Patrick, You are absolutely right that FDE doesn't make your data problems go away. But your proposed 95% solution of "not storing sensitive data in the first place" isn't a workable one for most organizations. Yes, they shouldn't store the whole CCN and CCV2. But how about customer names? Or email messages? Or Microsoft SQL Server databases of customers?
Also, in many organizations, it is simply not possible to keep track of which hard drives have been exposed to confidential information and which have not. There are two really big wins for FDE. One is when the drive becomes separated from the server in which it formerly resided. The second is for remote kill situations where you know the laptop or desktop is out there, and you just need to get it a message to erase its key. Yes, you can't overcome the p-touch password on the server. And I have bought servers on the secondary market and found its password written on them. But in every case that I've bought a server, the hard drive wasn't wiped, and the data wasn't encrypted, and I was able to recover stuff. FDE would make it much easier to do an instant wipe in those cases. _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
