Re: PCI, EFS and the future?
- From: "Nick Vaernhoej" <nick.vaernhoej@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 2 Feb 2007 16:20:45 -0600
Thank you for the excellent response. This is exactly what I have been
looking for. I will even dare to use your reply to change my own view
based on the credentials of your signature ;-)
EFS is a very good, and more than adequate solution, with one caveat- it
is file/folder-level encryption versus drive or volume-level encryption;
and all that those differences entail.
EFS is free with Windows 2000 and above, and it is good encryption. You
don't want to lose the private or recovery keys. No matter what solution
you choose, make sure to automate backing up the recovery keys.
PCI and other commercial/public requirements don't care what the
specific solution is as long as it is a strong and reliable solution.
EFS fits that bill, and you gotta love the price.
Some folks like PGP or Truecrypt. Both are excellent solutions as well.
Other vendor solutions, which may cost, can also provide a good
solution, and some people feel third party mgmt tools make it easier
than free tools...but show me any encryption product and I'll show you
advantages and disadvantages. None are perfect.
I say try out a few solutions, including EFS, talk to other users who
have been using the products for awhile, and choose one that fits in
your environment. Don't just talk to the "EFS sucks" people, who haven't
spent time implementing it and using it. That's like an EFS-zealot
dogging Truecrypt without really using it or understanding it.
Properly setup and understood, there are many good solutions, including
"Quidquid latine dictum sit, altum sonatur."