Main Nav

We currently use McAfee’s Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes.

 

Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational.

 

Thanks,

 

Paul Crittenden

Computer System Manager

Simpson College

Indianola, IA

direct: 515-961-1680

www.simpson.edu

 

Comments

We are using Enpoint protection from Symantec -- we liked it when it was GuardianEdge before Symantec bought the company :-) YMMV Joel --On Monday, March 19, 2012 5:33 PM +0000 Paul Crittenden wrote: > We currently use McAfee's Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was > not owned by McAfee but you know how that goes. > > Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that > matter, if you are not, what is your rational. > > Thanks, > > Paul Crittenden > Computer System Manager > Simpson College > Indianola, IA > direct: 515-961-1680 > www.simpson.edu > Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
Message from r-safian@northwestern.edu

 

Symantec/PGP

 

 

We went with WinMagic.  It supported mac as well as windows, provided transparent encryption for usb sticks and allowed encryption to AD groups so you could encrypt a network drive to a group if you wished.  They also offer loads of options of how you want the install package to work and the level of control you want to grant the client.  The cost was a fifth of what any of the large players were offering at the time, although I am given to understand that that the big boys may now be realizing there is competition and are lowering their price.

 

So there are a lot of pros on the WinMagic side.  However, there are a few cons as well (which, to be fair, may be due to our lack of experience with the product).  We have not had a smooth deployment experience up to this point as we have a wildly varying environment, so we have lots of edge cases we have been trying to work through.

 

If the target computer is bound to AD, it is pretty straightforward.  If you want to install to an unbound machine, you have to have a special account set up on the server to support that, then have to sync the new installation to the proper login account after the encryption is complete.  If you have two AD forests, there can be competition/confusion on the part of the client; so you need to set things up a little different in those cases.

 

We are also still working out how we are going to distribute access and administrative rights to the management consol.  Right now we have them entirely centralized.   I would like to be able to distribute them per OU, but we are still working out if that is possible and, if so, how.

 

Feel free to give me a call if you’d like to chat.

 

Quinn R Shamblin
------------------------------------------------------------------------------------------------
Executive Director of Information Security, Boston University
CISM, CISSP, GCFA, PMP  –  O 617-358-6310  M 617-999-7523

 

We use SEE, too......Symantec Endpoint Encryption......seems to work very well for us..... Michael
Message from cthomas@worwic.edu

SecureDoc from WinMagic.  It’s working well for us.

 

Just an FYI, (I do NOT own Symantec stock!!)…..but, SEE now does Macs, too…..

 

M

 

We currently use PGP for both Mac and Windows but are now testing Bitlocker with the Windows machines.

 

 

Tim Cappalli, ACMP CCNA | (802) 626-6456

» tim.cappalli@lyndonstate.edu | it.lyndonstate.edu

 



PRIVACY & CONFIDENTIALITY NOTICE
This message is for the designated recipient only and may

contain privileged, confidential, or otherwise private
information. If you have received it in error, please notify
the sender immediately and delete the original. Any other
use of an email received in error is prohibited.

 

Just curious .. how do you get your Mac users to install something called "WinMagic" :-) Joel --On Monday, March 19, 2012 5:45 PM +0000 "Shamblin, Quinn" wrote: > We went with WinMagic. It supported mac as well as windows, provided transparent encryption for usb sticks and allowed encryption to AD groups so you could > encrypt a network drive to a group if you wished. They also offer loads of options of how you want the install package to work and the level of control you > want to grant the client. The cost was a fifth of what any of the large players were offering at the time, although I am given to understand that that the > big boys may now be realizing there is competition and are lowering their price. > > So there are a lot of pros on the WinMagic side. However, there are a few cons as well (which, to be fair, may be due to our lack of experience with the > product). We have not had a smooth deployment experience up to this point as we have a wildly varying environment, so we have lots of edge cases we have > been trying to work through. > > If the target computer is bound to AD, it is pretty straightforward. If you want to install to an unbound machine, you have to have a special account set up > on the server to support that, then have to sync the new installation to the proper login account after the encryption is complete. If you have two AD > forests, there can be competition/confusion on the part of the client; so you need to set things up a little different in those cases. > > We are also still working out how we are going to distribute access and administrative rights to the management consol. Right now we have them entirely > centralized. I would like to be able to distribute them per OU, but we are still working out if that is possible and, if so, how. > > Feel free to give me a call if you'd like to chat. > > Quinn R Shamblin > ------------------------------------------------------------------------------------------------ > Executive Director of Information Security, Boston University > CISM, CISSP, GCFA, PMP - O 617-358-6310 M 617-999-7523 > >
We are using Credant mobile guardian for endpoint encryption. We have reviewed a hand full of other products before going with Credant, the biggest reasons for choosing Credant is that from our testing, Credant generated the least user impact and offered best compatibility with varying device models from multiple manufacturers.

Dan Han
Information Security Officer
Virginia Commonwealth University

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, Social Security number or confidential personal information.  For more details visit http://go.vcu.edu/phishing or http://phishing.vcu.edu.




From:        Paul Crittenden <paul.crittenden@SIMPSON.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU
Date:        03/19/2012 01:34 PM
Subject:        [SECURITY] Laptop whole disk encryption
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



We currently use McAfee’s Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes.
 
Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational.
 
Thanks,
 
Paul Crittenden
Computer System Manager
Simpson College
Indianola, IA
direct: 515-961-1680
www.simpson.edu
 
We fall back on the classic definition of "Win" vs. the techno age abbv. ;) Quinn R Shamblin ------------------------------------------------------------------------------------------------ Executive Director of Information Security, Boston University CISM, CISSP, GCFA, PMP  -  O 617-358-6310  M 617-999-7523
Message from valdis.kletnieks@vt.edu

On Mon, 19 Mar 2012 14:14:28 EDT, Joel Rosenblatt said: > Just curious .. how do you get your Mac users to install something called "WinMagic" :-) Any competitors in the Linux arena other than LUKS and TrueCrypt and maybe PGP? (I went the LUKS route mostly because Fedora integrates it into the install process, one checkmark and a passphrase, and it's there...)
Message from ingerman@vassar.edu

We used to use PGP for our laptop encryption (and some desktops). We originally chose it due to it being cross-platform and due to it having an enterprise console that we could use to show when a laptop was last encrypted.  The PGP folks were great to work with and offered quick updates.  Well, PGP was bought by Symantec and things went downhill for us.  Symantec was not as quick with updates which caused problems for both PC and Mac laptops when OS updates caused encrypted machines to not boot (PGP is a pre-boot solution).  There were also a lot of support issues as those bricked machines needed to have a technician come and install the necessary patches (which were not end-user friendly).  So we started to look and came across Credant, which we have purchased from Dell (which Dell calls "Dell Data Protection").  The solution woks either pre- or post-boot (we have chosen the latter) and the company offers excellent technical support.

  --Bret 



From:        Paul Crittenden <paul.crittenden@SIMPSON.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU
Date:        03/19/2012 01:34 PM
Subject:        [SECURITY] Laptop whole disk encryption
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



We currently use McAfee’s Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes.
 
Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational.
 
Thanks,



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Ingerman
Vice President for Computing and Information Services
Vassar College
124 Raymond Avenue
Poughkeepsie, NY  12604

               ingerman@vassar.edu
(845) 437-7605  - phone            (845) 437-7050  - fax
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I can also say that our deployment has not gone smoothly.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

We too have a large diversity of systems to contend with, as well as an inherent distrust by the majority of our users for software that can possibly lock them out of their own systems.

The McAfee process has required us to preform pre-install review of BIO settings (Dell default raid set to on, and hard drive incompatibilities); as well as preforming a hard drive sector scan (recommended) on older systems. All this before any software is installed and encryption started.

If you add some McAfee hating and fears that more not less data will be in motion, should users really feel "secured"? I would say we are in the same boat as Simpson College. We are looking at all comers as well as Bitlocker, File Vault and FDE ready Hrd Drv's as possible solutions.


 
 
Louis Aponte
Weber State University
 
On 3/19/2012 at 1:18 PM, in message <53C73473-D326-4DB8-9494-387DB4BDD010@vassar.edu>, Bret Ingerman <ingerman@VASSAR.EDU> wrote:
We used to use PGP for our laptop encryption (and some desktops). We originally chose it due to it being cross-platform and due to it having an enterprise console that we could use to show when a laptop was last encrypted.  The PGP folks were great to work with and offered quick updates.  Well, PGP was bought by Symantec and things went downhill for us.  Symantec was not as quick with updates which caused problems for both PC and Mac laptops when OS updates caused encrypted machines to not boot (PGP is a pre-boot solution).  There were also a lot of support issues as those bricked machines needed to have a technician come and install the necessary patches (which were not end-user friendly).  So we started to look and came across Credant, which we have purchased from Dell (which Dell calls "Dell Data Protection").  The solution woks either pre- or post-boot (we have chosen the latter) and the company offers excellent technical support.

  --Bret 



From:        Paul Crittenden <paul.crittenden@SIMPSON.EDU>
To:        SECURITY@LISTSERV.EDUCAUSE.EDU
Date:        03/19/2012 01:34 PM
Subject:        [SECURITY] Laptop whole disk encryption
Sent by:        The EDUCAUSE Security Constituent Group Listserv <SECURITY@LISTSERV.EDUCAUSE.EDU>



We currently use McAfee’s Safeboot/Endpoint Encryption software to encrypt our users laptops. Our PC Hardware folks do not like McAfee, we did when it was not owned by McAfee but you know how that goes.
 
Anyway, I have been tasked when helping to find a possible replacement. What software package are you using to encrypt your users laptops. Or for that matter, if you are not, what is your rational.
 
Thanks,



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Bret Ingerman
Vice President for Computing and Information Services
Vassar College
124 Raymond Avenue
Poughkeepsie, NY  12604

               ingerman@vassar.edu
(845) 437-7605  - phone            (845) 437-7050  - fax
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We are also using McAfee and have similar concerns

 

 

Dennis N. Tracz, CISSP-ISSMP, CISM, CGEIT

Director, Information Security & Compliance

University of Calgary

Office: (403) 220-4010

Cell: (403) 305-4010

 

 

We've been using McAfee\Safeboot for about 5 years now and are very happy with it.  That may change when we integrate management of the product into our ePO console.  Having said that, we will be reviewing Bitlocker as a possible replacement later this year.
 
Sherry Callahan
Information Security Officer
University of Kansas Medical Center
(913) 588-0966

>>> Dennis Tracz <dntracz@UCALGARY.CA> 3/19/2012 4:14 PM >>>

We are also using McAfee and have similar concerns

 

 

Dennis N. Tracz, CISSP-ISSMP, CISM, CGEIT

Director, Information Security & Compliance

University of Calgary

Office: (403) 220-4010

Cell: (403) 305-4010

 

 

Message from dgrisham@salud.unm.edu

I have to echo Sherry success statement. We do manage with EPO but have not upgraded to the version 6 as it was buggy two years ago. We're hoping that the EPO version goes better this time around. Cheers --grish David D. Grisham David Grisham, Ph.D., CISM, CRISC Manager, IT Security, UNM Hospitals, IT Division Health Science Center, UNM >>> Sherry Callahan 3/19/2012 3:18 PM >>> We've been using McAfee\Safeboot for about 5 years now and are very happy with it. That may change when we integrate management of the product into our ePO console. Having said that, we will be reviewing Bitlocker as a possible replacement later this year. Sherry Callahan Information Security Officer University of Kansas Medical Center (913) 588-0966 >>> Dennis Tracz 3/19/2012 4:14 PM >>> We are also using McAfee and have similar concerns Dennis N. Tracz, CISSP-ISSMP, CISM, CGEIT Director, Information Security & Compliance University of Calgary Office: (403) 220-4010 Cell: (403) 305-4010

We are also using Credant for the same reasons.

 

Be an Internet Skeptic!  There's nothing really free on the 'net

Utica College and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information.

James Farr

Information Security Officer

Instructional Technologist

Utica College

jfarr@utica.edu

315-223-2386

 

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.