![]() ![]() You may not post content that is obscene, defamatory, threatening, fraudulent, invasive of another person’s privacy rights, or is otherwise unlawful. You may not impersonate any other person through the blog. You are responsible for the content you post. By uploading or otherwise making available any information to WinMagic in the form of user generated comments or otherwise, you grant Winmagic the unlimited, perpetual right to distribute, display, publish, reproduce, reuse and copy the information contained therein. Therefore, consider your comments carefully and do not include anything in a comment that you would like to keep private. In short, the answer to the question “Do physical servers really need to be encrypted?” is yes, and especially ones that are housed in branches because the risk of loss or theft is higher. Drives could easily go missing from the branch itself and not just in transit. Also, the “data centers” in a branch could simply be a closet and not as physically protected as the “well-fortified data center” at headquarters. Any enterprise or retail operation that has branches, and servers at those branches, may be subject to the same issues. The above use case isn’t limited to financial service organizations. All were encrypted in very short time period, and without a single support ticket being opened. The encryption software was deployed to nearly 1,000 servers. When I say the solution was simple, I mean not just in theory, but also in practice. Then, if lost in transit, the risk is limited to the replacement cost of the drive, which is order of magnitude less than dealing with the legal and financial consequences of a breach. The solution to the FSO’s challenges with managing server security throughout its network of branches was simple encrypt all the remotes servers. They now become obliged to report it to the authorities and deal with the legal and financial consequences. The FSO then had a “situation” to handle. The threat? When an organization ships a drive with data on it they are assuming the risk that it could be lost or stolen in transit, and this was exactly what happened. Drives that malfunction were sent via courier or the postal service. Therefore, when there were issues with the server, including drives, the components are required to be sent to headquarters to be analyzed, repaired, or replaced. These resources are based at headquarters. There are no IT personnel at each individual branch capable of analyzing and repairing the servers. Use case: Windows Server drive Lost in transit from a branch.Ī regional financial services organization (FSO) has hundreds of servers spread across hundreds of branches. I can’t reveal all the gory details, but it highlights the use case and usefulness of FDE for physical servers: Recently, some concrete evidence for the need for server encryption have come to my attention. Encrypting the drive means it can be quickly and easily crypto-erased if it is still operational, and if not, the data is still not accessible without the encryption key. I would counter that all drives eventually leave the data center for repair or disposal, and having them encrypted protects you from having your old drives show up on eBay, with your customer data still on them. ![]() The protection that Full Drive Encryption (FDE) brings only really applies to data at rest, and it seldom is at rest on these servers. The argument for not needing to encrypt them is that these servers usually run for weeks, months or even years without being brought down, and that they are physically protected within a well-fortified data center. In the past, I have tried to make the case for encrypting physical servers on premise. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |