Re: Full Disk Encryption

[Gary Dobbins <dobbins () ND EDU>]

We selected Utimaco SafeGuard Easy for full-disk crypto under XP, and
have a FileVault scheme defined for Macs.  This is required for systems
that will be handling highly sensitive data.



We chose full-disk (vs folder) to avoid there ever being a question
about whether a file was in the protected folder or not (or in swap
space, temp space, etc).  Plus, ease of use is paramount to us - this
approach required no change of habit by the user.



Don't forget, you'll need a key escrow process, in case you need to
regain authorized access to the disk, with or without the assistance of
the usual user.  Products like Utimaco's can help make that part of the
process easier with tools.  Don't underestimate the power of this
functional need to drive you to one product or another.  They all handle
the actual crypto just fine, but not all escrow mechanisms are
comparable.







From: Mclaughlin, Kevin (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU]
Sent: Thursday, December 13, 2007 11:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Full Disk Encryption



I know this topic has come up in the past and I don't want to repeat
items so I do apologize in advance if this particular set of questions
has already been ran through the wringer.



I need to collect data points on:

.         how many schools are using  a full disk encryption option for
faculty and staff PCs that store regulated data (FERPA, HIPAA, GLB, PCI,
etc.)

.         how many schools are using a full disk encryption option for
faculty and staff external devices (thumb drives, USB, etc.) that store
regulated data (FERPA, HIPAA, GLB, PCI, etc.)

.         have any of you successfully implemented an encrypted folder
option that is being consistently followed by your community members?

.         Have any of you implemented an encrypted folder option that
you would call a failure as people aren't using it in a consistent
manner?

.         What was the main impetus for your decision to go with full
disk encryption as a tool for your community to use?



You can respond back via the list or private email and I think you in
advance for sharing any data points you feel I would find useful.



Happy Holidays.

-Kevin





Kevin L. McLaughlin

CISM, CISSP, PMP, ITIL Master Certified

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)





 UC-Logo-800




CONFIDENTIALITY NOTICE: This e-mail message and its content is
confidential, intended solely for the addressee, and may be legally
privileged. Access to this message and its content by any individual or
entity other than those identified in this message is unauthorized. If
you are not the intended recipient, any disclosure, copying or
distribution of this e-mail may be unlawful. Any action taken or omitted
due to the content of this message is prohibited and may be unlawful.