...
- Is the data backed up encrypted or in the clear? (Dependent on backup solution)
- If encrypted in backup, what extra precautions must be taken to ensure recoverability of the data should a disk failure or forgotten password happen?
- Does the backup solution backup the data as a file (may make incremental system backups really large for FileVault)?
- What is the impact on incremental backups, particularly on multi-user systems?
- Does the solution protect against a stolen laptop or hard drive?
- What behaviors might a typical user do that would result in the data being on the disk unencrypted?
- What can be done to mitigate these risks?
- How do the operating system tools compare to 3rd party products like PGP for functionality, key escrow, recovery, etc.?
- What are other schools doing?
**Harvard appears to be going with PGP whole disk
**UPenn is at a similar state in evaluating possible solutions - How should central recovery work when passwords are lost?
- i.e. who should have the keys to unlock the castle
- What steps can be done with installers or other tools to ease the setup and ensure useful configurations?
- like requiring non-blank login passwords, passwords to return from sleep, etc.
What performance hit does encrypting the files have, if any?
- Could play large video file from encrypted spot - see how long it took to load and if they was any file read problems, then do the same thing on the same machine from a non-encrypted location.
Feel free to add additional questions in the comments section below and the pilot team will look into them.
...