I've been asked to look into encrypting the data on users laptops to
minimize the damage done by a lost or stolen laptop. The first
thing that
comes to mind is Filevault which seems like it could be adequate.
Has anyone
used this in large deployments? Are there any other solutions for
automatic
data encryption on Macs?
I would use FileVault only if the requirements insisted on it. It
works and all that, but it puts all your files together -- everything
from your web cache and bookmarks to your highly secret documents --
into one encrypted stream. So you need to have your 'secret' stuff
open the whole time you're logged in. So you tend to be casual about
how secure you keep it.
The way I've done it for a few people around here it to make them an
encrypted sparse disk image where they keep all the secret stuff.
They can log in and use a web browser without needing to mount the
image. When they switch to working on the security stuff, they mount
the image, do all the stuff they need to, then unmount it again.
This has the added advantage that you can backup /all/ your secure
materials in one go -- just copy the disk image -- and the backup is
automatically secure.
Since FileVault is really just a way of putting your entire home
folder into a disk image, the crackability of the two methods is
identical, and Apple's standard meet or exceed the requirements of
the US, UK and EU.
Simon
--
Simon Slavin Fylde Building Room C11
Computing Development Officer 01524 65201 x 93569
Psychology Department
University of Lancaster
