This is a follow-up to my previous entry regarding full disk encryption (see: http://monead.com/blog/?p=319). In this entry I’ll look at Blue Slate’s experience with rolling out full disk encryption company-wide.
Blue Slate began experimenting with full disk encryption in 2008. I was actually the first user at our company to have a completely encrypted disk. My biggest surprise was the lack of noticeable impact on system performance. My machine (Gateway M680) was running Windows XP and I had 2GB of RAM and a similarly-sized swap space. Beyond a lot of programming work I do video and audio editing. I did not notice significant impact on editing and rendering of such projects.
Later in 2008, we launched a proof of concept (POC) project involving team members from across the company (technical and non-technical users). This test group utilized laptops with fully encrypted drives for several months. We wanted to assure that we would not have problems with the various software packages that we use. During this time we went through XP service pack releases, major software version upgrades and even a switch of our antivirus solution. We had no reports of encryption-related issues from any of the participants.
By 2009 we were focused on leveraging full disk encryption on every non-server computer in the company. It took some time due to two constraints.
First, we needed to rollout a company-wide backup solution (as mentioned in my previous post on full disk encryption, recovery of files from a corrupted encrypted device is nearly impossible). Second, we needed to work through a variety of scheduling conflicts (we needed physical access to each machine to setup the encryption product) across our decentralized workforce.