Monday, October 20, 2008

Laptop Encryption

In my recent blog about the new Massachusetts Data Protection regulations, I described Section 17.04 subsection (5) which requires "Encryption of all personal information stored on laptops or other portable devices;" by January 1, 2009.

At BIDMC, we've researched several solutions and have chosen McAfee Endpoint Encryption (formerly SafeBoot Encryption) to ensure we comply with these new regulations.

We've done a comprehensive analysis of the application, which I encourage you to download.

In summary, the impact of encryption on disk write and read is so small that users cannot perceive any change in performance.

How will we implement the product?
Today, we have asset control software which lists all laptops received through IS Inventory Control. These records make it easy to contact customers and schedule to have their laptop hard disk encrypted. During that visit, we will teach them on how to use the system with the encryption software on it. On average, we're experiencing a one time 2.5 hour encryption time. This varies depending upon the speed of the processor, amount of RAM and the size of the hard disk. The encryption can also be removed if necessary, but it will take approximately the same amount of time to decrypt the hard disk as it took to encrypt it. Decrypting must be done by IS.

What about support?
From a support perspective McAfee Endpoint utilizes an enterprise control console and if passwords are forgotten, encryption access can be reauthorized by contacting IS. We've found the support effort to be less than other products we've investigated lately such as Seagate Full Disk Encryption that we looked at recently.

What are the challenges?
Currently there is no McAfee Endpoint solution for Apple products. McAfee is currently working on a solution and they are hoping to have it released some time next year. Since McAfee Endpoint encrypts the entire hard disk and the encryption drivers must be loaded to decrypt the hard disk, Windows emulator solutions for Mac OSX such as Fusion or Parallels will not work.

Thus, based on our research, the McAfee encryption solution addresses our requirements for protecting 1000 laptops to ensure compliance with the new Massachusetts Law by January 2009. We'll complement this software solution with education to ensure users avoid storing protected health/identified information on mobile devices whenever possible.

14 comments:

Stu Parker said...

Has BI ever thought about open source solutions to some software that we run? Things such as Linux or even Open Office could be a Welcome Addition to the enterprise?

jk said...

What about using TruCrypt http://www.truecrypt.org an excellent open source solution for both Macs and Windows computers. It is also a free open source product that's been around for years.

Alan said...

Truecrypt is a good program but it isn't FIPS 140-2 certified which may be a problem on government contracts when there may be FISMA compliance requirement.

I'd be interested in knowing how you came to select Safeboot over some of the other competing FDE products from companies like PGP, Credant, GuardianEdge (also used in Symantec products through OEM agreement), WinMagic, CheckPoint (former PointSec), Utimaco (now part of of Sophos), etc. All these companies with the exception of PGP are on the GSA's SmartBuy DAR FIPS 140-2 approved software list although I think PGP is FIPS 140-2 certified. I think NIH uses PointSec.

sjf said...

"For Internal Distribution Only".... thanks for sharing, but do you want to remove this tag from the doc first?

It looks like BIDMC may need a DLP solution as well *smile*... give me a call when you are ready.

John Halamka said...

Truecrypt is indeed a good program. I have used it on a number of occasions. The main reason that TrueCrypt was not in consideration is the lack of an enterprise management solution. Operational considerations were second only to the quality and scope of the encryption. High on the requirements list, after the encryption, was the ability to provide support for a centralized secure and trusted method of decrypting the disk should the user forget their key. This was not available with the TrueCrypt solution at the time of the evaluation.

As for the consideration of the other products mentioned. We were focused on obtaining a product that provided safe Harbor status, and ease of operations. The ease of operations component has two sides - ease to the user and ease for the help desk. SafeBoot had a major leg up on all of the others since we are a McAfee shop. The near term plan to roll the management of SafeBoot into the Epo Orchestrator management console made the operational model difficult for others to match. That integration, once complete, provides the help desk with one common interface to support all of our layered endstation security components.

As a result we did an accelerated evaluation of Safeboot. It succeeded in meeting all of the stated goals for the solution we wanted.

Regarding the "Internal Use Only" tag in the evaluation document, I elected to share the document as is, with approval from my staff

Yves said...

What about Lojack For Laptops?

http://www.absolute.com/

Inventory management software said...

Let it be clear that it isn't magic, Inventory in finish goods form is harder to manage. But when the inventory is managed by vendors they can manage it in other forms for an example as raw materials and as semi finish goods.




inventory management software

平平 said...

^^Thanks!!

婚前徵信婚姻感情大陸抓姦外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回大陸抓姦離婚工商徵信婚前徵信外遇抓姦感情挽回尋人大陸抓姦離婚家暴工商徵信法律諮詢跟蹤工商徵信婚前徵信感情挽回外遇抓姦法律諮詢家暴尋人大陸抓姦離婚大陸抓姦外遇尋人家暴工商徵信法律諮詢家暴感情挽回大陸抓姦外遇婚前徵信離婚尋人工商徵信外遇抓姦法律諮詢家暴婚前徵信大陸抓姦尋人感情挽回外遇抓姦婚前徵信感情挽回尋人大陸抓姦工商徵信法律諮詢離婚家暴工商徵信外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回大陸抓姦離婚婚前徵信工商徵信外遇抓姦尋人離婚家暴大陸抓姦感情挽回法律諮詢離婚感情挽回婚前徵信外遇抓姦家暴尋人工商徵信外遇抓姦法律諮詢家暴婚前徵信尋人感情挽回">徵大陸抓姦離婚婚前徵信工商徵信外遇抓姦尋人離婚家暴大陸抓姦感情挽回法律諮詢

xuemei said...

Now do you worried about that in the game do not had enough shaiya gold to play the game, now you can not worried, my friend told me a website, in here you can buy a lot shaiya money and only spend a little money, do not hesitate, it was really, in here we had much cheap shaiya gold, we can sure that you will get the shaiya online gold, quick to come here to buy shaiya gold .


Now do you worried about that in the game do not had enough silkroad gold to play the game, now you can not worried, my friend told me a website, in here you can buy a lot sro gold and only spend a little money, do not hesitate, it was really, in here we had much silkroad online gold, we can sure that you will get the silk road gold, quick to come here to buy cheap silkroad gold.

租車公司 said...

花蓮,賞鯨,花蓮旅遊,租車,花蓮,花蓮旅遊網,花蓮,租車,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮租車,花莲租车,租车,租車,花莲,租車公司,行易花蓮租車旅遊網,花蓮,租車,花蓮,花蓮旅遊景點,花蓮,一日遊,一日遊,溯溪,賞鯨,泛舟,花莲租车,租车,花莲,花莲旅游,花莲租车,租车,花莲,花莲旅游,租车,花莲,花莲旅游,租车,花莲租车,花莲,花莲旅游,花蓮,花東,租車,花蓮,花蓮,旅遊,花東,租車,花蓮,花蓮,租車,花東,花蓮,旅遊,花東,租車,花蓮,旅遊租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊,租車,花蓮旅行社,花蓮旅遊景點,花蓮旅遊行程,花蓮旅遊地圖,花蓮一日遊,花蓮租車,花蓮租車旅遊網,花蓮租車,花蓮租車,花蓮租車,花東旅遊景點,租車,花蓮旅遊,花東旅遊行程,花東旅遊地圖,花蓮租車公司,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮旅遊,租車,花蓮租車,花蓮租車 ,花蓮 租車,花蓮,花蓮旅遊網,花蓮租車網,花蓮,租車,花東 旅遊,花蓮 租車,花蓮,旅遊,租車公司,花蓮,花蓮旅遊,花東旅遊,花蓮地圖,包車,花蓮,旅遊租車,花蓮 租車,租車,花蓮租車資訊網,花蓮旅遊,租車,花東,花東地圖,租車公司,租車網,花蓮租車旅遊,租車,花蓮,賞鯨,花蓮旅遊租車,花東旅遊,租車網,花蓮海洋公園,租車 ,花蓮 租車,花蓮,花蓮旅遊,花蓮租車公司,租車花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅行社,花東旅遊,花蓮包車,租車,花蓮旅遊,花蓮租車,花蓮一日遊,租車服務,花蓮租車公司,花蓮包車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮租車,租車網,花蓮租車公司,花蓮旅遊,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮租車公司,花蓮一日遊,租車,租車服務,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,租車公司,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮旅遊租車,花蓮租車網,花蓮租車,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮租車旅遊,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮包車,花蓮溯溪,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,租車公司,花蓮旅遊租車,花蓮租車,租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮賞鯨,花蓮旅遊,花蓮泛舟,花蓮賞鯨,花蓮溯溪,花蓮泛舟,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,花東旅遊,花蓮,花東,花蓮旅遊,花東旅遊,花蓮租車,花蓮,花東,花蓮旅遊,花蓮租車,花東旅遊,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花蓮租車,花蓮旅遊租車,花蓮旅遊,花蓮租車,花蓮,花東旅遊萬事通,花蓮旅遊,租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車,花蓮包車,花蓮旅遊,花蓮租車,花蓮太魯閣,花蓮包車,花東旅遊,花蓮旅遊行程,花蓮旅遊,花蓮 租車,花蓮租車,花蓮租車旅遊,花蓮旅遊租車,租車,花蓮旅遊推薦,花蓮旅遊包車,花蓮租車,花蓮,花蓮租車,花蓮地圖,花蓮旅遊,花蓮旅遊資訊網,花蓮旅遊景點,賞鯨,花蓮旅遊行程,花蓮旅遊,花蓮旅遊租車,花東旅遊景點,花東旅遊行程,花蓮旅遊,花蓮租車,租車,花東旅遊,花蓮旅遊,花蓮租車,花蓮,旅遊達人,旅遊達人blog,花蓮租車旅遊資訊網,花蓮,租車,花蓮,花東旅遊,地圖,租車,賞鯨泛舟溯溪,租車,[ 芝麻店家 ] 花蓮租車旅遊資訊網,花蓮租車-花蓮旅遊租車資訊網 ,旅遊網,旅遊景點,花蓮行程,花蓮,花東,旅遊租車,旅遊,花蓮,租車,花東旅遊,花蓮租車旅遊,行易旅遊民宿資訊網,民宿,推薦花蓮民宿,花蓮民宿推薦,花蓮民宿,花蓮民宿資訊網,花蓮民宿網,花蓮民宿資訊網,花蓮,旅遊,花蓮,一日遊,花蓮好玩的地方,花蓮,,一日遊,花東,租車,旅遊,花蓮旅遊,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊-花東旅遊萬事通

租車公司 said...

花蓮,賞鯨,花蓮旅遊,租車,花蓮,花蓮旅遊網,花蓮,租車,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮租車,花莲租车,租车,租車,花莲,租車公司,行易花蓮租車旅遊網,花蓮,租車,花蓮,花蓮旅遊景點,花蓮,一日遊,一日遊,溯溪,賞鯨,泛舟,花莲租车,租车,花莲,花莲旅游,花莲租车,租车,花莲,花莲旅游,租车,花莲,花莲旅游,租车,花莲租车,花莲,花莲旅游,花蓮,花東,租車,花蓮,花蓮,旅遊,花東,租車,花蓮,花蓮,租車,花東,花蓮,旅遊,花東,租車,花蓮,旅遊租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊,租車,花蓮旅行社,花蓮旅遊景點,花蓮旅遊行程,花蓮旅遊地圖,花蓮一日遊,花蓮租車,花蓮租車旅遊網,花蓮租車,花蓮租車,花蓮租車,花東旅遊景點,租車,花蓮旅遊,花東旅遊行程,花東旅遊地圖,花蓮租車公司,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮旅遊,租車,花蓮租車,花蓮租車 ,花蓮 租車,花蓮,花蓮旅遊網,花蓮租車網,花蓮,租車,花東 旅遊,花蓮 租車,花蓮,旅遊,租車公司,花蓮,花蓮旅遊,花東旅遊,花蓮地圖,包車,花蓮,旅遊租車,花蓮 租車,租車,花蓮租車資訊網,花蓮旅遊,租車,花東,花東地圖,租車公司,租車網,花蓮租車旅遊,租車,花蓮,賞鯨,花蓮旅遊租車,花東旅遊,租車網,花蓮海洋公園,租車 ,花蓮 租車,花蓮,花蓮旅遊,花蓮租車公司,租車花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅行社,花東旅遊,花蓮包車,租車,花蓮旅遊,花蓮租車,花蓮一日遊,租車服務,花蓮租車公司,花蓮包車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮租車,租車網,花蓮租車公司,花蓮旅遊,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮租車公司,花蓮一日遊,租車,租車服務,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮賞鯨,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮包車,花蓮租車網,租車公司,花蓮租車,花蓮租車公司,花蓮一日遊,花蓮旅遊,花蓮旅遊租車,花蓮租車網,花蓮租車,花蓮一日遊,租車花蓮,花蓮租車,花蓮旅遊租車,花蓮租車,花蓮租車旅遊,花蓮租車,花蓮旅遊,花蓮旅遊,花蓮包車,花蓮溯溪,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,租車公司,花蓮旅遊租車,花蓮租車,租車,花蓮旅遊,花蓮租車,花東旅遊,花蓮賞鯨,花蓮旅遊,花蓮泛舟,花蓮賞鯨,花蓮溯溪,花蓮泛舟,花蓮泛舟,花蓮溯溪,花蓮旅遊,花蓮旅遊,花蓮租車,花東旅遊,花蓮,花東,花蓮旅遊,花東旅遊,花蓮租車,花蓮,花東,花蓮旅遊,花蓮租車,花東旅遊,花蓮旅遊,花蓮租車,租車,花蓮旅遊,花蓮租車,花蓮旅遊租車,花蓮旅遊,花蓮租車,花蓮,花東旅遊萬事通,花蓮旅遊,租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮旅遊,花蓮租車,花蓮租車,花蓮包車,花蓮旅遊,花蓮租車,花蓮太魯閣,花蓮包車,花東旅遊,花蓮旅遊行程,花蓮旅遊,花蓮 租車,花蓮租車,花蓮租車旅遊,花蓮旅遊租車,租車,花蓮旅遊推薦,花蓮旅遊包車,花蓮租車,花蓮,花蓮租車,花蓮地圖,花蓮旅遊,花蓮旅遊資訊網,花蓮旅遊景點,賞鯨,花蓮旅遊行程,花蓮旅遊,花蓮旅遊租車,花東旅遊景點,花東旅遊行程,花蓮旅遊,花蓮租車,租車,花東旅遊,花蓮旅遊,花蓮租車,花蓮,旅遊達人,旅遊達人blog,花蓮租車旅遊資訊網,花蓮,租車,花蓮,花東旅遊,地圖,租車,賞鯨泛舟溯溪,租車,[ 芝麻店家 ] 花蓮租車旅遊資訊網,花蓮租車-花蓮旅遊租車資訊網 ,旅遊網,旅遊景點,花蓮行程,花蓮,花東,旅遊租車,旅遊,花蓮,租車,花東旅遊,花蓮租車旅遊,行易旅遊民宿資訊網,民宿,推薦花蓮民宿,花蓮民宿推薦,花蓮民宿,花蓮民宿資訊網,花蓮民宿網,花蓮民宿資訊網,花蓮,旅遊,花蓮,一日遊,花蓮好玩的地方,花蓮,,一日遊,花東,租車,旅遊,花蓮旅遊,花東旅遊,花蓮租車,花蓮租車,花蓮旅遊-花東旅遊萬事通

Affordable Luxurious Wedding Dress Blog said...

cheap wedding gowns,
discount bridal gowns,
China wedding dresses,
discount designer wedding dresses,
China wedding online store,
plus size wedding dresses,
cheap informal wedding dresses,
junior bridesmaid dresses,
cheap bridesmaid dresses,
maternity bridesmaid dresses,
discount flower girl gowns,
cheap prom dresses,
party dresses,
evening dresses,
mother of the bride dresses,
special occasion dresses,
cheap quinceanera dresses,
hot red wedding dresses

Football Matches said...

I'd be interested in knowing how you came to select Safeboot over some of the other competing FDE products from companies like PGP, Credant, GuardianEdge (also used in Symantec products through OEM agreement), WinMagic, CheckPoint (former PointSec), Utimaco (now part of of Sophos), etc.

Recep Deniz MD
DoktorTR.Net

Prescott E. Small said...

We are also consumers of McAfee EE (SafeBoot). We are finding it to be a slight learning curve in terms of our support personnel. However, we are finding it to be a great product with great reliability. We had originally gone with PointSec, which turned out to be such a miserable product that we not only abandoned the deployment after 2,000 systems we ended backing it out and re-deploying McAfee Endpoint Encryption. The reason Most other products are not viable is because they do not have an "enterprise" management interface. We found vendors often advertise an "Enterprise Solution" when what they really have is a solution for 20 to 100 computers in a single subnet in a single location.

Also McAfee's Solution is a suite of software that includes Endpoint Encryption, File & Folder Encryption, USB Device Control and Client Data Loss Prevention all managed by a real management console.