On 18/01/07, Christopher Fox <email@hidden> wrote:
Simon:
Encrypted disk images must be implemented and maintained by the user. Many
large corporations would prefer to implement an automated solution that can
be managed centrally and enforced.
Also, there can still be information outside of the disk image that is
proprietary and/or confidential. (Custom applications, machine settings that
could provide information about the configuration of an internal network or
details about workstation management methodologies, etc.)
On 1/18/07 5:31 AM, "Simon Slavin" <email@hidden> wrote:
>
> And could I restress the idea of using an encrypted disk image ?
> People seem to have ignored it when it's an almost idea solution for
> most of you.
>
> Simon
I only look after a small corporation but personally agree with Simon
in terms of using encrypted disk images. One of the benefits is
precisely the point he made about the user having to realise that the
data is sensitive and that it should not just be saved to Desktop.
This is particularly important because of the prevalence of USB flash
drives. If there's no need to do anything to secure data on their
laptop, then there's little chance they'll think twice about keeping a
bunch of files onto a completely unprotected (and more easily
lost/stolen) medium.
Our people are slowly figuring out how to do disk images with
encryption so that they can use CDs, USB drives, laptop or external HD
volumes sensibly.
I do ad hoc security audits to identify people who haven't "got it"
yet, because you'll easily find files where they shouldn't be. You do
of course have to bear in mind certain file locations like IMAP mail
folders where copies of files may lurk.
I guess that among other things you weigh up the convenience of
something like Filevault with instilling good practices in users.
