Re: PGP WDE

[Brad Sanford <bsanford () GMAIL COM>]

What kind of pricing were you able to negotiate with PGP?

Brad Sanford
Emory University

On Fri, Feb 27, 2009 at 9:41 AM, Tonkin, Derek K.
<Derek_Tonkin () baylor edu>wrote:

>  We’ve been rolling out PGP over the last two years and we are approaching
> 1000 users on campus.  In our rollout I (or our installs group in the case
> of new computers) have actually personally installed PGP on each of those
> machines.  This has a variety of scheduling challenges associated with it
> but it has the advantage of getting 20-30 minutes of one on one face time
> with users which we as the security group would not otherwise be afforded.
> During this time I have found out about a variety of unrelated issues users
> are dealing (or not dealing) with and we have found this time to be a
> worthwhile benefit.
>
> Our primary issues have been:
>
>
>     - Expect to get a call at least every other day asking for a
>    passphrase reset.  This problem will be exacerbated if you install on a lot
>    of desktops where users do not shut down regularly.  Typically after MS
>    patches roll out I get an increase in calls.  We could alleviate this with
>    some of the new PGP tools for administrative bypass but we’d rather force
>    the users to remember their passphrase.
>
>
>
>     - I’ve had one or two users complain that the passphrase requirement
>    is to great and/or that having to remember another “password” is a major
>    pain (we opted not to use Single Sign-On).
>
>
>
>     - The logging capabilities have been greatly improved in recent
>    releases making it easier to tell which machines are encrypted and if
>    machines have had drive fault issues during encryption.
>
>
>
>     - We have had a number of drive failures during disk encryption.  We
>    found that having users defragment their hard drives prior to encryption
>    reduces failures and/or spots them before installation begins.  PGP now does
>    a better job of continuing to encrypt good blocks and skipping over bad
>    blocks rather than hanging the encryption process as it had in the past.
>
>
> One last thing, remember that the PGP bootloader, at least last time I
> tried, does not support Bluetooth so Bluetooth keyboards will not work.
>
> Sorry for the long e-mail please feel free to contact me with any other
> questions you might have,
>
> -------------Baylor University-------------
> Derek Tonkin
> Information Security Analyst
> Information Technology Services - Security
> derek_tonkin () baylor edu        254-710-7061
> ---------------Sic 'em Bears---------------
>
>
> _____________________________________________
> *From:* The EDUCAUSE Security Constituent Group Listserv [
> mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On
> Behalf Of *jeff murphy
> *Sent:* Thursday, February 26, 2009 10:53 AM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] PGP WDE
>
>
> * PGP Signed by an unverified key: 02/26/09 at 10:52:52
>
> Related to the topic from earlier this week.
>
> I'd like to hear from anyone who has deployed PGP Whole Disk
> Encryption and/or NetShare along with Universal Server. We're looking
> at a few options, one of which is PGP, and I'm looking for real-world
> war stories regarding how your rollout and support went.  We're
> looking at WDE for several hundred users, so the trial we did of a few
> desktops doesn't really give us enough information to get a feel for
> what the product will be like once deployed en masse.
>
> thanks,
>
> jeff
>
> * Jeffrey Murphy <jcmurphy () buffalo edu>
> * Issuer: The USERTRUST Network - Unverified