[CentOS] Deciding when to do system encryption

Tue Oct 11 04:31:32 UTC 2011
Paul Heinlein <heinlein at madboa.com>

On Mon, 10 Oct 2011, Bade Iriabho wrote:

> Hello All,
>
> I have read that system encryption slows a computer down. However, I am more
> interested in when to use it. Consider the following scenarios:
>
> 1. You have a server in a secured server room on a rack (is there any need
> and advantage to having system encryption in this particular case)
> 2. you have a server sitting in an office that is accessible by everyone
> 2. You have a desktop
> 3. You have a laptop
>
> So my questions are: What situations/scenarios do you consider 
> before implementing system encryption? I guess at the end of the 
> day, I am trying to figure out the best practices.

The real question is your risk. The situation or scenario is at best a 
mitigation of the risk.

That is, how valuable to is the data on any of those machines? How 
much of your time, money, and/or reputation be consumed if your data 
are stolen? What will the impact on you (and your customers) be if 
your data's confidentiality, integrity, or availability is threatened? 
Who are the threats: employees? random visitors to your office? 
thieves? business competitors?

Answer those questions first.

At that point, you're in a better position to assess the 
vulnerabilities of each platform. You might decide that a locked room 
in a locked building (e.g., a server room) is sufficient mitigation 
against your threats -- or not.

I have a hard time imagining a situation where data on a business 
laptop should NOT be encrypted, but it may be that a good backup is 
all you need.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/