OCIS is out on the two ends with ongoing projects: Find it; Encrypt it. Middle is harder. Restricted data, for us defined by WI Statue, but can be applied to any data you need to protect. Two types of encryption: full disk and file/folder.
Endpoints defined. Lost laptops—VA; estimated costs per record are around $200 for 10000 records $2million
Lost CDs – British government
Photo by &quot;Scott Beale / Laughing Squid” laughingsquid.com.
Good solutions integrate with the OS, eg added to right-click context menu; can select files by type, eg .doc
Data at rest. Can also be used for secure hdd disposal.
FDE can’t protect a laptop that’s on and logged in; FDE doesn’t stop unencrypted data from leaving the encrypted drive
Create charter and solicit a team Team Members Sponsors
Server based solutions like mywebspace, webDAV Novell and Microsoft filie server; Incidental not intended.
(e.g. encrypting the restricted data, but then emailing it unencrypted; strong encryption passwords)
Campus concerns and experiences Milwaukee … Survey Center … Educause list Burton group
Variety of machines supported Vista laggers; none—some promised; why important? Why should audience care?
Key management importance; lost keys mean lost data Just encrypted disk, but then just copy the entire thing to USB in clear text
invited vendors for demos/webex; gathered additional information; ranked products as demos completed see what floated to top
Get SMART; hands on test of both products; continued to gather information; decide on product to pilot—license affordable?
Some are Safeboot specific most would pertain to any product we selected. Think about any particular challenges you would have with implementation of this kind of product
UW Desktop Encryption Project UW’s approach to data encryption