...
If you are interested in participating in the evaluation, please contact jmhunt@mit.edu. A solicitation for participation will be sent to the various partners@mit lists by the end of July 2006, but anyone at MIT is welcome to volunteer.
Questions to Explore During the Pilot
- Is Is the data backed up encrypted or in the clear? (Dependent on backup solution)
- If encrypted in backup, what extra precautions must be taken to ensure recoverability of the data should a disk failure or forgotten password happen?
- Does the backup solution backup the data as a file (may make incremental system backups really large for FileVault)?
- What is the impact on incremental backups, particularly on multi-user systems?
- Does the solution protect against a stolen laptop or hard drive?
- What behaviors might a typical user do that would result in the data being on the disk unencrypted?
- What can be done to mitigate these risks?
- How do the operating system tools compare to 3rd party products like PGP for functionality, key escrow, recovery, etc.?
- What are other schools doing?
**Harvard appears to be going with PGP whole disk
**UPenn is at a similar state in evaluating possible solutions - How should central recovery work when passwords are lost?
- i.e. who should have the keys to unlock the castle
- What steps can be done with installers or other tools to ease the setup and ensure useful configurations?
- like requiring non-blank login passwords, passwords to return from sleep, etc.
Feel free to add additional questions in the comments section below and the pilot team will look into them.
...
The pilot is just beginning, so our results are not readyspare. See the Disk Encryption Test Results page for the latest results.