Are you using Symantec for AV. They have a product for drive encryption on servers.
http://www.symantec.com/business/support/index?page=content&id=TECH149613 I personally have not utilized this, but might be something to look into. Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected] [mailto:[email protected]] On Behalf Of Jimmy Tran Sent: Thursday, January 16, 2014 12:35 PM To: [email protected] Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk It's a new office build out so cameras are in discussion now. There will be 8 cameras but they are not hidden. With that said, do you have an suggestions on the encryption? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Thursday, January 16, 2014 9:20 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk I agree the physical security concerns definitely would push you in the direction of getting the drives encrypted. And I would also worry about cleaning staff, because they usually have the keys to the offices (thus physical access to perpetrate said scenario). Also is there any hidden camera's that records the office that is sent to an offsite for review or at least building security? (Another detective control you look into) Z Edward E. Ziots, CISSP, CISA, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [Description: Description: Lifespan] From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Tran Sent: Thursday, January 16, 2014 11:16 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk This is for an small Optometrist office that will just have a server rack in the back office, no secured datacenter involved. If someone kicks down the door, breaks open the rack enclosure, then break off the security cover server, they can then un-rack or remove the drives. I think the real concern here is theft is actually possible and if it does happen, we need to be certain the data cannot be retrieved. Jimmy From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Ziots, Edward Sent: Thursday, January 16, 2014 7:53 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: encrypting Server 2008 R2 virtual disk Here is my question on the encryption part, which HIPAA doesn't really give a lot of leeway on. 1) If you are in a Virtual environment which you are claiming, then how is someone going to steal the VMDK without having access to the LUN ( San or Local) on the datastore in which it resides? (pretty hard to walk into a datacenter with ESX box, and go steal the disk with the data on it) (Encryption by the specification is "addressable" and the real areas of risk is mobile devices (phones, tablets, Laptops) where the cost and justification of the control is higher. ( This is the risk management port of HIPAA 164.308(a) that a lot of people don't look into when looking at what needs to be done) I know this isn't a full answer to your question but wanted to get you context to what is being asked and where the real risk resides. Z From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jimmy Tran Sent: Thursday, January 16, 2014 9:48 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] encrypting Server 2008 R2 virtual disk I have a client who needs to comply to HIPPA requirements and encrypt their data. The windows server 2008 r2 is a guest on ESXi 5.5. I looked at bit locker and although vmware doesn't support it, it can still be done. The data is currently planned to reside on the local datastore. Encrypting the entire data store would be ideal but I'm not aware of any tools to do this. Does anyone have any recommendations? Thanks, Jimmy
<<inline: image001.jpg>>
