Choosing to enforce full disk encryption (FDE) could be one of the smartest decisions an IT organization makes. Below, we’ll explain how to make full disk encryption part of your security policy and how to do it easily with a cloud-based FDE management solution.
Why FDE Should Be Mandatory
FDE is a mission-critical initiative because your data is the lifeblood of your organization. Your Mac® and Windows® devices likely contain sensitive information on their hard drives. In the event that a device with an unencrypted drive is lost or stolen, there’s no way to stop a thief from accessing the information stored on it. This is true regardless of whether the thief has the password for the system. Savvy hackers can bypass the need for credentials and access an unencrypted drive without breaking a sweat.
Here are the top five reasons to require FDE.
How to Enable Full Disk Encryption
Enabling FDE on an individual system is simple. Windows and macOS both offer native apps for FDE with BitLocker and FileVault 2, respectively. While, enabling FDE manually might be simple to do on your personal system, it’s a little more complicated when deployed across an organization. For starters, simply deploying it can be a pain. You can ask users to do it themselves, but there’s no way to tell if they actually did. And what happens when they’ve locked themselves out of their system? Do you have the recovery key? In order to make FDE part of your security policy, you should consider a system management provider that can enable FDE to your entire fleet in just a few clicks, mandate that it be enabled by users and securely escrow their recovery keys.
How to Make FDE Part of Your Security Policy
If you’re currently using Active Directory® (AD), there are group policy settings available that backup recovery keys to AD. If your not using AD, this will be a manual process, or you’ll need a 3rd party tool to manage process.
While there’s not a tool native to Macs to manage FDE, there are a variety (Read more...)