Ron <ronljohnsonjr@xxxxxxxxx> writes: > On 04/20/2018 03:55 PM, Vick Khera wrote: >> On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas@xxxxxxxxx >> <mailto:shavikas@xxxxxxxxx>> wrote: >> > > Someone really needs to explain that to me. My company-issued laptop has > WDE, and that's great for when the machine is shut down and I'm carrying it > from place to place, but when it's running, all the data is transparently > decrypted for every process that wants to read the data, including malware, > industrial spies, > It really depends on the architecture. In many server environments these days, some sort of network storage is used. Having the 'disk' associated with a specific server encrypted can provide some level of protection from another machine which also has access to the underlying infrastructure from being able to access that data. The other level of protection is for when disks are disposed of. There have been many cases where data has been retrieved off disks which have been sent for disposal. Finally, the basic physical protection. Someone cannot just access your data centre, remove a disk from the SAN and then access the data. Then of course there is the bureaucratic protection - "Yes boss, all our data is encrypted on disk." Tim " -- Tim Cross
