Local Encryption Scenarios
-
I would ask why not virtualize this CPA software running PC and have staff rdp into it. That way nothing would be stored on it. And the data in the VM and hypervisor could be backed up and encrypted.
-
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
-
@DustinB3403 said in Local Encryption Scenarios:
I would ask why not virtualize this CPA software running PC and have staff rdp into it. That way nothing would be stored on it. And the data in the VM and hypervisor could be backed up and encrypted.
The way that nearly all CPA software works already. That's the official remote access method for QuickBooks already. And works for essentially everything. Maybe literally everything. Plus web remote for a few, like Xero and QB Online. And most offer other remote options as well.
-
And once the workload is virtual, you could still use something like Bitlocker (assuming windows) or VeraCrypt (assuming anything) to encrypt the VHD pre-boot.
At boot time, the admin or user enters the password to decrypt the disk and the system starts. They use the software like on their own system but over RDP.
-
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
-
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
-
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
-
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
Yeah, but not everyone wants to pay for it (Be it extra device, server, cloud service and so forth). I think that is the biggest issue when dealing with things like these.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
No, but a situation that makes you need to encrypt local drives does.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
Yeah, but not everyone wants to pay for it (Be it extra device, server, cloud service and so forth). I think that is the biggest issue when dealing with things like these.
Paying to do security properly is part of being a CPA. If encryption is an excuse to not do things securely, that's a huge reason to not recommend it. It's a crutch and makes people think that actual security isn't needed.
-
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
No, but a situation that makes you need to encrypt local drives does.
Mmm, is that how that works for any of your HIPAA or Financial Sector customers?
-
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
Yeah, but not everyone wants to pay for it (Be it extra device, server, cloud service and so forth). I think that is the biggest issue when dealing with things like these.
Paying to do security properly is part of being a CPA. If encryption is an excuse to not do things securely, that's a huge reason to not recommend it. It's a crutch and makes people think that actual security isn't needed.
Encryption is only physical security for sure.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
No, but a situation that makes you need to encrypt local drives does.
Mmm, is that how that works for any of your HIPAA or Financial Sector customers?
Correct. None of them have these kinds of issues because they do security well, rather than pretending to do security by using local encryption. There is a reason why the most secure environments don't need local encryption, CPAs certainly should not need it.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
Yeah, but not everyone wants to pay for it (Be it extra device, server, cloud service and so forth). I think that is the biggest issue when dealing with things like these.
Paying to do security properly is part of being a CPA. If encryption is an excuse to not do things securely, that's a huge reason to not recommend it. It's a crutch and makes people think that actual security isn't needed.
Encryption is only physical security for sure.
And only partial physical security. Stealing an unlocked laptop is probably more likely than stealing a locked one. If it is less likely, it is not a lot less likely.
-
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
No, but a situation that makes you need to encrypt local drives does.
Mmm, is that how that works for any of your HIPAA or Financial Sector customers?
Correct. None of them have these kinds of issues because they do security well, rather than pretending to do security by using local encryption. There is a reason why the most secure environments don't need local encryption, CPAs certainly should not need it.
Okay, I mean so you are saying BoFA for example does not need to require Local Encryption even though they do?
-
Desktops are more likely to be stolen when locked (or off.) Desktops are typically stolen from an office during off hours or when people are away. Laptops are typically stolen when out of the office and "out" somewhere, being used. Swiped from a table or whatever when someone looks away. If stolen from a bag or car, almost certainly locked. But if taken from a cafe or whatever, almost certainly unlocked.
Using local encryption has a massive risk of making people feel that they could ignore good security because "everything is encrypted, right"? Except it isn't, while in use.
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@BRRABill said in Local Encryption Scenarios:
They must use a local PC, because that is the only way their CPA software will run.
There is no such software, this is a false situation. This is a hypothetical that will never apply in the real world. So sure, we might get a contrived answer in this scenario, but it won't be useful.
How is this a false situation?
There is no such software. You can't actually make software that has to run on a laptop to work (you COULD make a license like that, but no one has.)
It's false, because this situation can't exist in the real world today. Anyone making it happen would be doing so purely for the purpose of making an example like this come true. It has no technical or market value.
I understand, as a software based yes it is not dictated by which computer it is installed unless is a software with a USB Dongle or something like that.
Even that, rarely would a dongle cause an issue either. You can still access the machine that has the dongle in it remotely.
Yeah, but not everyone wants to pay for it (Be it extra device, server, cloud service and so forth). I think that is the biggest issue when dealing with things like these.
That is kind of where I am going with this question.
Yes, you can use cloud VMs and cloud CPA software (in this example) but why not just encrypt the machine with VeraCrypt for free?
-
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
@dbeato said in Local Encryption Scenarios:
@scottalanmiller said in Local Encryption Scenarios:
In the contrived scenario, how will backups be handled? The intense "need" for encryption makes for a more complicated backup situation as the backups must be kept very secure, but also be very accessible.
Encrypted drives doesn't make a complicated backups, you just encrypt the backups as well. It is seamless for the operating system as it is already boot into it and then it is backed up.
No, but a situation that makes you need to encrypt local drives does.
Mmm, is that how that works for any of your HIPAA or Financial Sector customers?
Correct. None of them have these kinds of issues because they do security well, rather than pretending to do security by using local encryption. There is a reason why the most secure environments don't need local encryption, CPAs certainly should not need it.
Okay, I mean so you are saying BoFA for example does not need to require Local Encryption even though they do?
Obviously not, that would be silly. Banks don't do local encryption for normal workloads. They also don't allow customer data to go to end points for exposure.