Automated Full Disk Encryption

Automated Full Disk EncryptionSysadmins live and die on the processes they put into place. Manual processes overwhelm IT admins with menial, repetitive tasks. Automated ones free admins to focus on more important initiatives and strategies. When it comes to enforcing full disk encryption (FDE) across an organization, the same rules apply: enforcing FDE manually is a pain, while automating it can result in major gains – saving time and improving security. Bonus points to be able to manage FDE from the cloud and off-load even more menial work.

FDE: The Manual Way

Full disk encryption manuallyManaging FDE the manual way is simply a waste of time.

Yes, you can go around to each individual system and make sure that FDE is enabled. You can add it as another check on your onboarding checklist. And, you can try to maintain a spreadsheet with every system’s recovery key. But without a way to automate enablement, verify enforcement and securely escrow recovery keys, you will unnecessarily complicate your life, and never know for certain that a user hasn’t disabled FDE.

Long story short, the manual way is less reliable, less efficient, and just less fun than using group-based policies to enforce and manage FileVault and Bitlocker on all systems with just a few simple clicks.

FDE: The Automated Way

automated full disk encryptionAchieving automation with most IT tasks can be difficult. With FDE, it’s actually easy.

The right solutions allow you to systematically enforce and manage FDE across all of your systems – whether Mac or Windows. Simply set a policy for all systems, an individual system, or a group of systems, and your users will be prompted to enable FDE. After a grace period set by the admin, the user will no longer have the option to defer FDE enablement:  either enable FDE or they can no longer login.

The best FDE management tools automatically generate an individual recovery key and securely escrow it. Most solutions work exclusively to enforce FDE on either Macs or Windows, not both. So if you have a heterogeneous environment then you should select an FDE management tool that supports all of your OSes. Again, if (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Nick Scheidies. Read the original post at: https://jumpcloud.com/blog/automated-full-disk-encryption/

Nick Scheidies

Nick Scheidies is a life-long of computer technology since he could first use a mouse and keyboard. In his role as Content Marketing Manager at JumpCloud, Nick has specialized in learning about identity security and cloud-based infrastructure for IT organizations.

nick has 24 posts and counting.See all posts by nick