Re: Laptop encryption

[Dennis Tracz <dntracz () UCALGARY CA>]

Hi Gary,

Thanks for the input I will post my findings in about 2 weeks.. :-)

Gary Flynn wrote:
> Dennis Tracz wrote:
> > Hello all,
> >
> > I am new to this list so please forgive me if this topic has already
> > been covered.
> > I am interested in knowing, what is the common practice for Laptop
> > encryption, specifically:
> >
> > 1.  What is your current practice:
> >    a.  Do you use encryption on laptops (for laptops you administer)
> >    b.  Do you encrypt the entire hard drive or selected folders i.e.(
> > My Documents)
> >    c.  Do you use a commercial product or EFS
> >    e.  If encryption is used is it automatically configured (for
> > laptops you administer) or do users have a choice
>
> We recommend EFS and Bitlocker for Windows computers though we have no
> good way to administer it other than our staff manually performing all
> EFS activations and backing up keys manually when encryption is
> requested. This was intended as a stopgap solution until a management
> infrastructure could be put in place. Other than a couple colleges and
> the library, our campus computers are not joined to an Active Directory
> environment though we're in the initial stages of rolling one out. We'll
> add a Microsoft CA when it is deployed. Vista computers are joined to
> the nascent domain as they are rolled out to take advantage of the
> automatic Bitlocker key backup feature of AD.
>
> We use Microsoft's recommendations when choosing which directories
> to encrypt with EFS.
>
> Also as stopgap solutions, we're recommending File Vault for Macintosh
> computers and Truecrypt for linux computers but again we presently have
> no infrastructure to support or administer them.
>
>
> >   2.  What is your desired practice if you do not use encryption on
> > laptops
> >
> > a.  Is this something you are wanting, attempting or not wishing to do?
> > b.  Would you encrypt the entire hard drive or selected folders i.e.(
> > My Documents)
> > c.  Would you use a commercial product or EFS?
> > d.  Would you automatically encrypt (for laptops you administer) or
> > would you let your users have a choice?
>
> We're interested in the new encrypted hard drives from Seagate and
> others as a cross-platform, low overhead laptop solution and are
> investigating them actively. We're hoping we can retrofit the drives
> in older laptops but even if we can't, it would seem to provide an
> effective solution going forward.

--
Dennis N. Tracz CISSP-ISSMP, CISM
Information Security Officer
University of Calgary
(403) 220-4010

Attachment: dntracz.vcf
Description: