Ohio Digital Government Summit 2007 1 Laptop Disk Encryption Colorado’s Approach Presented to: Ohio Digital Government Summit October 16, 2007.

  • Published on
    18-Dec-2015

  • View
    212

  • Download
    0

Embed Size (px)

Transcript

  • Slide 1
  • Ohio Digital Government Summit 2007 1 Laptop Disk Encryption Colorados Approach Presented to: Ohio Digital Government Summit October 16, 2007
  • Slide 2
  • Ohio Digital Government Summit 20072 Overview Colorados Data Security Environment Acquisition Strategy The States Acquisition Process Trade-Offs Results Current Status What Weve Learned
  • Slide 3
  • Ohio Digital Government Summit 20073 Colorados Data Security Environment Background Appointment of CISO House Bill 1157 Laptop Related Incidents Goals Pre-empt the Problem with a Solution Get It Done Fast Solve it for the Enterprise Make It Comprehensive Provide a Solution With Staying Power
  • Slide 4
  • Ohio Digital Government Summit 20074 Acquisition Strategy Whats Available What Does Gartner Think Whats the Scope? RFP? Agency Collaboration/Communications State Employee Teams
  • Slide 5
  • Ohio Digital Government Summit 20075 Requirements Tradeoffs Capability vs Price TechnicalRequirementsTechnicalRequirements Cost and Pricing Considerations Considerations Walking the tight rope
  • Slide 6
  • Capabilities Desired FULL DISK ENCRYPTION CENTRAL PRODUCT MANAGEMENT CENTRAL KEY MANAGEMENT PRE-BOOT AUTHENTICATION PRICEPRICE PROF. SERVICES SUPPORTSUPPORTTRAININGTRAINING LINUXLINUXMACMACW95W95W98W98WNTWNTWMEWMEW2KW2KWXPWXPVMVM REMOTE USER MGT. LOG MGT. SYSTEM MGT. FILE ENCRYPTION FOLDER ENCRYPTION USB / CD / DVD PHONE / PDA TOKEN SUPPORT SSOSSO PKI INTEGRATION DIGITAL SIGNATURE S/MIME ENCRYPTION CAPI COMPATIBLE IDENTITY MANAGEMENT
  • Slide 7
  • Ohio Digital Government Summit 20077 Capabilities Proposed FULL DISK ENCRYPTION CENTRAL PRODUCT MANAGEMENT CENTRAL KEY MANAGEMENT PRE-BOOT AUTHENTICATION PRICEPRICE PROF. SERVICES SUPPORTSUPPORTTRAININGTRAINING LINUXLINUXMACMAC W95W95W98W98WNTWNTWMEWMEW2KW2KWXPWXPVMVM REMOTE USER MGT. LOG MGT. SYSTEM MGT. FILE ENCRYPTION FOLDER ENCRYPTION USB / CD / DVD PHONE / PDA TOKEN SUPPORT SSOSSO PKI INTEGRATION DIGITAL SIGNATURE S/MIME ENCRYPTION CAPI COMPATIBLE IDENTITY MANAGEMENT
  • Slide 8
  • Ohio Digital Government Summit 20078 The Tight Rope Technical Requirements Full disk encryption Password at boot Secure storage of keys Removable devices User transparency Multiple operating systems Network based solution Key backup/recovery Remote installation Central pass-phrase management Training Cost and Pricing Considerations Firm-fixed-price initial buy Enterprise price agreement Mandatory price agreement Specified size of initial buy License mobility 4-year product support term Optional feature considerations Total bid price
  • Slide 9
  • Ohio Digital Government Summit 20079 The States Acquisition Process Trade-Offs The Tradeoffs were made: IFB 3 Months, Significant Risks RFP 8 Months, Less Risk, Too Long RFP Selected - We Had 5 Months Adopted Accelerated Project Management Approach
  • Slide 10
  • Ohio Digital Government Summit 200710 LTE Projects Approach - Acquisition Write and Issue RFP Respond to Bidder Questions Evaluate Bidder Responses Step One Technical Evaluation/Demo Step Two Price Evaluation/Selection Step Three Acceptance Testing Negotiate Mandatory Price Agreement
  • Slide 11
  • Ohio Digital Government Summit 200711 LTE Projects Approach Leveraging A Solution All Departments Funded by CISO ($450K) 6,700 Laptops in the Baseline Executive Departments Must use the Mandatory Price Agreement for Future Product Purchases Secretary of State, Attorney General, Higher Education, and Local Governments May Use Price Agreement Coordination/Communications with Departmental CIOs Technical Evaluators from Executive Branch Departments Acceptance Testing Involved Same Departments Centralized Training Provided to All Agency Technical Personnel
  • Slide 12
  • Ohio Digital Government Summit 200712 Results Pre-emptive Solution Accepted Near On-Schedule Completion of Acquisition Component of the Project Coordination/Communication with Departments Beneficial Technical Training of Agency IT Personnel Completed On-Schedule Enterprise Solution Accepted Implementation Rate - Acceptable
  • Slide 13
  • Ohio Digital Government Summit 200713 Current Status Estimated Completion: Feb 2008 Estimated Completion: Feb 2008 2007200720082008
  • Slide 14
  • Ohio Digital Government Summit 200714 What We Learned Project Management Fundamentals Pay Off Planning Project/Schedule Essential Leveraging the States Buying Power Works! Procurement Methods Vary in Terms of Time, Risk, and Effectiveness Communications/Coordination with Agencies Vital Funding Should Not an Issue Making Trade-offs Up-Front Necessary Acceptance Testing Involving Agency Technical Experts Leads to Buy-In Training Up-Front Essential to Buy-In as Well Following-Ups On Agency Implementation Necessary
  • Slide 15
  • Ohio Digital Government Summit 200715 Contact Information Bob Feingold bfeingold@centerdigitalgov.com 303-810-3215

Recommended

View more >