Hello All, I have read that system encryption slows a computer down. However, I am more interested in when to use it. Consider the following scenarios: 1. You have a server in a secured server room on a rack (is there any need and advantage to having system encryption in this particular case) 2. you have a server sitting in an office that is accessible by everyone 2. You have a desktop 3. You have a laptop So my questions are: What situations/scenarios do you consider before implementing system encryption? I guess at the end of the day, I am trying to figure out the best practices. Regards, B.I.
On Mon, 10 Oct 2011, Bade Iriabho wrote:> Hello All, > > I have read that system encryption slows a computer down. However, I am more > interested in when to use it. Consider the following scenarios: > > 1. You have a server in a secured server room on a rack (is there any need > and advantage to having system encryption in this particular case) > 2. you have a server sitting in an office that is accessible by everyone > 2. You have a desktop > 3. You have a laptop > > So my questions are: What situations/scenarios do you consider > before implementing system encryption? I guess at the end of the > day, I am trying to figure out the best practices.The real question is your risk. The situation or scenario is at best a mitigation of the risk. That is, how valuable to is the data on any of those machines? How much of your time, money, and/or reputation be consumed if your data are stolen? What will the impact on you (and your customers) be if your data's confidentiality, integrity, or availability is threatened? Who are the threats: employees? random visitors to your office? thieves? business competitors? Answer those questions first. At that point, you're in a better position to assess the vulnerabilities of each platform. You might decide that a locked room in a locked building (e.g., a server room) is sufficient mitigation against your threats -- or not. I have a hard time imagining a situation where data on a business laptop should NOT be encrypted, but it may be that a good backup is all you need. -- Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
On Mon, Oct 10, 2011 at 9:43 PM, Bade Iriabho <ebade at mathbiol.org> wrote:> Hello All, > > I have read that system encryption slows a computer down. However, I am more > interested in when to use it. Consider the following scenarios: > > 1. You have a server in a secured server room on a rack (is there any need > and advantage to having system encryption in this particular case) > 2. you have a server sitting in an office that is accessible by everyone > 2. You have a desktop > 3. You have a laptop > > So my questions are: What situations/scenarios do you consider before > implementing system encryption? I guess at the end of the day, I am trying > to figure out the best practices. >I always encrypt the hdd of my laptops, I don't notice much overhead; on servers I encrypt partitions with very sensitive information.
Bade Iriabho wrote:> Hello All, > > I have read that system encryption slows a computer down. However, I am > more interested in when to use it. Consider the following scenarios:Some, but not that much (depending on how you're using the system).> > 1. You have a server in a secured server room on a rack (is there any need > and advantage to having system encryption in this particular case)Only if there's requirements from above... or if you're going to be pulling drives as backups, say, and taking them out of there.> 2. you have a server sitting in an office that is accessible by everyoneIt would be a good idea.> 2. You have a desktopDepends on who has access, and how much your data's worth.> 3. You have a laptop<snip> The US gov't, and federal contractors, require encryption on all laptops. Many companies are starting to go that way. Do *you* really want to read in the papers, or have your manager call you in (if it's a work laptop), and tell you what happened to all the information on your laptop? Or how someone broke into it, and used it to get to *their* network? mark