How do you do....it? Thread, Encrypt the Server??? in Technical; A Governor at one of our schools is pushing for us to encrypt the server. We've installed a security cage ...
9th November 2011, 04:30 PM #1
Encrypt the Server???
A Governor at one of our schools is pushing for us to encrypt the server. We've installed a security cage to the server to fix it to the floor but they want to go a step further.
Has anyone actually done this? I imagine rebuilds or repairs to the server would be problematic post-encryption and also that there would be a performance overhead to take into account.
Anyone have any other suggestions why this is a bad idea?
Thanks in advance
9th November 2011, 05:11 PM #2
I await correction from another member, but I have never encountered a single school that encrypts their onsite servers. There would certainly be a performance hit, and disk maintenance on servers is hard enough due to RAID complexities without throwing encryption in as well. Most encryption systems will require a password to be entered at the server on reboot, with the exception of BitLocker.
If the governor is concerned about physical theft, the cage and normal building/server room security should be more than sufficient. If it isn't, you need to think about why the building security is so bad. Who do they think is going to go to that much trouble to steal the server? They are harder to fence than projectors, desktops, and laptops, most of which will be far easier to remove by the car-full before they even get near the server room.
I suspect the governor may think that encrypting the server will prevent against remote intrusion, which of course it won't.
To be blunt, a governor should not be able to make this sort of operational policy decision without (at the very least) strong evidence to back up the need for it.
9th November 2011, 05:29 PM #3
Personally, I'd be telling the governor where he can take his opinion (and it won't be very bright there either). It is not their role to push for things like this - that's why the school employs you.
9th November 2011, 05:49 PM #4
There will be a performance hit (probably reasonably small and easily absorbed) and additional complexity involved in server backup / restore and credentials management. Encryption could make you more vulnerable to any physical disc corruption, so the risk that you will need to fall back on a backup increases.
On the other hand, if the server IS stolen then you perhaps won't be explaining to the ICO why all your data fell into the hand of Daily Mail journalists. I don't think the suggestion is as whacky as others seem to think. If it was suggested at my place of work I'd be delighted that a governor was that interested in the IT infrastructure and I'd try and have a constructive conversation about the pros and cons and what real security benefits we might get for what trade off in operational complexity.
9th November 2011, 05:53 PM #5
Think that sums it up the best!
Originally Posted by Hightower
9th November 2011, 06:12 PM #6
I'm less of the opinion that it's a whacky idea in principle, but I think it's definitely the wrong solution for the problem (if a genuine problem even exists).
Originally Posted by pcstru
I'd also be delighted to have an interested Governor, but not a paranoid one, which on the face of it seems to be the case here.
9th November 2011, 06:20 PM #7
Someone on the inside? Perhaps poor disposal practices? Maybe just a very very determined and skilled thief? As good as physical security of such important assets tends to be, it's not impossible that they will end up in the wrong hands. And the problem here is that risk is probability AND consequences. We are custodians of some very very sensitive information. If some of that ended up in the wrong hands, the consequences for the data subjects could be very serious. Can you really be too paranoid?
Originally Posted by AngryTechnician
9th November 2011, 06:22 PM #8
Ok so anybody using "cloud services" for email etc... should be asking if Microsoft/Google encrypt their servers?
9th November 2011, 06:25 PM #9
Based on "the server" (singular) and "security cage", I would say the governor has valid security concerns regarding the safety of the data, but his proposed solution will have a hardware and training cost. Is this a "server sat in a classroom / random office" scenario?
Having the data stored in a secure manner (locked server room with audited and limited access) meets data protection obligations.
Having the data sat unencrypted in a classroom / office where anyone can walk in and touch the server doesn't. If I can poke it with a finger, I can get your data if it isn't encrypted.
Talk to the bloke and ask about his concerns.
9th November 2011, 06:28 PM #10
I'd guess that the level of physical security between a Google data center and a primary school server (which is what OP sounds like) probably differs.
Originally Posted by plexer
Decently configured encryption (with appropriate precautions and encrypted backups) might be cheaper in the primary school scenario.
9th November 2011, 06:29 PM #11
Anyone using cloud services should be doing due diligence to satisfy themselves that security and resilience is appropriate for the task. It's one of the problems with "cloud" - how do you actually tick those boxes and provide the evidence to back up that box ticking. I think a lot of people are buying into cloud services and they think that merely writing a cheque somehow guarantees that services providers are behaving responsibly or that simply writing the cheque absolves them of responsibility - "well, I was paying for the service, surely the data WAS safe??".
Originally Posted by plexer
9th November 2011, 06:51 PM #12
It sounds like you have pretty good physical security in place already - (better than many others in fact).
Using Bitlocker would require a TPM chip in your server (in an ideal situation at least) and this would prevent the need for a password on boot - all the same you would have a small (few percent) drop in disk performance.
Backup shouldn't be a problem as your backup system will be backing up the files/folder while the server is running and as such just sees the data a normal.
Once you run into any kind of issues with your server (say the OS won't boot and you need to use Windows PE to change something) encrypting it will case MASSIVE problems in getting anything fixed.
So as others have said I would speak to your Governor and find out what he is actually looking to achieve - the way I see it SMTs/ect are there to give you problems to solve/ideas to implement but are not there to decide how you do it.
One other thing to throw into the mix would be notebook PC encryption - they are a lot more portable than any server and as such present a much greater risk to data loss.
9th November 2011, 07:20 PM #13
If I was going to implement this, I'd go for a block-level encryption system that could provide standard-looking storage volumes for virtual machines running on the server. That way, once you'd booted the server and typed in the passcode or whatever to enable the encrypted volumes, you could start / restart virtual machines as much as you liked.
Originally Posted by InspireICT
9th November 2011, 07:35 PM #14
To be blunt, and speaking as a governor, a governor is supposed to be involved in strategic decisions regarding the school not operational ones.
Originally Posted by AngryTechnician
It is not the governor's role to recommend encryption of the server. The Governing Body, or a delegated committee, may investigate IT security, but it should not be a governor acting alone.
@InspireICT I've attached a part of the "Academies Financial Handbook" regarding the risk register every academy is required to have. The GB puts this together as a strategic document to work out the impact of risks to the academy. There's an explanation of how it works first
I suggest that you do a mini version detailing the various risks to your area... You need to think about threats to network and data security at your school and what their impact would be.
e.g. "Virus risk/corruption of data risk" might have a likelihood of 3 and an impact of 5 (say)... definitely a "Treat" situation.. with the Control Procedures giving info on your monitoring of anti-virus and backups
Other risks you could have are:
Failure of 1 or more servers,
theft of 1 or more servers,
Hacking of 1 school network,
Loss/theft of laptop/computer/flash drive
It doesn't need to be a massive document. Submit it to the Governing Body via the Clerk and offer to come and talk to the GB so that they ask questions. Hopefully it will manage this governor out of the way. (All communication with the GB should be through the Clerk. Your office staff will tell you who/how)
I would suggest you show it to your line manger/HT before you pass it to the clerk. It will at least show that the risks have been considered and are being managed.
4 Thanks to elsiegee40:
AngryTechnician (14th November 2011), GrumbleDook (14th November 2011), InspireICT (14th November 2011), pcstru (9th November 2011)
14th November 2011, 05:04 PM #15
First and foremost can I just point out that a number of members here are governors or have been governors. From speaking with governors in schools they range from those who have an interest in IT through to people designing infrastructure to run data centres which house MOD systems. Try not to jump to conclusions and definitely do not take the attitude that they should keep out of *your* server room. It is not yours ... it is the school's and governors do have a strong line around the strategy of schools.
However, there is a difference between a governor deciding something and a governor working on the strategy for something.
Encryption is not out of the realms for consideration, but the DPA principle 7 says all ...
If the risk assessment shows that you have taken all reasonable action (security cage, etc) and it is still felt that encryption is needed then you can also make sure you also assess the other things which introduce risk ... insecure buildings (the location of the machine is in an area which it could be snatched by a visitor, the room is on the ground floor with a window next to the street, etc) are sometimes a risk and the school can balance out the cost of an improved server (or servers) which means there would not be a performance hit against the cost of improve building security. An assessment by the school insurers will also help here. If the building is insecure then there are more problems than just the server not being encrypted ...
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Remember ... it is often not just a single problem when people talk about encryption or security ... and any solution should be part of a whole school strategy / policy.
By timbo343 in forum Windows
Last Post: 18th June 2013, 12:55 PM
By techyphil in forum Windows
Last Post: 27th March 2007, 07:53 PM
By goodhead in forum Windows
Last Post: 23rd February 2007, 01:49 PM
By ninjabeaver in forum Windows
Last Post: 3rd February 2006, 05:43 PM
By russdev in forum Windows
Last Post: 10th October 2005, 07:46 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)