Chapter 17. Managing File Encryption
IMAGINE THIS PHONE CALL. IT'S 1:30 on a Wednesday afternoon. The voice at the other end of the line belongs to the CFO. She is in New York making a series of presentations to potential investors. She has just arrived back from lunch to discover that someone took her laptop from a meeting room where she was assured that it would be "perfectly safe."
The CFO's most pressing concern is to get the files that she needs for her presentations, but your larger concern is for the data on the laptop's drive. If someone in the chain of criminals that handles the stolen laptop recognizes the nature of the data it holds, the machine takes on a whole new value. When the enormity of the vulnerability sinks in, company executives start getting interested in file encryption. (You've been suggesting it for a long time, of course.)
In response to situations like this, Microsoft developed an Encrypting File System (EFS) feature and included it in Windows 2000. Windows Server 2003 and XP have an enhanced version of EFS that corrects a couple of key deficiencies and adds features that make it more attractive for users and administrators. If you're making a list of reasons to upgrade your laptop fleet to XP, put EFS in the top five items for making the move as soon as possible.
This chapter covers the components involved in file encryption and a description of how they function together along with operational guidelines that help ensure the system does not become compromised and that files remain available for access by authorized personnel. The last section contains a set of step-by-step procedures for deploying and managing file encryption.