It has been over a year since the introduction of the General Data Protection Regulation (GDPR), and the European Union (EU) continues to step-up its privacy controls and standards. As GDPR has progressed over the last year, many organizations are shifting their viewpoints on how to collect, store, and use personally identifiable information (PII). One method for protecting PII that is on the minds of many IT admins is full disk encryption (FDE). In this post, we’ll discuss how to enforce FDE to achieve GDPR compliance.
GDPR Compliance Requirements
When it comes to GDPR, the standard is a mix of specific actions and general guidelines that organizations must implement to protect personally identifiable information. When it comes to the storage of PII, data processors are required to store this with the utmost care. A breach of this data could be disastrous not only to the organization, but to the end users themselves. While GDPR isn’t completely prescriptive in its guidance, it is safe to assume that any and all data stored should be encrypted and stored securely.
For the most part, this refers to databases that house the critical data. But, smart IT organizations are also taking it one step further and ensuring that all of their end users’ hard drives are encrypted at rest through full disk encryption, using solutions such as BitLocker and FileVault. This is a wise move, as IT admins know that end users may have some components of PII on their systems that they are using to accomplish their jobs.
Enforcing FDE at Scale
Unfortunately, it has historically been challenging to implement FDE across an enterprise, especially when there is a mixed-platform environment. Many solutions that can be used to enforce Bitlocker for Windows® or FileVault for Macs® are generally limited to one of those two OS.
Another main consideration for IT organizations looking to enforce FDE is recovery key escrow. Recovery keys are the critical tokens that are used to unencrypt locked drives, which are unlocked when an employee leverages their credentials to access a system. These keys need to be stored in escrow. By doing so, IT admins can securely manage access to encrypted systems, especially in cases where a user forgets their password
Remotely Enable FDE from the Cloud
Thankfully, a solution is on the market that can remotely enable and enforce both BitLocker and FileVault, as well as securely escrow the associated recovery keys. This solution is a cloud directory service that manages users on their Windows, Mac, and Linux systems, and controls their access to IT resources like email, applications, networks, infrastructure, and more. As a platform-neutral cloud directory service, this solution enables freedom of choice for these resources, making it a smart choice for almost any IT organization.
This cloud directory service is known as JumpCloud® Directory-as-a-Service®. Using JumpCloud, IT admins can leverage cross-OS Policies that are similar to the group policy objects (GPOs) widely used in Microsoft® Active Directory® environments. Among these Policies is the ability to enforce BitLocker and FileVault across entire fleets of systems with only a few clicks. This capability and more are all available from JumpCloud’s web-based Admin Portal.
Try JumpCloud Free
If your organization has been looking to figure out how to enforce FDE to achieve GDPR compliance, JumpCloud Directory-as-a-Service is your best bet. You can try Directory-as-a-Service absolutely free by signing up for a JumpCloud account. Every JumpCloud account includes ten complementary users, which can be used to effectively sandbox JumpCloud in your organization.
If you would like to see JumpCloud in action, you can also schedule a demo of the product to see it used firsthand. Questions, comments, or concerns? Learn more by contacting us or by reading through our blog.