

60.00%

70.00%

80.00%

90.00%

100.00%

4/15

4/29

5/13

5/27

6/10

6/24 7/8

7/22 8/5

8/19 9/2

9/16

9/30

10/14

10/28

11/11

11/25

12/9

12/23

1/6

1/20 2/3

2/17 3/2

3/16

3/30

4/13

Date

Lap

top

s E

ncr

ypte

d

Estimated Completion:Feb 2008

Estimated Completion:Feb 2008

2007200720072007 2008200820082008


What We LearnedWhat We Learned

Project Management Fundamentals Pay Off Planning Project/Schedule Essential Leveraging the State’s Buying Power Works! Procurement Methods Vary in Terms of Time, Risk, and

Effectiveness Communications/Coordination with Agencies Vital Funding Should Not an Issue Making Trade-offs Up-Front Necessary Acceptance Testing Involving Agency Technical Experts

Leads to Buy-In Training Up-Front Essential to Buy-In as Well Following-Ups On Agency Implementation Necessary


Contact InformationContact Information

Bob Feingold

[email protected]

303-810-3215