[FDE] Question re risks of data loss with FDE

Michael Jardine michael.jardine at usa.secude.com
Mon Mar 5 15:16:55 MST 2007 

Most enterprise encryption software has key recovery that can be managed
through your admin.
--
Regards
Michael


> From: coderman <coderman at gmail.com>
> Reply-To: <fde at www.xml-dev.com>
> Date: Mon, 5 Mar 2007 13:22:41 -0800
> To: <fde at www.xml-dev.com>
> Subject: Re: [FDE] Question re risks of data loss with FDE
> 
> On 3/5/07, Brad Lhotsky <lhotskyb at mail.nih.gov> wrote:
>> ...
>> Broad generalizations are the problem with Security these days.  My
>> scientists will likely lose their jobs if they lose their laptops. ...
>> If the laptop is just an accessory, then sure, people will lose them
>> because they don't value them.  When the laptop is the scientists
>> well-being, they tend to know where they are.
> 
> point taken.  how about "most people" lose (read: theft) laptops more
> frequently than they lose keys.  more than being an accessory, it's
> simply more difficult to protect a laptop than it is keys in your
> pocket.
> 
> for the sake of example, a friend of mine had his laptop stolen right
> out of his hands by a stranger who grabbed it and ran.  he cared for
> the laptop, but even keeping it with him (not left unattended in a
> vehicle, etc) wasn't sufficient in that case.
> 
> encouraging users to "care" for the data they are stewards over is an
> interesting and varied problem.  your example shows how effective this
> can be without any additional security or controls in place.
> "accountability scales better than enforcement".
> 
> 
>> This is why the OMB Mandate for FDE annoys me.  It's a large, corporate
>> style office making assumptions about the operations of all it's highly
>> specialized divisions.  Sure FDE would be great, but we're dealing with
>> a March 31st deadline to deploy an FDE solution that doesn't fit our
>> operation.
>> 
>> Aint bureaucracy great?!
> 
> that would be frustrating, no doubt.  but is it the mandated process
> and tools which are causing the pain, or the concept itself?  i'd be
> interested to hear how you feel after a laptop does get stolen, and
> the data is concealed by the new FDE in place.  does one prevented
> loss make it worthwhile?  a dozen?
> (do you really believe the perfect track record will continue indefinitely?)
> 
> i certainly can't answer that, and agree that a dictatorial
> bureaucracy forcing the decision regardless of context is a bad way to
> approach the problem.
> 
> but i still think there is merit to having one of the requisite
> authentication factors tied to an existing model (physical keys) that
> is familiar and less prone to theft or loss.
> 
> best regards,
> 
> [one last comment: i'm basing this observation on my experience and
> the experiences of those i know.  i can list a number of
> friends/acquaintances who've had laptops and computers stolen.  a
> fewer number who've lost hard drives or tapes.  two who've lost
> wallets.  and no one who's lost their keys.  perhaps my experience is
> abnormal in this regard.  i'd love to hear other experiences that are
> seemingly different from the norm, like yours above.  perhaps they can
> hint at other ways users can improve their privacy.]
> _______________________________________________
> FDE mailing list
> FDE at www.xml-dev.com
> http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list