Le mercredi 04 décembre 2019 à 16:59 -0700, John M. Harris Jr a écrit :
On Wednesday, December 4, 2019 12:38:20 PM MST Przemek Klosowski via
devel
wrote:
> - stolen/lost laptop: I think this is the most important one for
> most
> people; it is mitigaged by a trusted-network-based decryption,
> unless
> the device is in unencrypted sleep mode and the new 'beneficial
> owner'
> manages to read the disk before the system goes down.
That may be the case for home users, but not for businesses. Let's
take this
example. Employee A has files from a given project, but Employee B
doesn't
have access to that project. Employee B is malicious, and takes
Employee A's
laptop, gets it on the network, it unencrypts itself and then takes
it. The
data is not Employee B's.
Let’s get real, in most businesses, the data will already be available
in a network share, a common database, etc. Trying to perform fine-
grained control checks on the mass of data businesses routinely
manipulate is a loosing game. You always end up needing to trust
humans.
That’s even the case in ultra-secure environments like the NSA. How do
you think wikileaks happened?
--
Nicolas Mailhot