Versions Compared

Old Version 2

changes.mady.by.user user-29411

Saved on

compared with

New Version Current

changes.mady.by.user Rae Enlow

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Service is not (yet) supported by Cornell. Here are ChemIT's thoughts on encryption (as of April 2015).
Excerpt

To ensure data is not being compromised we strongly recommend, and in some cases require, drives to be encrypted

See Chemistry IT project:

See also

Children Display
depth4
styleh2
excerptTypesimple

Disk-level and file-level encryption is

...

somewhat supported at Cornell (

...

and some in ChemIT

...

have some familiarity with it)

To-do: Current offering is not as solid as emerging options appear to be for Windows. Once emerging options are solidifies operationally and support-wise, get CIT's:

  • Documentation.
  • Recommendation(s).
  • Central key-escrow details and process.
  • Clarify central support and expectations
  • No documentation.
  • No recommendations
  • No central key-escrow.
  • No support for either technical staff nor and end-users.

 

ChemIT's current capabilities

 

  • Consultation regarding encryption
    • Risk management, whether encryption or its alternatives, is as much an issue of ones behaviors and attitudes as it is about technology.
    • Note: We personally have very limited experience with encryption.
  • Benefits of encryption.
    • Use-cases when it's helpful. And when it's not helpful.
    • Encryption can represent unnecessary bother and risks in meeting some needs.
  • Alternatives to encryption.
    • If the data is not on your laptop (for example), there is no need to have encrypted data on the laptop.
    • Identifying benefits and risks of various alternatives.
  • Risks if using encryption. Currently, must self-escrow keys.
    • You may lose your data because of the encryption, through technical failures or losing keys.
    • Your backups may not be set up correctly relative to your encryption choices.
    • There is no university support for failed situations, including from ChemIT staff.
  • Very limited training via some show-and-tell related to encryption or alternatives.
    • We cannot provide on-going support for anyone choosing to use encryption.

Future direction

If and when Cornell provides central support for file-level or disk-level encryption, ChemIT can naturally expand its services as appropriate.

  • Coming as part of CU's MS Configuration Management service?

Continue to gauge demand within CCB. Requests for the service are almost non-existant so far. We recognize that although CCB use-cases seem low, but perhaps some risks are well hidden. (Faculty do travel. What data do they take with them?)

  • Would those same, well-hidden use-cases avail themselves of an encryption service?

Possible, if deemed sufficiently valuable to CCB:

  • Advocate for a central encryption service.
  • Set up a service.
    • R&D, then testing promising solutions. Vetting can take a lot of time to uncover all the undocumented "gotchas". Develop recommendations, along with recommended alternatives.
    • Invest in, and bear the risks, associated with provisioning a local key escrow.
    • Invest in documentation and maintaining that documentation.
    • Provide in-person support for when things are going well. And for when things do not go well, when a higher technical competence is expected, often specialized.