[FDE] PointSec

Bryan Glancey bryan at mobilearmor.com
Tue Jul 3 11:36:52 MDT 2007 

I believe these numbers are only borne out by some of the FDE providers.
Our customers list degradation routinely as 'less then 5%' . Don't blame
the technology for FDE limitations, blame the companies that practice
bad FDE. 

 Does the Yugo prove that BMWs suck? 

Regards;

Bryan

------------------------------------
Mobile Armor
Bryan E. Glancey
Co - Founder & Chief Technology Officer
bryan at mobilearmor.com
400 South Woods Mill Rd.
Suite 110
Chesterfield, MO 63017
tel: 877-276-6778
fax: 877-277-7369
mobile: 314-495-2048
http://www.mobilearmor.com/
------------------------------------


-----Original Message-----
From: fde-bounces at www.xml-dev.com [mailto:fde-bounces at www.xml-dev.com]
On Behalf Of Brad Lhotsky
Sent: Tuesday, July 03, 2007 12:20 PM
To: fde at www.xml-dev.com
Subject: Re: [FDE] PointSec

We attempted to rollout PointSec on laptops being used for statistical
analysis and noticed a performance impact of 300-800% depending on the
horsepower of the machine.  With Dual-core laptops, that was 10times
better, only 30-80% performance degradation.  Still unacceptable to our
scientists, but atleast it didn't turn an 8 Hour SAS job into a week
long excursion! :)

Something to consider if your user base is something like 80% Laptop,
80% SAS Users.

Several other groups in NIH are seeing similar performance problems with
PointSec and Computational, Scientific, Statistical, Image
Analysis/Manipulation Programs.  It took 45 minutes on a conference call
to PointSec's Acct Rep and another Engineer, but they admitted that 30%
degradation number, and stated that performance was an issue where
they'd like to improve but are having difficulty squeezing more than
5-10% performance improvement between major version releases.

Granted, I don't think any solution is gonna get you any better
performance.  Keep in mind, if you provide your users with an
unacceptable solution to their problem they _WILL_ work around it.  In
this case, OMB-06-16 states "all _government owned_ portable computing
devices" must be FDE.

Want to guess which security risk you introduce into your organization
when you implement FDE without consulting your users and fully
understanding the impact of ill-thought government mandates on your
users?

Two Cents to the guy in the back who called out "they bring in their
home computers!"  Sure, they signed agreements they wouldn't do that,
but their Lab Chief is expecting that paper done in 1 week, when their 1
day analysis turns into 8, there's only _1_ option available, and it's
not "asking for an extension"!

NOTE: I'm terribly biased against FDE as it's a solution in search of
problem.  At best, it's killing an ant by running it over with one of
these: http://apollomaniacs.web.infoseek.co.jp/apollo/crawlere.htm

jfvanmeter at comcast.net wrote:
> I was wondering what everyone thought of PointSec? I'm currectly
getting ready to test it. The test will be in a WIn2k3 SP2 R2 domain
with the workstations being Xp SP2. Does anyone have any gotcha's that
they would like to share, or problem areas that they found.
> 
> Thanks in advanced
> 
> Take Care and Have Fun --John
> 
> 
> 
>
------------------------------------------------------------------------
> 
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde

-- 
Brad Lhotsky <lhotskyb at mail.nih.gov>
Security Administrator / NIA Alt. ISSO
Phone: 410.558.8006
"Those who would sacrifice liberty to gain security
 deserve neither and will lose both." - Ben Franklin
_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list