Re: Laptop encryption experiences

[Shahra Meshkaty <meshkaty () SANDIEGO EDU>]

We are very much interested in FDE project but have a lot of push back due to complexities and concerns of our 
technical team. We have Computrace on on all of our recent (as of 2 years) laptops.
The suggestion for manual process is great.  My question is which encryption product you reviewed and which passed the 
test of your comparison?   Can you share matrix used in your pilot process-- is your solution cross platform , what 
about data integrity, restored experience with encrypted data?


From: Sherry Callahan <scallahan () KUMC EDU<mailto:scallahan () KUMC EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Mon, 15 Nov 2010 09:07:34 -0800
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Laptop encryption experiences

We've been encrypting all of our laptops for four years and currently have approximately 2000 encrypted devices, 
including our medical students' tablets.  One of the things that we grappled with initially was the same litmus test 
that you mentioned.  Ultimately, we felt that we couldn't ensure that patient data or other sensitive information 
wouldn't end up on an unencrypted device, whether through user error or otherwise.   The trade-off for the up-front 
effort to encrypt pays off on the back end in peace of mind and knowing that any data on the drive is protected.

When we began the encryption process, communication was an extremely important component because of the general unease 
that both technical and non-technical folks had with the new software.  We also felt it was necessary to address the 
unease with a manual process at first:  user signs up for an encryption appointment, brings in their laptop, it is 
backed up first, and then encrypted.  At the same time, we also installed CompuTrace (theft-tracking software) and, due 
to a couple of hiccups caused by these two software packages trying to reside side by side in the BIOS, there were a 
handful of times very early on when we were happy that we have the backups of the drive.  But a handful is a small 
percentage of the total number of laptops that we touched and we haven't had these problems for several years.  We are 
now pretty much hands off, since we can push upgrades to the encryption software from a central server (we're using 
Safeboot, dba McAfee Endpoint Encryption) and our folks are no longer scared of the technology.

Sherry Callahan
Information Security Officer
University of Kansas Medical Center
(913) 588-0966


> > > Alan Bowen <abowenml () GMAIL COM<mailto:abowenml () GMAIL COM>> 11/15/2010 10:32 AM >>>
At TCNJ, we've been in the alpha/pilot phase of a laptop full disk encryption
project for a very long time.  We are grappling with the complexities and
resource requirements for encrypting our entire laptop inventory.  I'd like to
know what types of parameters schools use for a "litmus test" to determine if a
given laptop needs to be encrypted.  Also, data on the number of laptops that
have been encrypted over a time period, e.g. month or semester, would be very
useful.  Any extenuating circumstances or qualifiers outside of these questions
would be much appreciated as well.  Thanks.

-Alan
--
Alan Bowen
Manager of IT Security
The College of New Jersey