Re: Laptop whole disk encryption

["Shamblin, Quinn" <qrs () BU EDU>]

We fall back on the classic definition of "Win" vs. the techno age abbv.  ;)

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523


-----Original Message-----
From: Joel Rosenblatt [mailto:joel () columbia edu] 
Sent: Monday, March 19, 2012 2:14 PM
To: The EDUCAUSE Security Constituent Group Listserv
Cc: Shamblin, Quinn
Subject: Re: [SECURITY] Laptop whole disk encryption

Just curious .. how do you get your Mac users to install something called "WinMagic" :-)

Joel

--On Monday, March 19, 2012 5:45 PM +0000 "Shamblin, Quinn" <qrs () BU EDU> wrote:

> We went with WinMagic.  It supported mac as well as windows, provided 
> transparent encryption for usb sticks and allowed encryption to AD 
> groups so you could encrypt a network drive to a group if you wished.  
> They also offer loads of options of how you want the install package to work and the level of control you want to 
> grant the client.  The cost was a fifth of what any of the large players were offering at the time, although I am 
> given to understand that that the big boys may now be realizing there is competition and are lowering their price.
>
> So there are a lot of pros on the WinMagic side.  However, there are a 
> few cons as well (which, to be fair, may be due to our lack of 
> experience with the product).  We have not had a smooth deployment experience up to this point as we have a wildly 
> varying environment, so we have lots of edge cases we have been trying to work through.
>
> If the target computer is bound to AD, it is pretty straightforward.  
> If you want to install to an unbound machine, you have to have a 
> special account set up on the server to support that, then have to sync the new installation to the proper login 
> account after the encryption is complete.  If you have two AD forests, there can be competition/confusion on the part 
> of the client; so you need to set things up a little different in those cases.
>
> We are also still working out how we are going to distribute access and administrative rights to the management 
> consol.  Right now we have them entirely
> centralized.   I would like to be able to distribute them per OU, but we are still working out if that is possible 
> and, if so, how.
>
> Feel free to give me a call if you'd like to chat.
>
> Quinn R Shamblin
> ----------------------------------------------------------------------
> -------------------------- Executive Director of Information Security, 
> Boston University CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 
> 617-999-7523
>
> From: The EDUCAUSE Security Constituent Group Listserv 
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Paul Crittenden
> Sent: Monday, March 19, 2012 1:33 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Laptop whole disk encryption
>
> We currently use McAfee's Safeboot/Endpoint Encryption software to 
> encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you 
> know how that goes.
>
> Anyway, I have been tasked when helping to find a possible 
> replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, 
> what is your rational.
>
> Thanks,
>
> Paul Crittenden
> Computer System Manager
> Simpson College
> Indianola, IA
> direct: 515-961-1680
> www.simpson.edu



Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 
612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3