Network World
Saturday, November 22, 2008
DNSstuff.com
Get information about your IP
IP Information
50+ On-demand DNS and network tools

Hidden Microsoft

Microsoft Subnet
NetworkWorld.com > Community > Hidden Microsoft

Navigation

Yes, you should encrypt your drives…

By tkopczynski on Mon, 07/28/2008 - 8:12pm.

Yup, I can agree with that statement...  After all, I consider FDE as a default pillar in any good information loss protection framework.

Yet for some reason, it seems that most IT shops have now become entranced within the data loss protection (DLP) hype.  Thus, DLP has now become everyone's favorite silver bullet.  And, a lot of DLP companies are preying on this fallacy by pushing their products as end-all solutions to IT shops desperately seeking to fulfill, regulatory compliance needs, an executives whim, or even possibly used to correct holes found after their latest security incident.

Whatever the case, FDE should also be a default standard in all IT organizations.  If it's not, then you are behind.  Or even worse, if you fear FDE or don't understand why if should be part of your information protection strategy.  Then feel free to start a conversation.  Your fears or doubts should be addressed.

On another note, I was a little bothered that the author of the FDE post, only seemed to focus on software based solutions.  In my opinion, Software FDE's days are numbered.  If you are currently deploying it continue.  Heck, even use the open source solution TrueCrypt.  If you don't have FDE deployed or in the pipe then please take a gander at what is coming down within the Hardware FDE space.

Permalink
Tags:

Is this really what you

Useful answer?
0
By Anon (not verified) on Fri, 08/01/2008 - 8:20pm.

Is this really what you believe? You do not believe that all these wonderful technologies make more sense when they do work together? Pillars and foundations are all good but without a roof above the house is still incomplete and does not offer protection when it rains (paraphrased japanese proverb)

Good job otherwise.

Hi Ivan...

Useful answer?
0
By tkopczynski on Mon, 08/04/2008 - 10:15pm.

Or... I pretty sure this was Ivan. HA!

No... I believe that FDE is but one part of a larger group of solutions geared towards protecting data. In other words, you need to build a framework. You know that.

- T

Yes but..

Useful answer?
0
By tuomoks on Fri, 08/01/2008 - 11:23pm.

FDE (I hate acronyms!) is good but not before the companies start thinking key management. The two aspects are - the security and the recovery. Age old problem - you have to be able to turn the access off at any time (and place) and you have to be able to recover the access at any time. Both a must for business - and that's what counts - or?

FDE is (would be, could be?) a great idea but needs (still?) a strategy, plan, design, .. and, unfortunately, I see a lot of products but no (not much) talk how, where, when to use it?

Grass is not greener on the other side

Useful answer?
0
By Saniya (not verified) on Wed, 08/06/2008 - 2:32am.

FDE should be a requirement or at a minimum in today's information age. However protecting that data can be within various methods (e.g. folder level encryption (software based), software based disk encryption, hardware based encryption).

The argument is that hardware based solution is less administrative overhead to IT infrastructure. I tend to agree, however the grass is not greener on the other side. There are various problems with hardware based solutions - management consoles, footprint on pre-boot tends to be higher, don't forget my personal favorite driver support, etc. The waters are still un-tested with hardware based solution and time to resolve may be higher (may be).

Side comment: I agree that overall vision of strategy and incorporation of that strategy for data protection is greater than any tool or tools.

An artist can paint a good picture with any tool. However a great artist utilizes the tool to paint a masterpiece.

tyssuunn

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <i> <b> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <br /> <br> <p>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.

About Tyson Kopczynski

With more than nine years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Group Policy, Windows scripting, Windows Rights Management Services, PKI, and IT security practices. Tyson is the author of the new book Windows PowerShell Unleashed (read a sample chapter and learn about the drawing for a free copy here). Tyson has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2004 Unleashed and Microsoft Windows Server 2003 Unleashed (R2 Edition). He has also written detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson has worked with next generation Microsoft technologies since their inception and played a key role in expanding scripting and development practices. Tyson also holds the SANS Security Essentials Certification, Microsoft Certified Systems Engineer Security certification, CompTIA Security+ certification and SANS Certified Incident Handler certification.

RSS feed Subscrib to Tyson Kopczynski's Hidden Microsoft feed.

Blog archive.RSS feed Microsoft news RSS feed

The opinions expressed in this Weblog are those of the writer and may not represent the opinions of Network World.

Advertisement: