Re: Laptop whole disk encryption

["Shamblin, Quinn" <qrs () BU EDU>]

We went with WinMagic.  It supported mac as well as windows, provided transparent encryption for usb sticks and allowed 
encryption to AD groups so you could encrypt a network drive to a group if you wished.  They also offer loads of 
options of how you want the install package to work and the level of control you want to grant the client.  The cost 
was a fifth of what any of the large players were offering at the time, although I am given to understand that that the 
big boys may now be realizing there is competition and are lowering their price.

So there are a lot of pros on the WinMagic side.  However, there are a few cons as well (which, to be fair, may be due 
to our lack of experience with the product).  We have not had a smooth deployment experience up to this point as we 
have a wildly varying environment, so we have lots of edge cases we have been trying to work through.

If the target computer is bound to AD, it is pretty straightforward.  If you want to install to an unbound machine, you 
have to have a special account set up on the server to support that, then have to sync the new installation to the 
proper login account after the encryption is complete.  If you have two AD forests, there can be competition/confusion 
on the part of the client; so you need to set things up a little different in those cases.

We are also still working out how we are going to distribute access and administrative rights to the management consol. 
 Right now we have them entirely centralized.   I would like to be able to distribute them per OU, but we are still 
working out if that is possible and, if so, how.

Feel free to give me a call if you'd like to chat.

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Paul 
Crittenden
Sent: Monday, March 19, 2012 1:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Laptop whole disk encryption

We currently use McAfee's Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do 
not like McAfee, we did when it was not owned by McAfee but you know how that goes.

Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt 
your users laptops. Or for that matter, if you are not, what is your rational.

Thanks,

Paul Crittenden
Computer System Manager
Simpson College
Indianola, IA
direct: 515-961-1680
www.simpson.edu