Educause Security Discussion mailing list archives

Re: What is up with Encryption?

From: Zach Jansen <zjanse20 () CALVIN EDU>
Date: Fri, 14 May 2010 13:06:01 -0400

After having had a ridiculous time implementing Sophos, we're rolling out bitlocker on Windows 7. Offhand it looks to 
be much more friendly for the user, and still offers the majority of the protective measures we require. Key storage 
and recovery in AD works, and the price is right. Randy Marchany did an excellent job outlining some of the risks that 
are not mitigated by FDE in the mobile data thread a few days back, so I won't repeat that here. As we are in the 
process of rolling out Bitlocker, I don't have any horror stories. On the Mac side of things, File Vault is available. 
Performance is an issue particularly at logout, as well as admin assistance. I'm not aware of any centralized key 
management, so you're accepting the risk that you may not be able to access data. 

I liked the Checkpoint solution when I reviewed it, however, if you have multi user laptops, it's management of those 
machines is cumbersome. As in, you'll be adding and removing users manually via the console. 

Zach



-- 
Zach Jansen
Information Security Officer
Calvin College
Phone: 616.526.6776
Fax: 616.526.8550

On 5/13/2010 at 2:46 PM, in message

<70CE0087A36C57449F2E6B46B7006163F7FD92 () mailfac3 hh nku edu>, Kimberly
Heimbrock <heimbrockk () NKU EDU> wrote:

We were mid-stream in encryption vendor reviews when PGP, Guardian Edge
and now Sophos have been bought/sold.  Unsure of the commercial market,
we are now considering simply using OS-based encryption - Bitlocker and
Mac encryption.  We are primarily concerned about key recovery with
'free' products, as well as ease of deployment, administration, and
support- particularly off-hours.  Has anyone successfully implemented
Bitlocker with AD key storage and recovery, and what success/horror
stories do you have.  

 

Any other suggestions on current products such as Checkpoint, or others?
Thanks in advance for the help.

 

Kim Heimbrock

Director, IT Policy and Compliance

Northern Kentucky University

(859) 572-5139 

heimbrockk () nku edu

Current thread:

What is up with Encryption? Kimberly Heimbrock (May 13)
- <Possible follow-ups>
- Re: What is up with Encryption? Dennis Meharchand (May 13)
- Re: What is up with Encryption? Jason Testart (May 13)
- Re: What is up with Encryption? Zach Jansen (May 14)