Full Disk Encryption (FDE) for Mac® (called FileVault) is becoming an industry standard IT security practice for IT organizations. With increasing data and laptop thefts, it only makes sense that features such as FDE are becoming commonplace. But, most good things come with a caveat. The challenge with FDE emanates from the fact that management of FDE Recovery Keys are one of the most difficult administrative issues surrounding the technology. Thankfully, a modern system management platform is simplifying the Mac encryption key recovery process.
What is Driving Encryption Needs?
Theft of laptops and compliance regulations are propelling the need to protect data. FDE is now integrated into both Mac and Windows® machines at the OS layer. With FDE software being so accessible, IT organizations can now mandate the use of it. As a result, with FDE properly implemented, desktops and laptops that leverage it are protected when hard drives are “at rest.” The problem is actually implementing and managing FDE. The benefits are clear, but enabling and managing them is a different story all together. Without the proper tools and systems, FDE can lead to a great deal of extra work, and in some cases, extreme problems stemming from the loss of data due to something as simple as a forgotten password.
Forgotten Passwords and Encryption Key Recovery
So how does FileVault 2, Mac’s encryption software, fit into this discussion? The way that FileVault 2 works is that when a drive is encrypted, it can only be unencrypted with the user’s password at startup or with a Recovery Key. From this, IT admins are encouraged to save Recovery Keys in case a user forgets their password, which is something that happens with more regularity than users would like to admit. The issue with having to store Recovery Keys is that having to store hundreds or even thousands of individual Recovery Keys can be an administrative nightmare as well as a security issue.
A Tool to Manage Recovery Keys in the Cloud
Luckily, a next generation cloud identity management solution called JumpCloud® Directory-as-a-Service® has (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/mac-encryption-key-recovery/