Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Laptop whole disk encryption

From: Joel Rosenblatt <joel () COLUMBIA EDU>
Date: Mon, 19 Mar 2012 14:14:28 -0400
Just curious .. how do you get your Mac users to install something called "WinMagic" :-)

Joel

--On Monday, March 19, 2012 5:45 PM +0000 "Shamblin, Quinn" <qrs () BU EDU> wrote:


We went with WinMagic.  It supported mac as well as windows, provided transparent encryption for usb sticks and allowed 
encryption to AD groups so you could
encrypt a network drive to a group if you wished.  They also offer loads of options of how you want the install package 
to work and the level of control you
want to grant the client.  The cost was a fifth of what any of the large players were offering at the time, although I 
am given to understand that that the
big boys may now be realizing there is competition and are lowering their price.

So there are a lot of pros on the WinMagic side.  However, there are a few cons as well (which, to be fair, may be due 
to our lack of experience with the
product).  We have not had a smooth deployment experience up to this point as we have a wildly varying environment, so 
we have lots of edge cases we have
been trying to work through.

If the target computer is bound to AD, it is pretty straightforward.  If you want to install to an unbound machine, you 
have to have a special account set up
on the server to support that, then have to sync the new installation to the proper login account after the encryption 
is complete.  If you have two AD
forests, there can be competition/confusion on the part of the client; so you need to set things up a little different 
in those cases.

We are also still working out how we are going to distribute access and administrative rights to the management consol. 
 Right now we have them entirely
centralized.   I would like to be able to distribute them per OU, but we are still working out if that is possible and, 
if so, how.

Feel free to give me a call if you'd like to chat.

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Paul 
Crittenden
Sent: Monday, March 19, 2012 1:33 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Laptop whole disk encryption

We currently use McAfee's Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do 
not like McAfee, we did when it was
not owned by McAfee but you know how that goes.

Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt 
your users laptops. Or for that
matter, if you are not, what is your rational.

Thanks,

Paul Crittenden
Computer System Manager
Simpson College
Indianola, IA
direct: 515-961-1680
www.simpson.edu





Joel Rosenblatt, Director Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel
Public PGP key
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Previous By Date Next
Previous By Thread Next

Current thread: