This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Device encryption key rotation

Hi, 

I have a question about the key rotation at the end of their lifetime. 

as per audit review the following question came up and i am uncentain if we need to create a pollicy outside of sophos or if sophos already mannage this. 

Keys are changed at the end of the defined cryptoperiod? 

my questions are: 

  1. Does Sophos keep track of the lifetime of the key? (cryptoperiod)
  2. Does Sophos auto renew the key (after cryptoperiod expires)?
  3. My assumption: when storing new password a new key is generated. Is this correct?

 I could not find this in any documentation. 

best 

jimmy



This thread was automatically locked due to age.
Parents
  • Hi 

    You can store BitLocker recovery keys in Active Directory. 

    Every time you change your BitLocker password recovery key would change. 

    In most of cases, we sync with BitLocker for key management. So, ideally, anything which would trigger a key change should reflect on Central.

    Shweta

    Community Support Engineer | Sophos Technical Support
    Are you a Sophos Partner? | Product Documentation@SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
    The New Home of Sophos Support Videos! - Visit Sophos Techvids
  • Hi Shweta, thanks for this update but does not give answer to these question

    1. Does Sophos keep track of the lifetime of the key? (cryptoperiod)
    2. Does Sophos auto renew the key (after cryptoperiod expires)?

    as one needs to know when cryptoperiod should expire. as sophos manages the keys. sophos could know the proposed lifetime. 

    1, 2 years etc. is this in any way defined / applicable here. or is lifetime, something a company needs to specify? 

    not talking about someone leaving company and has access to these keys. but in the auto-generation part. 

    best,

    jimmy

Reply
  • Hi Shweta, thanks for this update but does not give answer to these question

    1. Does Sophos keep track of the lifetime of the key? (cryptoperiod)
    2. Does Sophos auto renew the key (after cryptoperiod expires)?

    as one needs to know when cryptoperiod should expire. as sophos manages the keys. sophos could know the proposed lifetime. 

    1, 2 years etc. is this in any way defined / applicable here. or is lifetime, something a company needs to specify? 

    not talking about someone leaving company and has access to these keys. but in the auto-generation part. 

    best,

    jimmy

Children