ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Local Encryption ... Why Not?

    Scheduled Pinned Locked Moved IT Discussion
    357 Posts 15 Posters 190.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @BRRABill
      last edited by

      @BRRABill said:

      BTW: I get what you mean about a place like a bank. If you are running updates in the middle of the night, and it needs to reboot, someone needs to be there to get it back up.

      But for a doctor office, no one is working at 3 in the morning. I understand your feeling that the doctor him or herself won't ant to do it. But if it is important to them, don't they have to be given the option?

      Of course for a bank you'd want it in a secured data center if possible.

      I'm talking more the fringe cases. Smaller doctor offices. Accountant with tax returns. That kind of stuff.

      It's less about updates, you can schedule that. It's blips that cause reboots. You can run into problems if you have regular, unexpected updates because they are inconvenient. You can run into if you want to do scheduled weekly backups as we often recommend. And you can easily run into it if you go two years without a reboot and when it happens no one knows what is wrong with the system and it is just "dead".

      BRRABillB 2 Replies Last reply Reply Quote 0
      • BRRABillB
        BRRABill @scottalanmiller
        last edited by

        @scottalanmiller said:

        It's less about updates, you can schedule that. It's blips that cause reboots. You can run into problems if you have regular, unexpected updates because they are inconvenient. You can run into if you want to do scheduled weekly backups as we often recommend. And you can easily run into it if you go two years without a reboot and when it happens no one knows what is wrong with the system and it is just "dead".

        But how often do servers just randomly reboot? Or do random updates?

        So if the server doesn't ever reboot, what's the issue?

        1 Reply Last reply Reply Quote 0
        • BRRABillB
          BRRABill @scottalanmiller
          last edited by

          @scottalanmiller said:

          and when it happens no one knows what is wrong with the system and it is just "dead".

          Then they call their friendly MSP/Consultant and say "hey it's asking for some Bitlocker password" and you give it to them and all is good in the world.

          Why wouldn't this work?

          scottalanmillerS 1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @BRRABill
            last edited by

            @BRRABill said:

            @scottalanmiller said:

            and when it happens no one knows what is wrong with the system and it is just "dead".

            Then they call their friendly MSP/Consultant and say "hey it's asking for some Bitlocker password" and you give it to them and all is good in the world.

            Why wouldn't this work?

            It assumes...

            • Good MSP records.
            • That they still have the same MSP or can find the right one.
            • They know enough to call the MSP.
            • They consider this something for the MSP to fix and aren't mad at the MSP for breaking the system.
            • The people who worked with the MSP are still around.
            • The MSP is available immediately at the time needed and doesn't need time before responding.

            Lots to go wrong there. Look at @Dashrender's description of a doctor's office. They can't even figure out what app to use to open a document. how could they possibly deal with knowing what vendor to call when. They'd far more likely call the NAS vendor and yell at them for not supporting their product.

            BRRABillB 2 Replies Last reply Reply Quote 0
            • BRRABillB
              BRRABill @scottalanmiller
              last edited by

              @scottalanmiller said:

              how could they possibly deal with knowing what vendor to call when.

              There is only 1 vendor to call. The people who helped them with all their computer stuff.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill @scottalanmiller
                last edited by

                @scottalanmiller said:

                • The MSP is available immediately at the time needed and doesn't need time before responding.

                That's the only issue I see there.

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • BRRABillB
                  BRRABill
                  last edited by BRRABill

                  But again ... what are the odds a server is just going to reboot in the middle of the day. It doesn't happen on any of my servers. Is this something you see a lot?

                  J scottalanmillerS 2 Replies Last reply Reply Quote 0
                  • J
                    Jason Banned @BRRABill
                    last edited by Jason

                    @BRRABill said:

                    But again ... what are the odds a server is just going to reboot in the middle of the day. It doesn't happen on any of my servers. Is this something you see a lot?

                    This would suck in a data center environment. Remote reboots .. Having to hop into the Out of band management to get it booted up. No Thanks.

                    This is why physical security is important. Have audit trails for server room access.

                    Also not even sure how you do this with a large scale SAN setup like ours. It's just not practical.

                    BRRABillB scottalanmillerS 4 Replies Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @Jason
                      last edited by

                      @Jason

                      I was reading that and saw it edited before my eyes! LOL.

                      1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @Jason
                        last edited by

                        @Jason said:

                        This would suck in a data center environment. Remote reboots .. Having to hop into the Out of band management to get it booted up. No Thanks.

                        This is why physical security is important. Have audit trails for server room access.

                        I've admitted that data center scenarios encryption is not such a big deal as the risk of theft is much less.

                        I'm talking more about the company that has a server locked in a server room, behind locked lobby doors, behind lock building doors. But you never know, right?

                        Low incidence of theft, true.

                        But I'm argiung if the pain of encryption is low enough, it;s worth it as an added security feature.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • BRRABillB
                          BRRABill @Jason
                          last edited by

                          @Jason said:

                          This would suck in a data center environment. Remote reboots .. Having to hop into the Out of band management to get it booted up. No Thanks.

                          Definitely agreed.

                          WOuld have to be an environment where humans are able to get in front of the device easily.

                          1 Reply Last reply Reply Quote 0
                          • J
                            Jason Banned
                            last edited by

                            I think SMBs tend to focus on the wrong thing when they have lots of other low hanging fruit. More complexity doesn't nessecerily mean more security. Also how big of a target are you anyway? A doctor doesn't go giving you medicine for something you have low risk for.

                            Most companies would freak out if they saw our logs and how many hacking attempts we get in just a few minutes.

                            BRRABillB 1 Reply Last reply Reply Quote 1
                            • BRRABillB
                              BRRABill @Jason
                              last edited by

                              @Jason said:

                              More complexity doesn't nessecerily mean more security.

                              My argument here is that is doesn't really add that much more complexity for the potential added security it brings.

                              DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @BRRABill
                                last edited by

                                @BRRABill said:

                                @Jason said:

                                More complexity doesn't nessecerily mean more security.

                                My argument here is that is doesn't really add that much more complexity for the potential added security it brings.

                                it boils down to risk - do you have a higher risk of theft or higher risk of data corruption, inability to boot?

                                BRRABillB 1 Reply Last reply Reply Quote 1
                                • BRRABillB
                                  BRRABill @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  it boils down to risk - do you have a higher risk of theft or higher risk of data corruption, inability to boot?

                                  Have you seen a lot of data corruption or inability to boot with hardware FDE or Bitlocker?

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    nope, but then again I have never used them.

                                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                                    • scottalanmillerS
                                      scottalanmiller @BRRABill
                                      last edited by

                                      @BRRABill said:

                                      @scottalanmiller said:

                                      how could they possibly deal with knowing what vendor to call when.

                                      There is only 1 vendor to call. The people who helped them with all their computer stuff.

                                      I assume you are being sarcastic. Almost no company has only one company that does everything for them. Even those that have only one often can't figure out who they are. Companies, especially little ones like doctors' offices tend to turn over providers very quickly either because they are trying to be cheap and looking for a deal or are getting fired as clients regularly and would have to figure out which one to call from the history books. The people working often can't figure out the different between their MSP and the vendor name on the hardware.

                                      The ability to contact the right people is far more advanced than the ability to open a file. Knowing who to call is a serious issue for a lot of customers.

                                      1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @BRRABill
                                        last edited by

                                        @BRRABill said:

                                        @scottalanmiller said:

                                        • The MSP is available immediately at the time needed and doesn't need time before responding.

                                        That's the only issue I see there.

                                        Actually one of the more minor ones. Still pretty big, though.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @BRRABill
                                          last edited by

                                          @BRRABill said:

                                          But again ... what are the odds a server is just going to reboot in the middle of the day. It doesn't happen on any of my servers. Is this something you see a lot?

                                          Um, all the time. You are talking about small businesses like doctors offices. How many have generators or even good UPS? How many accidentally reset gear? This is very common. I've seen it a few times this week already. Maybe you are dealing with much bigger companies that we normally see. Anyone under a few hundred users this is a very common problem.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller @Jason
                                            last edited by

                                            @Jason said:

                                            @BRRABill said:

                                            But again ... what are the odds a server is just going to reboot in the middle of the day. It doesn't happen on any of my servers. Is this something you see a lot?

                                            This would suck in a data center environment. Remote reboots .. Having to hop into the Out of band management to get it booted up. No Thanks.

                                            This is why physical security is important. Have audit trails for server room access.

                                            Also not even sure how you do this with a large scale SAN setup like ours. It's just not practical.

                                            you do it on a per server basis and it sucks.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 14
                                            • 15
                                            • 16
                                            • 17
                                            • 18
                                            • 18 / 18
                                            • First post
                                              Last post