[Gllug] [OT] Disk Encryption
Steve Harris
steve.harris at garlik.com
Wed Mar 3 16:44:40 UTC 2010
On 3 Mar 2010, at 16:39, Stephen Nelson-Smith wrote:
> Hi Steve,
>
>>> I have a number of Macbooks which contain commercially sensitive
>>> information, and which are sometimes taken off site.
>>>
>>> I've been asked to provide disk-based encryption to protect the data
>>> in the event of loss or theft.
>>>
>>> Have any of you done this before? I'm currently looking at:
>>
>> We handle a lot of /very/ sensitive data in my company and we use
>> FileVault. Users have to be disciplined not to keep data outside of
>> their homedir (but note that random bits of the FS are mapped there
>> anyway), but the UI encourages that anyway.
>>
>> It works very well, and works securely with TimeMachine, which is
>> critical.
>
> Thanks. This was my first thought too. I'm going to do some tests
> shortly with Knox and PGP too. My biggest concern is performance.
>
> Could you explain the issues around working with TimeMachine? Do some
> products not play nicely?
Yes, some products will backup the data on the user's machine
unencrypted, just through the loopback mount device, or will not be
able to do incremental backups.
What FileVault does is chunk up the crypted data into 10MB (IIRC)
chunks, and back up those than have changed. Since I looked other
systems might have started to do this too though.
- Steve
--
Steve Harris, Garlik Limited
2 Sheen Road, Richmond, TW9 1AE, UK
+44 20 8973 2465 http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10
9AD
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list