As my colleague Garry McCracken ably reported earlier in this blog (Is Microsoft claiming Pre-Boot Authentication for FDE is not necessary?), Microsoft, in its wisdom, has declared that pre-boot authentication (PBA) for full-disk encryption (FDE) is not strictly necessary – except in cases where certain other security measures cannot be implemented.
Using Pre-Boot Networking to Improve Key File Deployment
In our previous blog posting, we explained WinMagic’s two-stage model for enterprise key file deployment. Enterprise key file deployment is a highly complex endeavor, with many use cases for device provisioning to consider and address; additional challenges include speed, security, and scalability. To overcome these challenges, the WinMagic model leverages pre-boot networking. In this blog posting, we explain the basics of pre-boot networking, examine how it can be utilized to improve key file deployment, and study the benefits provided by using it throughout the enterprise.
WinMagic’s Two-Stage Model for Key File Deployment
Our previous blog posting explained the need for more usable and effective intelligent key management solutions for enterprises. We defined intelligent key management as a centralized enterprise product that is application aware, and that works at the lowest possible layer to provide protection for that layer and all the layers above it.
Putting Intelligence in Key Management
Our previous blog posting established that storage encryption technologies, such as full disk encryption (FDE), and their associated key management functions should be separated from each other.
Separating Encryption and Key Management
In our previous blog posting, we explored the shortcomings of software-based full disk encryption (FDE) and made the case for switching to self-encrypting drives (SED) in the long run.
The Road Ahead for Full Disk Encryption
Software-based full disk encryption (FDE) technologies have been widely adopted to protect data stored on computing devices, most often laptops or desktops.