Centrally managed Drive encryption

[Nate7311]

Who's using what? I've got smaller 30+ user insurance broker that's never wanted to entertain the ides of this until a recent laptop theft. Now that we've got motivation, I want to reexamine options before I quote anything as it's been a while since my last FDE project.

Roughly 15 laptops to encrypt. Most are either SSD or SSHD, with a few old 7200RPM drives. All are Core i5 2nd gen or newer (Should support AES-NI).

 

[Benzino]

Bitlocker. If they have SA, Bitlocker Management and Monitoring 2.5, part of the Microsoft Desktop Optimization Pack. Requires a bit of infrastructure, but pretty powerful.

Otherwise, assuming you have Active Directory, Bitlocker. Its free.

 

[Romale23]

ya for something like this bitlocker is pretty much it

 

[klank]

Checkpoint

 

[MrGuvernment]

Bitlocker - any of the bypasses been fixed?

https://www.google.com/search?q=byp...:en-US:official&client=firefox-a&channel=fflb

 

[Nate7311]

They're not big enough for SA yet, and from my research, Bitlocker has more than a few holes... My last deployment a while ago was Guardian Edge, and that was a debacle. And with GE being acquired by Symantec, I'm done with that. Anyone have any experience with SecureDoc?

 

[RiDDLeRThC]

We are currently deploying Sophos for mac and pc drive encryption. Will update later with how it goes.

 

[gimp]

We currently use what was previously Credant, now Dell Data Protection Encryption.
We migrated to this off of GuardianEdge.
It does have FDE, and can also manage Bitlocker.
We just use the agent-based file encryption and not FDE.
It can also manage SEDs.

 

[k1pp3r]

We are currently deploying Sophos for mac and pc drive encryption. Will update later with how it goes.

I installed Sophos FDE on around 50 laptops.

Took 2 months and over 150 hours just to get it installed. Was a total nightmare.

 

[Benzino]

We demo'd Sophos Encryption, and it is great - until you get to Windows 8, then it just manages Bitlocker. Most vendors are moving to manage Bitlocker on Windows 8 instead of offering native encryption.

If you are still deploying Windows 7, then there are a lot of options. But once you move to Windows 8, Microsoft corners you into Bitlocker.

 

[Romale23]

if you setup your computers not to use fast boots or sleep at all bitlocker will be fine. From what i can tell all of its vulnerabilities are either inside the backup key storage in AD or related to the keys being stored in ram. All your trying to do is prevent lost laptops from being read and that should meet that requirement. It's not like your trying to prevent the fbi or nsa from getting in the computers.