We recognize that in most deployments it is impractical to migrate all your hardware platforms immediately. However, the data leakage threat landscape is such that you should develop a plan on how you will protect data at rest.
Some Special Thoughts in SED deployments
Here are some working rules around SED deployments that you may not know about:
- Determine if you have legal compliance requirements for data-at-rest encryption. This can be tricky.
- You can be a contractor for an organization that has requirements they may be required to put on you, and vice versa.
- Compliance generally requires proof that a laptop was encrypted when it was lost. NIST SP 800-111 required by USA HIPAA HITECH regulations requires data-at-rest encryption and that it be centrally managed, precisely so that you can have certainty that machines were encrypted before being lost.
- In a mixture of new and old PCs, you will probably need both SEDs and Software Full Disk Encryption since it may be impractical to deploy SEDs to all affected machines. There are numerous IT Software Vendors that accommodate a mixture of Software FDE and SED.
- If you have to centrally manage your machines and contractor machines, or even BYOD machines, you may want to request Cloud solutions for central management.
- Mobile Device Management has the same rules and phones and pads almost universally support the OMA standards which give you central control over passwords. If you are managing Apple phones and pads or Samsung KNOX phones, you have SEDs under management already. Windows 10 can also respond to OMA standards and therefore can be managed with Mobile Device Management.