Thanks everyone for your responses!

I agree with the virtual partition instead of whole-disk. It is my
understanding that in the virtual partition, the files will remain
encrypted until you open them, thus also protecting them from the
network. Whole-disk will decrypt everything after you enter the password
on boot-up.

Sarah

At 10:35 PM 8/24/2006, you wrote:
>Hi Sarah,
>hi group,
>
>as a security auditor and consultant I normally suggest
>(1) to implement as many security as available, but no more security than
>really needed.
>The need should follow an individual risk classification to all IT assets
>/ data of a company.
>
>It doesn't make sense to encrypt a folder/partition with none critical
>data on it.
>But it really makes sense to encrypt folders/partitions of sensitive data
>(e.g. internal strategics/business plans, internal financial statements,
>company secrets, ...).
>
>Everytime you encrypt / decrypt a file, folder or partition you will have
>- file access to the harddisk,
>- processor load,
>- memory access
>- ...
>This influences the performance of each system. On some systems more
>significant than on others.
>
>So on company wide file servers, an encrypted partition should exist,
>there people have to store their classified files aligned to their given
>rights and according the company security policy / risk classification.
>On mobile devices people should have an encrypted directory or partition,
>which is access-protected by password or comparable methods and can be
>mounted (dismounted), when needed (not needed) and there they have to
>store their classified files according the company security policy / risk
>classification.
>
>This strategy follows the given suggestion (1).
>
>Ok. When influenced by real great paranoia, a company also can create a
>policy, that all HDD need to be encryted. But this is part of the same
>category, like prohibiting the connection of any hardware to any network. ;-)
>
>Cheers,
>Dietrich
>
> >Sarah wrote:
> >
> >What is the consensus of the group on the use of whole disk encryption
> in an enterprise
> environment? >------------------------------------------------------------
> ---------------
> >-----------------------------------------------------------------------
----

Sarah Felske
Server Administrator
Information Technology Service
Bowling Green State University

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---

[ reply ]