Educause Security Discussion mailing list archives
Re: Laptop whole disk encryption
From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Mon, 19 Mar 2012 14:14:28 -0400
Just curious .. how do you get your Mac users to install something called "WinMagic" :-) Joel --On Monday, March 19, 2012 5:45 PM +0000 "Shamblin, Quinn" <qrs () BU EDU> wrote:
We went with WinMagic. It supported mac as well as windows, provided transparent encryption for usb sticks and allowed encryption to AD groups so you could encrypt a network drive to a group if you wished. They also offer loads of options of how you want the install package to work and the level of control you want to grant the client. The cost was a fifth of what any of the large players were offering at the time, although I am given to understand that that the big boys may now be realizing there is competition and are lowering their price. So there are a lot of pros on the WinMagic side. However, there are a few cons as well (which, to be fair, may be due to our lack of experience with the product). We have not had a smooth deployment experience up to this point as we have a wildly varying environment, so we have lots of edge cases we have been trying to work through. If the target computer is bound to AD, it is pretty straightforward. If you want to install to an unbound machine, you have to have a special account set up on the server to support that, then have to sync the new installation to the proper login account after the encryption is complete. If you have two AD forests, there can be competition/confusion on the part of the client; so you need to set things up a little different in those cases. We are also still working out how we are going to distribute access and administrative rights to the management consol. Right now we have them entirely centralized. I would like to be able to distribute them per OU, but we are still working out if that is possible and, if so, how. Feel free to give me a call if you'd like to chat. Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Paul Crittenden Sent: Monday, March 19, 2012 1:33 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Laptop whole disk encryption We currently use McAfee's Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes. Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational. Thanks, Paul Crittenden Computer System Manager Simpson College Indianola, IA direct: 515-961-1680 www.simpson.edu
Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Current thread:
- Laptop whole disk encryption Paul Crittenden (Mar 19)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Roger A Safian (Mar 19)
- Re: Laptop whole disk encryption Shamblin, Quinn (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Cappalli, Tim G @ LSC-ITS (Mar 19)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)
- Re: Laptop whole disk encryption Shamblin, Quinn (Mar 19)
- Re: Laptop whole disk encryption Valdis Kletnieks (Mar 19)
- Re: Laptop whole disk encryption SCHALIP, MICHAEL (Mar 19)
- Re: Laptop whole disk encryption Chuck Thomas (Mar 19)
- Re: Laptop whole disk encryption Dan Han/HSC/VCU (Mar 19)
- Re: Laptop whole disk encryption Bret Ingerman (Mar 19)
- Re: Laptop whole disk encryption Louis APONTE (Mar 19)
- Re: Laptop whole disk encryption James Farr '05 (Mar 20)
- Re: Laptop whole disk encryption Bret Ingerman (Mar 19)
- Re: Laptop whole disk encryption Dennis Tracz (Mar 19)
- Re: Laptop whole disk encryption Sherry Callahan (Mar 19)
- Re: Laptop whole disk encryption David Grisham (Mar 19)
- Re: Laptop whole disk encryption Sherry Callahan (Mar 19)
- Re: Laptop whole disk encryption Joel Rosenblatt (Mar 19)