Educause Security Discussion mailing list archives
Re: Full Disk Encryption
From: "Howell, Paul" <grue () UMICH EDU>
Date: Fri, 14 Dec 2007 08:33:52 -0500
I thought FileVault only encrypted the home directory and was not full-disk. So are you doing full-disk for Win but not Mac? < paul
-----Original Message----- From: Gary Dobbins [mailto:dobbins () ND EDU] Sent: Thursday, December 13, 2007 12:45 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Full Disk Encryption We selected Utimaco SafeGuard Easy for full-disk crypto under XP, and have a FileVault scheme defined for Macs. This is required for systems that will be handling highly sensitive data. We chose full-disk (vs folder) to avoid there ever being a question about whether a file was in the protected folder or not (or in swap space, temp space, etc). Plus, ease of use is paramount to us - this approach required no change of habit by the user. Don't forget, you'll need a key escrow process, in case you need to regain authorized access to the disk, with or without the assistance of the usual user. Products like Utimaco's can help make that part of the process easier with tools. Don't underestimate the power of this functional need to drive you to one product or another. They all handle the actual crypto just fine, but not all escrow mechanisms are comparable. From: Mclaughlin, Kevin (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU] Sent: Thursday, December 13, 2007 11:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Full Disk Encryption I know this topic has come up in the past and I don't want to repeat items so I do apologize in advance if this particular set of questions has already been ran through the wringer. I need to collect data points on: * how many schools are using a full disk encryption option for faculty and staff PCs that store regulated data (FERPA, HIPAA, GLB, PCI, etc.) * how many schools are using a full disk encryption option for faculty and staff external devices (thumb drives, USB, etc.) that store regulated data (FERPA, HIPAA, GLB, PCI, etc.) * have any of you successfully implemented an encrypted folder option that is being consistently followed by your community members? * Have any of you implemented an encrypted folder option that you would call a failure as people aren't using it in a consistent manner? * What was the main impetus for your decision to go with full disk encryption as a tool for your community to use? You can respond back via the list or private email and I think you in advance for sharing any data points you feel I would find useful. Happy Holidays. -Kevin Kevin L. McLaughlin CISM, CISSP, PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) UC-Logo-800 CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful.
Current thread:
- Full Disk Encryption Mclaughlin, Kevin (mclaugkl) (Dec 13)
- <Possible follow-ups>
- Re: Full Disk Encryption Gary Dobbins (Dec 13)
- Re: Full Disk Encryption Matthew Gracie (Dec 13)
- Re: Full Disk Encryption Sherry Callahan (Dec 13)
- Re: Full Disk Encryption Sealey, Adam L. (Dec 13)
- Re: Full Disk Encryption Howell, Paul (Dec 14)
- Re: Full Disk Encryption Gary Dobbins (Dec 14)
- Re: Full Disk Encryption Scott O. Bradner (Dec 14)
- Re: Full Disk Encryption Harold Winshel (Dec 14)
- Re: Full Disk Encryption Gary Dobbins (Dec 14)
- Re: Full Disk Encryption Scott O. Bradner (Dec 14)
- Re: Full Disk Encryption Spransy, Derek (Dec 14)
- Re: Full Disk Encryption Julian Y. Koh (Dec 14)
- Re: Full Disk Encryption Spransy, Derek (Dec 14)
- Re: Full Disk Encryption Todd Clementz (Dec 14)
- Re: Full Disk Encryption Justin Sherenco (Dec 14)
(Thread continues...)