[FDE] Question re risks of data loss with FDE

[Allen]

Hi Gang,

I've run into a FUD objection to FDE for health care laptops. 
Apparently some blogger has been having an intelligent but not 
well informed series of posts that say (as I've been told) that 
the risks of data loss due to losing encryption keys and/or weak 
passwords is so high that FDE is not a viable option to 
protecting private data.

While I will grant that this is possible, but I don't believe 
this type of thinking really applies in an enterprise as it 
assumes that there is no encryption key management solution in 
place and that there is no strong password standards in place, 
both of which are the case with the individual user that is not 
part of a managed network. Is my thinking wrong?

Are there any white papers or data anyone could point me to so I 
can combat the FUD? Can anyone point me to the blog on this? I 
can't seem to locate it and it's causing a major amount of grief 
for protecting medical data in one location. I believe it is 
because they really don't understand the structure that must be 
in place and how it works.

Thanks a bunch,

Allen Schaaf
Business Process Analyst
Information Security Analyst
Training & Instructional Designer
Sr. Writer & Documentation Developer
Certified Network Security Analyst and
Intrusion Forensics Investigator - CEH, CHFI
Certified EC-Council Instructor - CEI

Security is lot like democracy - everyone's for it but
few understand that you have to work at it constantly.