+ Post New Thread
Results 1 to 7 of 7
Enterprise Software Thread, Encryption and Auditing - How do you do it? in Technical; Hi, At the moment the school has no kind of encryption in place. Years ago they did have Sophos encryption ...
  1. #1
    jamin100's Avatar
    Join Date
    Feb 2008
    Thank Post
    Thanked 100 Times in 80 Posts
    Rep Power

    Encryption and Auditing - How do you do it?


    At the moment the school has no kind of encryption in place. Years ago they did have Sophos encryption but that is long gone. I am investigating different methods and have pretty much settled on BitLocker until today.

    We had our account manager from the local council out going through the pricrs for different services they offer and encryption came up. He was saying that as an encryption product BitLocker was fine but it offered no auditing capability for devices that had been lost/stolen. IE, we had no way of proving that Laptops or memory sticks were encrypted or what files on that device were actually encrypted.

    So, does your encryption service offer auditing to this level? If so what do you use?


  2. #2

    Join Date
    Aug 2011
    Ellesmere Port
    Thank Post
    Thanked 3 Times in 3 Posts
    Rep Power
    We use bitlocker-to-go on all staff memory sticks, and have it enforced in group policy and tied in to AD.

    That way we know that they have encrypted any data they put onto a memory stick, and we can also recover it easily if they forget the password (Although it's not great for auditing, you could prove that their computer had been used to encrypt X amount of devices, and what times they were encrypted).

    As far as proving that your devices were encrypted, I'd personally encrypt with Bitlocker before the device is issued out (either manually, or during deployment using MDT or similar), and have the policies in place for removable devices. As long as you prevent them from being able to turn off bitlocker, then you know that your clients are safe.

    I can't comment on how effective this will be in practice, as OS encryption seems a bit overkill for us currently, but we've had no problems with Bitlocker-to-go, so it's likely that we'd keep to bitlocker if we ever do go down that path.

    I imagine (and really hope) that this has been resolved by now as it was a long time ago, but when I used to work at a local authority they introduced McAfee's full drive encryption. I only had user privileges, but I could see the tray icon, and got a bit curious. I clicked onto it and found it was copying across and listing every username in plain text and a (presumably) encrypted password for everyone on the domain! Hardly seemed to be a secure thing for it to be doing!

  3. #3
    Trapper's Avatar
    Join Date
    Apr 2007
    Thank Post
    Thanked 155 Times in 124 Posts
    Rep Power
    We use SafeGuard, works fine and you can prove with the console that a laptop is encrypted.

    For memory sticks we use Rohos Mini Drive as it's free and has it's own file view/editing application. Did not use SafeGuard as our 50 teaching assistants received the memory sticks, but did not have laptops so they couldn't be encrypted with Sophos SG.

    One thing I will say for SafeGuard is please replace the HDD with an SSD. On older CPUs such as Gen 1 i3s with no CPU hardware encryption with a spinning rust disc is is dreadfully slow. Swapping for an SSD dramatically improves performance (better than unencrypted spinning rust).

  4. #4

    Join Date
    Nov 2011
    Thank Post
    Thanked 81 Times in 71 Posts
    Rep Power
    My instinct is that bitlocker is the "best" encryption solution for windows, but I haven't been able to try it as we have pro edition os and you need enterprise. However, we do use Sophos SG, managed through the Sophos enterprise console. One of the options I noticed in the console is that you can use it to manage Bitlocker deployments - key management and I think audit too.

  5. #5

    Join Date
    Mar 2011
    North Devon
    Thank Post
    Thanked 1 Time in 1 Post
    Rep Power
    You can get some form of auditing for Bitlocker via MBAM (Microsoft Bitlocker Administration & Monitoring).

    It can be used stand-alone, but here we've got it integrated into SCCM. You can generate compliance reports with some basic information straight out the box (computer name, domain name, device type, OS, compliance status, cipher strength, policy: OS drive, policy: data drives, policy: removable drives, device user, last contact, etc) but as it's built on SQL Server Reporting Services you can create your own reports fairly straightforwardly.

    It doesn't help too much if a device has been lost/stolen unless you've got a fairly recent report already. Unless you have implemented DirectAccess, in which case you could keep an eye out for when the device connects remotely and run the report then.

  6. #6

    sparkeh's Avatar
    Join Date
    May 2007
    Thank Post
    Thanked 1,859 Times in 1,252 Posts
    Blog Entries
    Rep Power
    We use the version of Sophos Safeguard that's built into the Enterprise Console. As said above it can be used to show what devices have been encrypted.
    We use memory sticks with built in encryption.

  7. #7
    Gibson335's Avatar
    Join Date
    May 2008
    Thank Post
    Thanked 142 Times in 113 Posts
    Rep Power
    Our security is policy driven - policy to say no saving personal data, accompanied by awareness training and audit trail of process...the ICO say this would be regarded favourably??

+ Post New Thread

Similar Threads

  1. Delete Files and Folders - How do you do it?
    By fiza in forum How do you do....it?
    Replies: 6
    Last Post: 17th March 2013, 12:09 PM
  2. Replies: 24
    Last Post: 1st June 2012, 07:46 PM
  3. [SIMS] How long do you keep Sims back up and how do you do it?
    By anne1 in forum MIS Systems
    Replies: 17
    Last Post: 28th January 2011, 11:18 AM
  4. Procurement Procedure and Audit Management - How do you do it?
    By RobFrain in forum How do you do....it?
    Replies: 7
    Last Post: 21st October 2010, 03:18 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts