As my colleague Garry McCracken ably reported earlier in this blog (Is Microsoft claiming Pre-Boot Authentication for FDE is not necessary?), Microsoft, in its wisdom, has declared that pre-boot authentication (PBA) for full-disk encryption (FDE) is not strictly necessary – except in cases where certain other security measures cannot be implemented.
In our previous blog posting, we explained WinMagic’s two-stage model for enterprise key file deployment. Enterprise key file deployment is a highly complex endeavor, with many use cases for device provisioning to consider and address; additional challenges include speed, security, and scalability. To overcome these challenges, the WinMagic model leverages pre-boot networking. In this blog posting, we explain the basics of pre-boot networking, examine how it can be utilized to improve key file deployment, and study the benefits provided by using it throughout the enterprise.
Our previous blog posting explained the need for more usable and effective intelligent key management solutions for enterprises. We defined intelligent key management as a centralized enterprise product that is application aware, and that works at the lowest possible layer to provide protection for that layer and all the layers above it.
Our previous blog posting established that storage encryption technologies, such as full disk encryption (FDE), and their associated key management functions should be separated from each other.