Are we encrypting to much at rest
-
If you are looking to encrypt the entire system from the system side (LUKS, TC, VC, etc.) you are stuck with the need to have the password be external. If you want the system to decrypt storage automatically that makes this completely useless. Anyone stealing your server will get the whole thing, data, password and all. It only works if you are only concerned with stealing small portions of your systems.
What you can do, when you really are concerned with theft, is to keep the passwords externally and have either a human or a custom security system that will put in the password for you. If you are not willing to do that, it is really a pointless exercise.
-
How often are SMBs really experiencing server theft? Is this a real problem in the real world? If so, maybe addressing that would be more effective.
-
I would heavily consider using encryption such as Bitlocker for a business -- especially for business with Windows and Windows 8 or higher (I have zero experience with full disk encryption before then)...
I have not had any problems at all using the features. It is more aggravating if I have to reboot my computer for any reason... but since that is not a regular occurrence for me, it works nicely.
-
@scottalanmiller said:
So there are places where it works and risks that it can mitigate. But is drive theft a realistic threat? Even in the financial world this is rarely considered a viable threat. In the SMB, it seems bordering on the pathological.
I'm not sure I'd agree with that.. SMB are notorious for not physically securing their servers, so the potential is much greater.
-
@Dashrender said:
@scottalanmiller said:
So there are places where it works and risks that it can mitigate. But is drive theft a realistic threat? Even in the financial world this is rarely considered a viable threat. In the SMB, it seems bordering on the pathological.
I'm not sure I'd agree with that.. SMB are notorious for not physically securing their servers, so the potential is much greater.
Sure, but what SMB is going to be okay with "the server can't reboot anymore" but isn't willing to, you know, lock the door?
-
While there is certainly threat of physical theft in the SMB, has anyone experienced it? Does anyone know anyone who has? Do people really walk off with full servers regularly?
-
Always the thought that gets you.
It's probably similar to other disasters, no? How many times does an entire building burn down?
-
Probably more often than servers are stolen
-
I bet it is close.
-
I bet the primary case is buildings burning down and people making off with the server from the ashes
I've heard of people having fires, not heard of anyone having a stolen server in the real world. Even with SMBs rarely doing anything to protect against it.