Brad, From my experience, the "performance hit" statistic is one that can be used rather liberally to strengthen ones' own argument as well as to plant land mines for your competition. From what I have seen, performance degradation depends greatly on what processes you are asking your hard drive to perform. Our own software-based FDE rates very high in terms of performance (I could say we are "at the top", but suffice it to say we rate highly). However, you might want to also consider Hard Disk based FDE, or what I call self-encrypting drives. Already Seagate and Hitachi have these drives in the market. Because the encryption chip is on the drive itself, the question of "performance hit" becomes mute. I would suggest that in any performance comparison, you include self-encrypting hard drives in your tests. And yes, our software works with the Seagate drive. Even better, our next release will merge our software- and hardware-based encryption products, so that legacy systems can have a simple migration path. Here is some information that you might find helpful: http://www.secude.com/htm/386/en/News-Detail.htm?News=11229 http://www.full-disk-encryption.net/seagate_interview.html Regards, Michael ________________________ Michael Jardine SECUDE IT Security - Seattle -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brad Lhotsky Sent: Wednesday, July 04, 2007 2:20 AM To: [email protected] Subject: Re: [FDE] PointSec We attempted to rollout PointSec on laptops being used for statistical analysis and noticed a performance impact of 300-800% depending on the horsepower of the machine. With Dual-core laptops, that was 10times better, only 30-80% performance degradation. Still unacceptable to our scientists, but atleast it didn't turn an 8 Hour SAS job into a week long excursion! :) Something to consider if your user base is something like 80% Laptop, 80% SAS Users. Several other groups in NIH are seeing similar performance problems with PointSec and Computational, Scientific, Statistical, Image Analysis/Manipulation Programs. It took 45 minutes on a conference call to PointSec's Acct Rep and another Engineer, but they admitted that 30% degradation number, and stated that performance was an issue where they'd like to improve but are having difficulty squeezing more than 5-10% performance improvement between major version releases. Granted, I don't think any solution is gonna get you any better performance. Keep in mind, if you provide your users with an unacceptable solution to their problem they _WILL_ work around it. In this case, OMB-06-16 states "all _government owned_ portable computing devices" must be FDE. Want to guess which security risk you introduce into your organization when you implement FDE without consulting your users and fully understanding the impact of ill-thought government mandates on your users? Two Cents to the guy in the back who called out "they bring in their home computers!" Sure, they signed agreements they wouldn't do that, but their Lab Chief is expecting that paper done in 1 week, when their 1 day analysis turns into 8, there's only _1_ option available, and it's not "asking for an extension"! NOTE: I'm terribly biased against FDE as it's a solution in search of problem. At best, it's killing an ant by running it over with one of these: http://apollomaniacs.web.infoseek.co.jp/apollo/crawlere.htm [EMAIL PROTECTED] wrote: > I was wondering what everyone thought of PointSec? I'm currectly getting ready to test it. The test will be in a WIn2k3 SP2 R2 domain with the workstations being Xp SP2. Does anyone have any gotcha's that they would like to share, or problem areas that they found. > > Thanks in advanced > > Take Care and Have Fun --John > > > > ------------------------------------------------------------------------ > > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde -- Brad Lhotsky <[EMAIL PROTECTED]> Security Administrator / NIA Alt. ISSO Phone: 410.558.8006 "Those who would sacrifice liberty to gain security deserve neither and will lose both." - Ben Franklin _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
_______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
