Versions Compared

Old Version 1

changes.mady.by.user user-29411

Saved on

compared with

New Version 2

changes.mady.by.user user-29411

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Excerpt

Service is not (yet) supported by Cornell. Here are ChemIT's thoughts on encryption (as of April 2015).

Disk-level and file-level encryption is not supported at Cornell (including in ChemIT)

...

ChemIT's current capabilities

  • Consultation , if you have an interest.
  • Benefits, use-cases. Maybe it's overkill, at this time, for the data in question.
  • regarding encryption
    • Risk management, whether encryption or its alternatives, is as much an issue of ones behaviors and attitudes as it is about technology.
    • Note: We personally have very limited experience with encryption.
  • Benefits of encryption.
    • Use-cases when it's helpful. And when it's not helpful.
    • Encryption can represent unnecessary bother and risks in meeting some needs.
  • Alternatives to encryption.Alternatives.
      • If the data is not on your laptop (for example), there is no need to have encrypted data on the laptop.
      • Identifying benefits and risks of various alternatives.
    • Risks if using encryption. Currently, must self-escrow keys.
      • You may lose your data because of the encryption, through technical failures or losing keys.
      • Your backups may not be set up correctly
      , due
      • relative to your encryption choices.
      • There is
      not
      • no university support
      in such
      • for failed situations, including from ChemIT staff.
    • Very limited training via some show-and-tell related to encryption or alternatives.
      • We
      do not
      • cannot provide on-going support for anyone choosing to
      do
      • use encryption.

    Future direction

    If and when Cornell provides central support for file-level or disk-level encryption, ChemIT can naturally expand its services as appropriate.

    • Coming as part of CU's MS Configuration Management service?

    Continue to gauge demand within CCB. Requests for the service are almost non-existant so far. We recognize that although CCB use-cases seem low, but perhaps some risks are well hidden. (Faculty do travel. What data do they take with them?)

    • Would those same, well-hidden use-cases avail themselves of an encryption service?

    Possible, if deemed sufficiently valuable to CCB:

    • Advocate for a central encryption service.
    • Set up a service.
      • R&D, then testing promising solutions. Vetting can take a lot of time to uncover all the undocumented "gotchas". Develop recommendations, along with recommended alternatives.
      • Invest in, and bear the risks, associated with provisioning a local key escrow.
      • Invest in documentation and maintaining that documentation.
      • Provide in-person support for when things are going well. And for when things do not go well, when a higher technical competence is expected, often specialized.