Myths Regarding Hosted Laptop Disk Encryption

By Ralph Figueiredo

There are several myths about Hosted Laptop Encryption or Hosted Disk Encryption, that might prevent people from choosing a MSP or a SaaS service for encryption of data at rest. I addresses 7 of the most common ones we’ve come across in the 4 years of providing Laptop Encryption as a Hosted Service. By clarifying some of the details, we hope to eliminate some of the FUD (Fear Uncertainty & Doubt) surrounding Hosted Disk Encryption for Data at Rest.

1) A SaaS service for Laptop Disk Encryption SaaS might be a security risk: Well, with Hosted Disk Encryption, there are two components involved, well 3 really. The encrypted laptop or desktop, the hosted key management encryption server & Active Directory or LDAP that maintains user groups/lists. The laptop upon reboot uses the users local network/windows password to allow the user access to their machine going forward. At no point is this network password copied or transferred to the hosted key management server. The hosted key server has recovery tokens or unique passwords that are only stored on the server and not locally on the encrypted laptop or desktop. In the event a user loses or forgets their password, an admin can generate a one-time recovery password or token on the server and use that to boot into the laptop. They then get to the window login screen. So, to boot into an encrypted laptop, an ‘admin’ would need to have access to the secure key management server AND have the encrypted laptop handy as well. No chance a rogue employee or a laptop thief would have access to both the stolen laptop AND the secure key management server at the same time.

2) Confidential Data will be stored on public servers: Hosted Disk Encryption SaaS service does not require a connection to the customer’s Active Directory. We leverage our own LDAP service per customer. No customer data in the form of emails, files, documents, or confidential content of any kind is being collected or shared by the SaaS service. No passwords are copies, or uploaded to the hosted key management servers.

3) Availability of our servers and or data is a concern: Each server is backed up and redundant, hosted at a SAS70 Type II certified secure datacenter location. Even if, for some reason, say the internet went down, and the encryption key servers were offline, all encrypted laptops and desktops would continue to be encrypted. They just wouldn’t be able to connect to the hosted server for updates or policy changes (if any). Once the service was back online, updates would flow down as well. So, in no scenario would anyone have a disruption of service.

4) I’m not a fan of Multi-Tenancy: This relates to multiple customers sharing the same server. Which is a common occurrence and practice with Cloud Offerings. With Aurora’s Hosted Disk Encryption SaaS service, each customer gets their own dedicated Key Management Server and their own LDAP server. The Key Management Server, and an LDAP server, are both backed up as well.

5) I have user changes all the time: This is not a problem either. User lists are maintained on individual/dedicated LDAP servers. Admins can upload user lists (.csv files), add or remove users, all from a GUI or web site.

6) I have Windows and some Macs: Well, the service we provide handles both Windows and Mac clients. Some of the customers only use Hosted Disk Encryption for the Mac population.

7) I am concerned about Removable Media (USB) Encryption: Well, the hosted service allows enforcement or on-demand encryption of USB devices too. Encrypted USB drives can then be shared with other encrypted laptops and desktops.

 

—————————————————————————————————————————————————–

Get into contact with us;

*By Filling Out the Form Below
[contact-form-7 404 "Not Found"]

*Phone: (888)-282-0896

*Email: sales@aurorait.com

 

s