ENCRYPTO SERVER PORTABLE
Like encrypt SD cards, lappy HDD, portable HDD, backup tapes etc where there are chances of things go missing. You can encrypt drives in case you lose the appliance or drives. The term "encryption" have been too mis-used by the non-tech world.ġ. How likely is it that someone could be inside your network and view your data? If you feel this is possible and that the impact would be serious, then you should build a business case for it. You need to determine the risk = (chance of it occurring) x (impact of an occurrence). The CIO is correct in that you have identified a vulnerability. The last case, where the snooper impersonates an authorized user could be protected against with some server-generated challenge that is tied to a separate device, like an RSA key. That would provide protection from a snooper without authorized credentials. The out-of-band access could see the files, but couldn't decrypt them. How do you protect your files from that out-of-band access? In that case, you'd need to have files encrypted on the server and a decryption mechanism that ran on the client based on the user's credentials.
ENCRYPTO SERVER FULL
Let's say that someone inside your network was able to access \\server\share with full admin privileges, but not an authorized account, and could see every single file. Or, if someone compromises access credentials or mechanisms. This could be the case if you have logged-in and unsupervised terminals, for example. You may decide that access control to clear data on an accessible file share is not sufficient security. And, as I said in my first point, if they can pretend to be you, you've lost the battle of access control anyway and all encryption is moot. It has no effect, as you point out, on a disk that is operating inside a server that has been properly unlocked. It prevents access to the contents of a disk if the disk is removed from the server. The question is, therefor, how effective is your access control in preventing unauthorized access to data?įull-disk encryption addresses the issue of access control outside of the production environment.
There is no such thing as "data security." There is only access control. When asked about security, I always start by explaining that if you can access your data, anyone posing as you can access your data.
0 kommentar(er)
