All Companies should take note of what IBM are doing as the time is fast approaching when JAIL and significant financial penalties will be the order of the day for data loss for senior directors of organisations.
What would be even better if IBM would go the full 9 yards and utilise a Biometric Access Control encrypted Storage device with Digital ID on board such as the MXI Security - MXP Stealth
Well done IBM
Latest security headlines from Network World:
Microsoft to release four critical patches
How carriers batten down the hatches for hurricanes
Survey: VARs concerned about cybersecurity, health care
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
IBM full disk encryption Folly
They can encrypt their hard drives but their peripherals are still wide open. They may disallow use of USB devices but have no way to encrypt them. Data will still be leaking out of their enterprise like water through a sieve.
Depends
Maybe they do that also, the technology has been there a long time. I know the companies I did work didn't use that but, as a consultant who has a lot of sensitive information, all my external and internal storage devices in any of my computers are protected by encryption by default and AES is kind of secure. Some, as my own, are under one pass phrase but each client information has different. The systems can't even mount any external storage device without it and a new requests one. So, maybe, they do more than you can see, it is easy. Pass phrases are actually easier to remember than passwords, they are much longer sentences which make sense but try to figure out what or how I think - good luck. Some phrases even have four letter words, heh! Just a warning, take care of backups!!
PGP universal server is your
PGP universal server is your answer for whole disk encryption. You set the policies you want to enforce. http://www.pgp.com
"Security Is Only as Strong as Its Weakest Link"
Wow have we come along way
Wow have we come along way in security! IBM with a bold move and strong focus on security solutions. PGP - A product with a historic past and a staple in encryption now evolved into Whole Disk Encryption and mature enterprise management, enough to be rolled out into an enterprise such as IBM.
IBM is stupid and wastes money like big corps do all the time
IBM spent all that money on a mass rollout of PGP Whole Disk Encryption, just when its discovered that PGP WDE has an undocumented encryption bypass that allows an encrypted drive to be accessed without the boot-up passphrase challenge dialog.
TrueCrypt, a free whole disk encryption program works better than PGP, and supports chaining of encryption algorithms.
Did I mention its FREE?
Stupid IBM. They could have worked with the creators of Truecrypt to meet their needs much cheaper than paying all that money for PGP which has a backboor.
"IBM is stupid"? You can't be serious.
You have to be kidding me.
With all due respect, either you have been exposed to limited or incorrect information or perhaps you did not take the time to research the subject matter thoroughly (I have).
Yes, PGP provides documented ways for enterprises to facilitate access to a machine that has been WDE'd by PGP, either by performing something known as boot bypass or by using an Org key or WDRT (if you do not know what these are you should learn about them). These are features designed for enterprise deployments and can (and should) be used as required to manage large scale deployments of WDE'd machines. Perhaps you haven't rolled out encryption to a few thousand desktops yet, but - trust me on this - features that allow enterprise administrators to access these encrypted machines without having access to the user's passphrase are not just 'nice to have' - they are compulsory.
When you consider very large enterprise, like IBM, PGP is the only company with the enterprise class features that can actually deploy and manage large numbers of encrypted machines in a cost-effective and scalable manner. These features are also completely documented - there are even white papers from PGP on how to use them! So for you to state there is some undocumented backdoor is absolutely incorrect.
While I also like free software, comparing PGP to TrueCrypt is laughable - when it comes to enterprise-class software you unfortunately get what you pay for. For a single user, sure, TrueCrypt is great. For 500,000 seats? Please, you can't be serious. Try rolling out and managing a TrueCrypt deployment to anything larger than a handful of users and tell me how much fun it was.
There is more to a large scale rollout of WDE than the algorithms used to encrypt the disk - in fact, that is a very small part of it (all the big boys use AES-256). Things like key management, software updates, package installation, user management, policy creation and management, administrative management and reporting are a few of the major considerations when rolling out large scale WDE implementations.
IBM performed an exhaustive evaluation of all the leading enterprise encryption vendors and ultimately selected PGP. This was not a decision made overnight, but after carefully considering all of the aspects of the rollout and the vendors that could actually do it.
If you take the time to learn about the PGP Ecosystem and all that offers, perhaps then you will understand why IBM selected PGP.