It has been over a year since the introduction of the General Data Protection Regulation (GDPR), and the European Union (EU) continues to step-up its privacy controls and standards. As GDPR has progressed over the last year, many organizations are shifting their viewpoints on how to collect, store, and use personally identifiable information (PII). One method for protecting PII that is on the minds of many IT admins is full disk encryption (FDE). In this post, we’ll discuss how to enforce FDE to achieve GDPR compliance.
GDPR Compliance Requirements
When it comes to GDPR, the standard is a mix of specific actions and general guidelines that organizations must implement to protect personally identifiable information. When it comes to the storage of PII, data processors are required to store this with the utmost care. A breach of this data could be disastrous not only to the organization, but to the end users themselves. While GDPR isn’t completely prescriptive in its guidance, it is safe to assume that any and all data stored should be encrypted and stored securely.
For the most part, this refers to databases that house the critical data. But, smart IT organizations are also taking it one step further and ensuring that all of their end users’ hard drives are encrypted at rest through full disk encryption, using solutions such as BitLocker and FileVault. This is a wise move, as IT admins know that end users may have some components of PII on their systems that they are using to accomplish their jobs.
Enforcing FDE at Scale
Unfortunately, it has historically been challenging to implement FDE across an enterprise, especially when there is a mixed-platform environment. Many solutions that can be used to enforce Bitlocker for Windows® or FileVault for Macs® are generally limited to one of those two OS.
Another main consideration for IT organizations looking to enforce FDE is recovery key escrow. Recovery keys are the critical tokens that are used to unencrypt locked drives, which are unlocked when an employee leverages their credentials to access a system. These keys need to be (Read more...)