Re: Laptop Encryption Software

[Gary Flynn <flynngn () JMU EDU>]

Our sensitive data group just published a guideline requiring
encryption for sensitive data.

http://www.jmu.edu/computing/sensitivedata/bestpractices.shtml

We are looking for a stopgap encryption solution so we have a
mechanism that people can use to comply with the guideline.

We are recommending Windows EFS on Windows XP computers and
a combination of EFS and Bitlocker on Vista computers for
this purpose.

I was wondering why others were choosing commercial solutions
over the native EFS and Bitlocker as the strategic solution
for workstation encryption.

If you're using a commercial product, does it perform key
escrow to a centralized server? Is it a standalone product
or does it require existing infrastructure such as an
Active Directory domain and/or Microsoft CA?

If you've purchased a commercial product for this purpose,
would you be willing to send me the pricing you have
obtained offline and the volume of licenses you had to
purchase to get that price?

On a side note, what do you think of the ATA hard disk
security feature ( i.e. hard disk password )? Although
its not based on encryption, it looks to me to be a fairly
strong protection mechanism short of someone able to
read bare, disassembled disks.


thanks

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security