Educause Security Discussion mailing list archives

Re: Whole Disk Encryption Tools

From: Steve Brukbacher <sab2 () UWM EDU>
Date: Thu, 9 Nov 2006 09:19:52 -0600

We are currently going through an evaluation process for whole disk
encryption.  The current candidates are Guardian Edge, Pointsec and
Voltage, who OEM's (repackages) the Safeboot product.

All three of them do about the same thing. The features are very
similar.  Our technical team is reviewing them next.  They all allow for
administrative recovery of data for a variety of scenarios.  They also
create their own MBR independent of the Windows boot partition. There
was some chatter about waiting for Vista Bitlocker, but I think it's
better defense in depth to use a non-Windows product for this.  Plus
this way we can use data from the management console to certify that the
drive was encrypted in case of theft which helps if your state has a
disclosure law like ours does.

One downside to Pointsec is that the key exchange between the server and
the clients happens over windows ports.  Since we block these at the
edge, this will probably be a no go. So it's pretty much between
guardian Edge and Voltage (Safeboot).

I'm happy to share the requirement analysis spreadsheet we developed for
the first round of information gathering.

Now it's up to the tech staff to pick one.

We're also evaluating asset recovery products. That's between the
Absolute software product and CyberAngel.  Cyber Angel's pricing is
better, plus they will allow us to resell this at a steep discount for
personal devices.  The Absolute product is already built in to most
modern Dell Bios' so we would simply need to purchase a license and
we're off and running, but again, the pricing isn't as attractive here.

--
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Coordinator
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224



Penn, Blake wrote:

Computrace from Absolute Software (www.absolute.com) is an asset recovery
product that is compatible with Utimaco's whole disk encryption if you are
looking to do both.  It has a persistent BIOS-based agent to survive hard
disk formatting and the like - pretty cool stuff.

____________________________________________
Blake Penn, CISSP
Information Security Officer
University of Wisconsin-Whitewater
(p) 262-472-7792 (f) 262-472-1285
pennb () uww edu | http://www.uww.edu/security/


-----Original Message-----
From: Krizi Trivisani [mailto:krizi () GWU EDU]
Sent: Wednesday, November 08, 2006 3:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Whole Disk Encryption Tools

Hi Kim,

At GW we are using Safeguard Easy (Utimaco product) for full-disk
encryption.  We just finished a successful pilot and have been approved to
move forward with our phased enterprise roll-out.  Our first phase is
full-disk encryption of laptops for high risk users (target by end of Feb;
approx. 700 laptops).  We will also be encrypting desktops in Phases 2 and
3.  Fortunately we have a mandate from our board of directors, so our
enforcement teeth are there.  Communications, training, awareness, and
standards are critical success factors for us.  We are not using an asset
recovery product at this time.

If you would like to talk off-line, please feel free to call me.

Cheers,
Krizi

*********************************
Krizi Trivisani, CISSP
Director of Systems Security Operations
Chief Security Officer
The George Washington University
202/994-7803
krizi () gwu edu


----- Original Message -----
From: "Logan, Kimberly (loganks)" <LOGANKS () UCMAIL UC EDU>
Date: Wednesday, November 8, 2006 3:58 pm
Subject: [SECURITY] Whole Disk Encryption Tools
To: SECURITY () LISTSERV EDUCAUSE EDU

Hi Everyone,

University of Cincinnati is now looking at whole disk encryption tools.
We are looking for a tool that will allow us to manage the keys.  I'd
like to know what those of you looking at or using whole disk
encryption are using and why.  Also, does anyone know if there is one
product that provides both whole disk encryption and asset recovery?

Thanks,

Kim

Kim Logan
Information Security Officer
University of Cincinnati
(513)556-9070
kim.logan () uc edu

Current thread:

Whole Disk Encryption Tools Logan, Kimberly (loganks) (Nov 08)
- <Possible follow-ups>
- Re: Whole Disk Encryption Tools Krizi Trivisani (Nov 08)
- Re: Whole Disk Encryption Tools Bob Kehr (Nov 08)
- Re: Whole Disk Encryption Tools Gary Dobbins (Nov 08)
- Re: Whole Disk Encryption Tools Penn, Blake (Nov 09)
- Re: Whole Disk Encryption Tools Steve Brukbacher (Nov 09)
- Re: Whole Disk Encryption Tools Logan, Kimberly (loganks) (Nov 09)
- Re: Whole Disk Encryption Tools jack suess (Nov 09)
- Re: Whole Disk Encryption Tools Chris Green (Nov 09)
- Re: Whole Disk Encryption Tools Krizi Trivisani (Nov 09)
- Re: Whole Disk Encryption Tools Brad Judy (Nov 09)
- Re: Whole Disk Encryption Tools Jack Suess (Nov 09)
- Re: Whole Disk Encryption Tools Bob Ono (Nov 10)
- Re: Whole Disk Encryption Tools Clifford Collins (Nov 10)
- Re: Whole Disk Encryption Tools George Farah (Nov 10)
- Re: Whole Disk Encryption Tools Curt Wilson (Nov 13)