Sysadmins live and die on the processes they put into place. Manual processes overwhelm IT admins with menial, repetitive tasks. Automated ones free admins to focus on more important initiatives and strategies. When it comes to enforcing full disk encryption (FDE) across an organization, the same rules apply: enforcing FDE manually is a pain, while automating it can result in major gains – saving time and improving security. Bonus points to be able to manage FDE from the cloud and off-load even more menial work.
FDE: The Manual Way
Managing FDE the manual way is simply a waste of time.
Yes, you can go around to each individual system and make sure that FDE is enabled. You can add it as another check on your onboarding checklist. And, you can try to maintain a spreadsheet with every system’s recovery key. But without a way to automate enablement, verify enforcement and securely escrow recovery keys, you will unnecessarily complicate your life, and never know for certain that a user hasn’t disabled FDE.
Long story short, the manual way is less reliable, less efficient, and just less fun than using group-based policies to enforce and manage FileVault and Bitlocker on all systems with just a few simple clicks.
FDE: The Automated Way
Achieving automation with most IT tasks can be difficult. With FDE, it’s actually easy.
The right solutions allow you to systematically enforce and manage FDE across all of your systems – whether Mac or Windows. Simply set a policy for all systems, an individual system, or a group of systems, and your users will be prompted to enable FDE. After a grace period set by the admin, the user will no longer have the option to defer FDE enablement: either enable FDE or they can no longer login.
The best FDE management tools automatically generate an individual recovery key and securely escrow it. Most solutions work exclusively to enforce FDE on either Macs or Windows, not both. So if you have a heterogeneous environment then you should select an FDE management tool that supports all of your OSes. Again, if you can get it from the cloud, that’s even better. You’ll have less configuration and maintenance work to take care of internally.
Get Automated Full Disk Encryption
The choice between automated and manual FDE is really no choice at all. Manual is only viable at the smallest of organizations and, even then, there’s no reason not to use an automated solution. In fact, JumpCloud’s Directory-as-a-Service® includes a policy that enforces and manages FDE from the cloud, and the platform is absolutely free for under 10 users.
To begin benefiting from the efficiency and security gains of full disk encryption – while removing the pain of manual FDE enforcement – you can demo JumpCloud here or simply signup for a free account.