Re: PGP WDE

["Tonkin, Derek K." <Derek_Tonkin () BAYLOR EDU>]

We made our initial purchase of, I think, 300 licenses before I was even hired here in December of '06 so we've got 
some grandfathered pricing.  Of course we've bought additional licenses several times since then and each time the 
price has at least tried to go up.  I can't comment on specific numbers but if you e-mail me off list I can get you in 
touch with the folks that can.

-------------Baylor University-------------
Derek Tonkin
Information Security Analyst
Information Technology Services - Security
derek_tonkin () baylor edu        254-710-7061
---------------Sic 'em Bears---------------

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad 
Sanford
Sent: Friday, February 27, 2009 9:09 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PGP WDE

What kind of pricing were you able to negotiate with PGP?

Brad Sanford
Emory University
On Fri, Feb 27, 2009 at 9:41 AM, Tonkin, Derek K. <Derek_Tonkin () baylor edu<mailto:Derek_Tonkin () baylor edu>> wrote:
We've been rolling out PGP over the last two years and we are approaching 1000 users on campus.  In our rollout I (or 
our installs group in the case of new computers) have actually personally installed PGP on each of those machines.  
This has a variety of scheduling challenges associated with it but it has the advantage of getting 20-30 minutes of one 
on one face time with users which we as the security group would not otherwise be afforded.  During this time I have 
found out about a variety of unrelated issues users are dealing (or not dealing) with and we have found this time to be 
a worthwhile benefit.

Our primary issues have been:


 *   Expect to get a call at least every other day asking for a passphrase reset.  This problem will be exacerbated if 
you install on a lot of desktops where users do not shut down regularly.  Typically after MS patches roll out I get an 
increase in calls.  We could alleviate this with some of the new PGP tools for administrative bypass but we'd rather 
force the users to remember their passphrase.


 *   I've had one or two users complain that the passphrase requirement is to great and/or that having to remember 
another "password" is a major pain (we opted not to use Single Sign-On).


 *   The logging capabilities have been greatly improved in recent releases making it easier to tell which machines are 
encrypted and if machines have had drive fault issues during encryption.


 *   We have had a number of drive failures during disk encryption.  We found that having users defragment their hard 
drives prior to encryption reduces failures and/or spots them before installation begins.  PGP now does a better job of 
continuing to encrypt good blocks and skipping over bad blocks rather than hanging the encryption process as it had in 
the past.

One last thing, remember that the PGP bootloader, at least last time I tried, does not support Bluetooth so Bluetooth 
keyboards will not work.

Sorry for the long e-mail please feel free to contact me with any other questions you might have,

-------------Baylor University-------------
Derek Tonkin
Information Security Analyst
Information Technology Services - Security
derek_tonkin () baylor edu<mailto:derek_tonkin () baylor edu>        254-710-7061
---------------Sic 'em Bears---------------


_____________________________________________

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of jeff 
murphy
Sent: Thursday, February 26, 2009 10:53 AM

To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] PGP WDE


* PGP Signed by an unverified key: 02/26/09 at 10:52:52

Related to the topic from earlier this week.

I'd like to hear from anyone who has deployed PGP Whole Disk
Encryption and/or NetShare along with Universal Server. We're looking
at a few options, one of which is PGP, and I'm looking for real-world
war stories regarding how your rollout and support went.  We're
looking at WDE for several hundred users, so the trial we did of a few
desktops doesn't really give us enough information to get a feel for
what the product will be like once deployed en masse.

thanks,

jeff

* Jeffrey Murphy <jcmurphy () buffalo edu<mailto:jcmurphy () buffalo edu>>
* Issuer: The USERTRUST Network - Unverified