Local Encryption ... Why Not?
-
@stacksofplates said in Local Encryption ... Why Not?:
If it's using TPM to unlock, all you have to do is turn it on.
Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.
-
@carnival-boy said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
If it's using TPM to unlock, all you have to do is turn it on.
Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.
Yeah, if you do that, TPM does good stuff for mobile devices.
-
@carnival-boy said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
If it's using TPM to unlock, all you have to do is turn it on.
Sure, but Bitlocker with TPM allows you to setup a pre-boot pin, so all good.
Right, as long as you require something. I’ve seen some that just do TPM and nothing else. I guess it’s not a gripe I have with Bitlocker. Just the fact that people don’t pay attention to that. LUKS forces a password or some type of key.
-
Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.
-
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
-
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.
Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.
-
@scottalanmiller said in Local Encryption ... Why Not?:
Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.
It's funny how a place with a handful of devices has problems with that, but a place that has 25 thousand encrypted devices across ~30 countries literally has not a single issue with it.
-
@DustinB3403 said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.
Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.
Yeah totally agree. The person at our school had a bunch of financial data on it and got it stolen. So big fail there for us.
-
@Obsolesce said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
Had a customer a few weeks ago lose their laptop because they encrypted it but couldn't figure out their password. Non-replaceable part. So it was hosed.
It's funny how a place with a handful of devices has problems with that, but a place that has 25 thousand encrypted devices across ~30 countries literally has not a single issue with it.
Because one has IT doing it, and one has the end user doing it without consulting IT, obviously.
-
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
-
@DustinB3403 said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
Keeping files on a laptop aren't really the issue here. The customer in Scott's case setup disk or file system encryption and had no recovery method to get into the file system. Seemingly with some hardware encryption that once set it just had to get tossed out.
Encryption of any kind is a good thing generally speaking (not including ransomware) as its an easy to add level of security, but you need to have recovery methods otherwise you're up the creek without a paddle.
It's that they bought from a bad vendor who did it to them. They didn't set up encryption or install the device. They just went to a store and bought it. The problem is, consumer equipment from consumer vendors, in this case.
-
@scottalanmiller said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
A new laptop showed up that way once - I was like - wth?
-
@Dashrender said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
A new laptop showed up that way once - I was like - wth?
I think the bigger question was, it didn't get reimaged to whatever standard they're using?
-
Why no backups?
-
@VoIP_n00b said in Local Encryption ... Why Not?:
Why no backups?
Because the logistics of getting backups going for user laptops is difficult if not impossible
-
@VoIP_n00b said in Local Encryption ... Why Not?:
Why no backups?
Backup of an encrypted system is still encrypted.
-
@DustinB3403 said in Local Encryption ... Why Not?:
@VoIP_n00b said in Local Encryption ... Why Not?:
Why no backups?
Because the logistics of getting backups going for user laptops is difficult if not impossible
And there is no data on them. Just can't get them to boot and the cost to fix it is costly. And since it's just a tablet, the cost of people working on it to reinstall an OS that they don't readily have and someone needing to go on site to deal with it is a problem.
-
@stacksofplates said in Local Encryption ... Why Not?:
@Dashrender said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
A new laptop showed up that way once - I was like - wth?
I think the bigger question was, it didn't get reimaged to whatever standard they're using?
Ha, this is medical. Zero standards. Ever seen any medical that has a standard build? Nope. Or even standard hardware? Nope. Or even consult someone in IT within six months of having put a machine into service? Nope.
-
@scottalanmiller said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
@Dashrender said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
A new laptop showed up that way once - I was like - wth?
I think the bigger question was, it didn't get reimaged to whatever standard they're using?
Ha, this is medical. Zero standards. Ever seen any medical that has a standard build? Nope. Or even standard hardware? Nope. Or even consult someone in IT within six months of having put a machine into service? Nope.
Idk when I was doing my business I had a few Drs offices and I reimaged them when they got one.
-
@stacksofplates said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@stacksofplates said in Local Encryption ... Why Not?:
@Dashrender said in Local Encryption ... Why Not?:
@scottalanmiller said in Local Encryption ... Why Not?:
@jmoore said in Local Encryption ... Why Not?:
I've advocated we store nothing on our laptops but so far its had little effect. We are very backward here unfortunately. I think storing mostly online is very good and makes services like Nextcloud very valuable in this scenario.
It was turned on by the vendor when delivered. Nothing was stored on the device and they had no idea that there was encryption on it.
A new laptop showed up that way once - I was like - wth?
I think the bigger question was, it didn't get reimaged to whatever standard they're using?
Ha, this is medical. Zero standards. Ever seen any medical that has a standard build? Nope. Or even standard hardware? Nope. Or even consult someone in IT within six months of having put a machine into service? Nope.
Idk when I was doing my business I had a few Drs offices and I reimaged them when they got one.
That's because you got to be in charge, I would assume. Here we are only "as needed" and the head of operations runs IT and only has us fix what she breaks (which is quite a lot.)