Hi Sarah,
hi group,

as a security auditor and consultant I normally suggest
(1) to implement as many security as available, but no more security
than really needed.
The need should follow an individual risk classification to all IT
assets / data of a company.

It doesn't make sense to encrypt a folder/partition with none critical
data on it.
But it really makes sense to encrypt folders/partitions of sensitive
data (e.g. internal strategics/business plans, internal financial
statements, company secrets, ...).

Everytime you encrypt / decrypt a file, folder or partition you will have
- file access to the harddisk,
- processor load,
- memory access
- ...
This influences the performance of each system. On some systems more
significant than on others.

So on company wide file servers, an encrypted partition should exist,
there people have to store their classified files aligned to their given
rights and according the company security policy / risk classification.
On mobile devices people should have an encrypted directory or
partition, which is access-protected by password or comparable methods
and can be mounted (dismounted), when needed (not needed) and there they
have to store their classified files according the company security
policy / risk classification.

This strategy follows the given suggestion (1).

Ok. When influenced by real great paranoia, a company also can create a
policy, that all HDD need to be encryted. But this is part of the same
category, like prohibiting the connection of any hardware to any
network. ;-)

Cheers,
Dietrich

>Sarah wrote:
>
>What is the consensus of the group on the use of whole disk encryption
in an enterprise environment?
>-----------------------------------------------------------------------
----
>-----------------------------------------------------------------------
----

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]