1.Does the FDE product manage the encryption of data on all of your devices from a Web-based console?
If you get a call at 3:00 a.m. from the CEO saying her laptop was stolen can you log in and quickly verify that the data was encrypted and the date and time it was encrypted? ...
If you get a call at 3:00 a.m. from the CEO saying her laptop was stolen can you log in and quickly verify that the data was encrypted and, the date and time it was encrypted? Can you immediately send a suspend command to the computer so no one can access the data? With CREDANT you can. With CREDANT you can also manage the policy for USB drives, handhelds, smartphone, CD-DVD recorders, iPods and other devices centrally.
2.Are the encryption keys stored on the user’s computer
or on the corporate server?
Where the keys are stored is important. If keys are stored on your user’s device and something goes wrong during encryption, which it often does with FDE, there are no keys to recover...
Where the keys are stored is important. If keys are stored on your user’s device and something goes wrong during encryption, which it often does with FDE, there are no keys to recover. Worse yet, many FDE solutions provide no key management and instead require anonymous shares be opened for key escrow – which leaves all keys open to attack by anyone with access to the share. With CREDANT you have true automated and transparent symmetric key management. All encryption keys are centrally generated and securely stored automatically on the server before anything is encrypted.
3.What happens when a security or OS patch is required?
With FDE, everything on the disk is encrypted. So how do you apply a patch to the operating system if it is encrypted? The solution for FDE creates another security breach. You create a "ghost" user...
With FDE, everything on the disk is encrypted. So how do you apply a patch to the operating system if it is encrypted? The solution for FDE creates another security breach. You create a "ghost" user or construct the key automatically to allow the machine to apply the patch prior to log in. CREDANT does not require open keys or “ghost” user accounts and does not require any changes to existing patch management procedures.
4.Do you have to connect to the network to get policy updates?
Most FDE products are either on or off and have no policies. What happens when a thief steals the laptop? Ask if there is a proxy server deployed in the DMZ that can communicate with the device when ANY internet...
Most FDE products are either on or off and have no policies. What happens when a thief steals the laptop? Ask if there is a proxy server deployed in the DMZ that can communicate with the device when ANY internet connection is made. With CREDANT, as soon as the thief logs on to the machine, a command is immediately sent to suspend all data access. But CREDANT does not have to wait for a network connection. Local policies on the computer can be set to automatically erase all data based on specific actions including the number of attempts allowed to log in.
5.Can you deploy a FDE product as part of your standard
image?
With FDE, this is impossible. You have to apply your standard image and then add an additional step to your provisioning process to encrypt the disk. Bottom line, with FDE you defeat the purpose of a single corporate image...
With FDE, this is impossible. You have to apply your standard image and then add an additional step to your provisioning process to encrypt the disk. Bottom line, with FDE you defeat the purpose of a single corporate image. CREDANT can be included as part of your standard image.
