Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 5 subscribers
  • Views 5998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

POA advantages

Iamnotsteve

We have a workforce over 350.  80% of these users travel between sites and share multiple PCs.  We are just now testing Safeguard 5.61 with Enterprise console.  We are quite concerned about the POA owner being the first user to logon after encryption.  Locking out all others should the machine be powered off will seriously impact workflows.  This does not seem like an ideal configuration.  What practices are recommended in this environment?  We are contemplating not enabling POA on most seats as a result of our organizational setup.

:53001


This thread was automatically locked due to age.
  • 0

    Hello Youarenotsteve (who's steve, BTW?),

    Sophos Disk Encryption (as the bundle product is called) has AFAIK no concept of owner. You know that you can add POA users, don't you (please see chapter 3.3, Import further users, in the SDE Help) though this will likely be tedious in your environment. SEC also doesn't give you an option to manage users (and therefore you can't centrally disable/delete POA users).

     While encryption without POA protects the disks against "accidental" exposure disabling POA allows the OS to boot and thus makes (in case of loss or theft) successful dedicated attacks possible. In addition SDE 5.61 does not support Windows 8 or newer versions.

    Won't suggest a specific approach as it depends on your particular needs, I'd only recommend against disabling POA for the reason given above, but arguably disk encryption w/o POA is more secure than no encryption at all. Unfortunately (or fortunately, depending on how you see it) you'll likely never observe that encryption (and POA) is beneficial ...

    Hope this helps at least a little bit

    Christian 

    :53011
  • 0

    From a movie.  Guy wears a name tage the has the "Hello I am" prompt and underneath he has written

    Not Steve

    Found it amussing.

    thanks for your insight.

    :53069
Unfiltered HTML