Most enterprise encryption software has key recovery that can be managed through your admin. -- Regards Michael
> From: coderman <[EMAIL PROTECTED]> > Reply-To: <[email protected]> > Date: Mon, 5 Mar 2007 13:22:41 -0800 > To: <[email protected]> > Subject: Re: [FDE] Question re risks of data loss with FDE > > On 3/5/07, Brad Lhotsky <[EMAIL PROTECTED]> wrote: >> ... >> Broad generalizations are the problem with Security these days. My >> scientists will likely lose their jobs if they lose their laptops. ... >> If the laptop is just an accessory, then sure, people will lose them >> because they don't value them. When the laptop is the scientists >> well-being, they tend to know where they are. > > point taken. how about "most people" lose (read: theft) laptops more > frequently than they lose keys. more than being an accessory, it's > simply more difficult to protect a laptop than it is keys in your > pocket. > > for the sake of example, a friend of mine had his laptop stolen right > out of his hands by a stranger who grabbed it and ran. he cared for > the laptop, but even keeping it with him (not left unattended in a > vehicle, etc) wasn't sufficient in that case. > > encouraging users to "care" for the data they are stewards over is an > interesting and varied problem. your example shows how effective this > can be without any additional security or controls in place. > "accountability scales better than enforcement". > > >> This is why the OMB Mandate for FDE annoys me. It's a large, corporate >> style office making assumptions about the operations of all it's highly >> specialized divisions. Sure FDE would be great, but we're dealing with >> a March 31st deadline to deploy an FDE solution that doesn't fit our >> operation. >> >> Aint bureaucracy great?! > > that would be frustrating, no doubt. but is it the mandated process > and tools which are causing the pain, or the concept itself? i'd be > interested to hear how you feel after a laptop does get stolen, and > the data is concealed by the new FDE in place. does one prevented > loss make it worthwhile? a dozen? > (do you really believe the perfect track record will continue indefinitely?) > > i certainly can't answer that, and agree that a dictatorial > bureaucracy forcing the decision regardless of context is a bad way to > approach the problem. > > but i still think there is merit to having one of the requisite > authentication factors tied to an existing model (physical keys) that > is familiar and less prone to theft or loss. > > best regards, > > [one last comment: i'm basing this observation on my experience and > the experiences of those i know. i can list a number of > friends/acquaintances who've had laptops and computers stolen. a > fewer number who've lost hard drives or tapes. two who've lost > wallets. and no one who's lost their keys. perhaps my experience is > abnormal in this regard. i'd love to hear other experiences that are > seemingly different from the norm, like yours above. perhaps they can > hint at other ways users can improve their privacy.] > _______________________________________________ > FDE mailing list > [email protected] > http://www.xml-dev.com/mailman/listinfo/fde _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
