In my recent blog “Pre-Boot Authentication. Wisdom in Security” I wrote in conclusion:
Bottom Line: ‘No PBA’ is not a wise choice for enterprises
Microsoft’s reasoning that you don’t need PBA because the known memory attacks are difficult to pull off on most modern hardware is simply wrong because the threat is much more than just those attacks.”
As my colleague Garry McCracken ably reported earlier in this blog (Is Microsoft claiming Pre-Boot Authentication for FDE is not necessary?), Microsoft, in its wisdom, has declared that pre-boot authentication (PBA) for full-disk encryption (FDE) is not strictly necessary – except in cases where certain other security measures cannot be implemented.
In our previous blog posting, we explained WinMagic’s two-stage model for enterprise key file deployment. Enterprise key file deployment is a highly complex endeavor, with many use cases for device provisioning to consider and address; additional challenges include speed, security, and scalability. To overcome these challenges, the WinMagic model leverages pre-boot networking. In this blog posting, we explain the basics of pre-boot networking, examine how it can be utilized to improve key file deployment, and study the benefits provided by using it throughout the enterprise.
Our previous blog posting explained the need for more usable and effective intelligent key management solutions for enterprises. We defined intelligent key management as a centralized enterprise product that is application aware, and that works at the lowest possible layer to provide protection for that layer and all the layers above it.
Our previous blog posting established that storage encryption technologies, such as full disk encryption (FDE), and their associated key management functions should be separated from each other.
In our previous blog posting, we explored the shortcomings of software-based full disk encryption (FDE) and made the case for switching to self-encrypting drives (SED) in the long run.
Software-based full disk encryption (FDE) technologies have been widely adopted to protect data stored on computing devices, most often laptops or desktops.
