Securing all data on laptops.
Hi!
So i have a client that has say 25 mobile users with their own lap tops. The users tend to copy data from the server and work on it on the desktop or on the C:\ drive. The client has asked me if there's some sort of solution to sync possible the entire machines data to a server so as to not lose any data if the user quits or getts his computer stolen. What i've thought of doing is:
1. Using Group Policy folder redirection to move the users accounts to a fileserver (Solving problems if the user puts stuff on their desktop or my documents folders.)
2. Using Bitlocker drive encryption and configuring via gpo to store restore keys in active directory with the machine account.
Has anyone had this situation before? The users are today local admins on their machines so they could potentially erase the data locally on the computer.
Any help or suggestions is really appreciated.
So i have a client that has say 25 mobile users with their own lap tops. The users tend to copy data from the server and work on it on the desktop or on the C:\ drive. The client has asked me if there's some sort of solution to sync possible the entire machines data to a server so as to not lose any data if the user quits or getts his computer stolen. What i've thought of doing is:
1. Using Group Policy folder redirection to move the users accounts to a fileserver (Solving problems if the user puts stuff on their desktop or my documents folders.)
2. Using Bitlocker drive encryption and configuring via gpo to store restore keys in active directory with the machine account.
Has anyone had this situation before? The users are today local admins on their machines so they could potentially erase the data locally on the computer.
Any help or suggestions is really appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Im actually quite stupid for not thinking of online backup, but yea thanks for the idea all though i use different software you gave me the idea and its great. Thanks :)
This is a question that is near and dear to my heart. I am a big proponent of securing laptops as they have a tendency to "grow feet".
One thing to look at it is security of the data at rest as well as in motion. Based on your requirements this is what I would be looking at.
Data Encryption at Rest - This would be for data that has been copies to the laptop and is on the laptop in the event that the laptop is stolen or lost.
There are a few solutions I have used. They both have a centralized management and push policy as the laptops check in.
Option 1 - Checkpoint Endpoint Security
This solution is a great solution for remote workers. It sandboxes the data and does not write to the local PC. The link refers to their 'Go' solution which is a USB based solution. It CAN integrate with a Checkpoint VPN solution. This will protect the data at-rest as well as in motion. It is centrally management and can be revoked as necessary.
Option 2 - Symantec Encryption Desktop
This solution also allows for full disk encryption and is centrally managed. Encrypts the data and can have the keys revoked rendering the data useless without the keys. I used this for many years.
Here is a great white-paper on the solution
This is either a stand-alone solution or can be combined with the above to provide a full solution.
Option 3 - Citrix FileShare
This is essentially a Corporate version of Drop Box. Although this does NOT provide the full disk encryption, it does provide the ability to sync files securely.
I believe that based on you requirements, I would use either Option 1 or 2 and possibly in combination with Option 3.
One thing to note. The Symantec solution will do Full-Disk encryption on any platform, Windows, Mac and Linux (What I used), but the PGP Desktop software is only for Mac and Windows.
Hope this helps.
One thing to look at it is security of the data at rest as well as in motion. Based on your requirements this is what I would be looking at.
Data Encryption at Rest - This would be for data that has been copies to the laptop and is on the laptop in the event that the laptop is stolen or lost.
There are a few solutions I have used. They both have a centralized management and push policy as the laptops check in.
Option 1 - Checkpoint Endpoint Security
This solution is a great solution for remote workers. It sandboxes the data and does not write to the local PC. The link refers to their 'Go' solution which is a USB based solution. It CAN integrate with a Checkpoint VPN solution. This will protect the data at-rest as well as in motion. It is centrally management and can be revoked as necessary.
Option 2 - Symantec Encryption Desktop
This solution also allows for full disk encryption and is centrally managed. Encrypts the data and can have the keys revoked rendering the data useless without the keys. I used this for many years.
Here is a great white-paper on the solution
This is either a stand-alone solution or can be combined with the above to provide a full solution.
Option 3 - Citrix FileShare
This is essentially a Corporate version of Drop Box. Although this does NOT provide the full disk encryption, it does provide the ability to sync files securely.
I believe that based on you requirements, I would use either Option 1 or 2 and possibly in combination with Option 3.
One thing to note. The Symantec solution will do Full-Disk encryption on any platform, Windows, Mac and Linux (What I used), but the PGP Desktop software is only for Mac and Windows.
Hope this helps.
great conversation... helge000 is right.... overall it's a nice participation... i appreciate all participants... thanks
check these articles
http://burpee.smccme.edu/studenthowtos/robocopy.htm
http://www.groovypost.com/howto/automatically-mirror-files-network-drive-robocopy/
http://sajidshaik.wordpress.com
all the best