You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Draft 

1. Background

The High Impact Data Protection (HIDP) project team was convened in late July 2008 to determine a solution to mitigate
the threat to sensitive Institute data posed by lost or stolen portable devices (laptop computers and mobile
devices).  PGP's Whole Disk Encryption (WDE) product has been chosen as the best solution, and a deployment plan is currently under development, focusing on a targeted set of MIT users with access to sensitive data.

2. Findings

  1. LDAP Dependency
    There is concern over the assumption that LDAP authentication utilizing Kerberos passwords will be available for roll out as the current ldap.mit.edu infrastructure does not support this method of authentication.  The next generation directory system may support such authentications, but issues around access and proper use must be addressed before it can be enabled.  It is recommend that the HIDP project continue to use Active Directory for user authentication.
    Unknown macro: {bgcolor}

    I don't agree with this recommendation. We should just get the LDAP authentication to work, even if we have to deploy a hackish server as an interim step. The important point is that the end-users won't have to be burdened with the hackishness of it. The Active Directory integration, by contrast, is a hassle for the end-user. --Jeff

3. Recommendation from the TAP Consultation

"Approved with Concerns":
A majority of TAP approves the plan as long as it takes into account the concerns described in the Findings. 

  • No labels