I was not sure where to put this. I have a bunch of laptops at work (~ 200) which ought to have some sort of encryption mechanism for the local storage in case the laptop is lost/left somewhere. Most of the laptops are new but some are older models. Unfortunately for a number of reasons I cannot prevent users from keeping potentially sensitive data on these laptops so I would like to err on the side of caution and encrypt.
Experience doing anything like this?
I'm leaning toward TrueCrypt, assigning each user a relatively complex password, doing whole drive encryption, and simply stating that this is one of the headaches that comes with having a laptop. They boot, enter a PW, then the OS boots. No central management per-say. TrueCrypt has some sort of master PW that IT can keep to unlock the laptop if the user PW is lost.
Any reason not to proceed down this road? Is performance impact limited for modern multicore laptops?
Experience doing anything like this?
I'm leaning toward TrueCrypt, assigning each user a relatively complex password, doing whole drive encryption, and simply stating that this is one of the headaches that comes with having a laptop. They boot, enter a PW, then the OS boots. No central management per-say. TrueCrypt has some sort of master PW that IT can keep to unlock the laptop if the user PW is lost.
Any reason not to proceed down this road? Is performance impact limited for modern multicore laptops?