Server Data Encryption

Over the last several years, we have been increasing data security and making every effort to better secure our client data, particularly PII.  As a result, we are to the point where we are evaluating the need to encrypt the data on all of our branch office servers, which includes both Exchange and files shares.  
 
We are interested in finding out if any of you are encrypting your server data and if so, how are you accomplishing it?  Has anyone used EFS on file shares and Exchange and if so, what are the performance implications?  Has anyone used self encrypting drives and have you had any issues or performance implications with them?  
NetopsprimeAsked:
Who is Participating?
 
Rob KnightConsultantCommented:
Hi,

Perhaps you should consider a 3rd party data at rest solution that's compatible with any RAID configuration you have. Ideally, 3 factor authentication should be used - e.g. TPM, USB and PIN or USB key, PIN and password.

That way if the server is stolen, nobody can start it or access data on the drives as they are in an encrypted state.

Go for a commerical tool with FIPS validated encryption.

Regards.


RobMobility.
0
 
Rob KnightConsultantCommented:
Hi,

If you're running Server 2008 you have the option of BitLocker encryption - this protects the drive when powered down:

http://technet.microsoft.com/en-us/library/cc731549(WS.10).aspx

Regards,


RobMobility.
0
 
NetopsprimeAuthor Commented:
I am using Windows Server 2003 with Exchange 2003.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
mary_87Commented:
The Best Idea is to establish VPN Connection between the physical locations for security
so if you can send me the network diagram for the whole offices so I can give you the best design to your network .
also is there any routers, firewalls are used or you just use windows servers?
0
 
NetopsprimeAuthor Commented:
I'm not interested in data in transit, I have that covered.  I am interested in data at rest or mitigating against something like a server being stolen, etc.
0
 
NetopsprimeAuthor Commented:
We believe of all the options available Self Encrypting Drives will be the best solution. Thx all.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.