[FDE] Enterprise Right Management vs. Traditional Encryption Tools
dan at geer.org
dan at geer.org
Tue May 8 18:05:53 MDT 2007
"Ali, Saqib" writes:
-+------------------
| security isn't what it is used to be. It is all getting very
| confusing. To protect information we now have to use:
| 1) ERM/DRM solutions;
| 2) Traditional encryption of data (FDE, EFS, encrypted vaults etc);
| 3) Content Control system where you control the flow of the
| information (e.g. Vontu, Pointsec Data Protector etc)
|
| What is the right mix? What is overkill? What is abuse?
|
| Senate Bill such as SB1386 require "reasonable measures to prevent
| un-intended data disclosures".
|
<commercial_disclaimer>
In my view, The Answer is a Reference Monitor in the
good old Orange Book sense. As it happens, that is
why we make at Verdasys, a RefMon implemented as a
data-surveillance rootkit. It is not perfect, but
it ends your need to buy a separate product for
every little threat, and it is deployed at many
tens of thousands of desktops.
And Gartner hates us so we must be doing something
right.
</commercial_disclaimer>
As to SB1386, the actual genesis of that is via
Deidre Mulligan (UC Berkeley) who suggested to
California Assemblyman Simitian that the model for
loss of containment control of data should be the
laws and regulations for loss of containment control
for toxic substances.
In the meantime, the shape of things to come is found
here, or so I think...
http://www.fsa.gov.uk/pubs/final/nbs.pdf
--dan
More information about the FDE
mailing list