Ours are kept in a safe in the CIO's office and only let out when needed. They are very closely managed.
-----Original Message----- From: Jeffrey Wei [mailto:[EMAIL PROTECTED] Sent: Friday, August 25, 2006 9:50 AM To: focus-ms@securityfocus.com Subject: RE: Whole disk encryption To chime in on the encryption issue, how do people handle the added problem that if an ADMIN who is in charge of the encryption keys (backups and all) all of a sudden leaves the company? The important company data that the company was so diligently trying to protect is now 'protected' against the same company from accessing. There is the delicate balance here that a company may want to think about here. 1) Protect sensitive data at all costs? Even when it can become detriment to itself or 2) Temper protection with multiple redundancies, including staff which can be co$tly Jeff -----Original Message----- From: Erik Anderson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 24, 2006 11:07 AM To: focus-ms@securityfocus.com Subject: RE: Whole disk encryption > -----Original Message----- > From: Sarah [mailto:[EMAIL PROTECTED] > Sent: Thursday, August 24, 2006 11:48 AM > To: focus-ms@securityfocus.com > Subject: Whole disk encryption > > > > What is the consensus of the group on the use of whole disk encryption in > an enterprise environment? Why? You only need to protect the data not the whole OS. It causes too many problems. I don't recommend creating a headache for yourself when you only need to protect some data. I recommend creating an encrypted partition and mounting an encrypted file system on that partition. In addition there are plenty of 3rd party software packages out there that have encrypted filter drivers or will allow you to create an encrypted virtual disk. You use that disk just as any secondary disk. The encryption becomes transparent to you. Make sure to backup the keys somewhere or you will permanently loose everything if something happens to the key. Erik Anderson ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --- [This E-mail scanned for Spam and Viruses by http://www.innovationnetworks.ca] --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------