Attended a session with Steve Riley, Senior Security Strategist with Microsoft Security. The session we called "Privacy: Who, What, Where?"
Most of the content covered was general in nature, and more covered risks associates with spyware, RFID chips, security breaches and such. The key message was that, in general, customers to a company don't seemed to be aware or concerned about information disclosure. As such, there is currently not much economic incentive for companies to take privacy and data security seriously. Often, it's cheaper to take the risk and pay government imposed fines rather than do the right thing.
Bitlocker, of course, rated a mention. Steve did say that now BDE supports additional fixed disks and removeable drives (as of Windows 7) that there is little benefit in using both BitLocker and Windows Encrypted File System - both mitigate against the same risks. Neither, though, will protect against documents being e-mailed or taken off a system using unencrypted devices.
One of the technologies to look at would be Windows Rights Management Server. Having a policy enforced by RMS would help manage the risk of a document "escaping" the network (or CTM.)
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment