Wouldn’t it be great to hand over an already encrypted laptop to an end user? In this new world, the laptop can start its life encrypted, secure and in a high state of compliance.
The initial provisioning or imaging process of a laptop is typically a repetitive, manual task of installing the Windows operating system, necessary drivers and software. This task has historically been performed by in-house IT that also has access to the Intranet and your security management infrastructure.
Initial encryption of a laptop drive can take a few hours to complete since this is dependent on the size of the hard drive and the speed of the processor.
Several organizations are choosing to outsource this initial provisioning task to a 3rd party or even the laptop supplier. This leads us to a strange dilemma:
“Do I trust a 3rd party to have access to laptop encryption keys and potentially my security management console? “.
To address this customer need, we introduced a new capability called “Offline Activation” in McAfee Endpoint Encryption for PC v7.0 (Dec 2012).
Working in conjunction with our ePolicy Orchestrator (ePO) product, this new capability enables a third party organization to initially encrypt the machine, without requiring access to any internal security resources and without exposing any encryption key details to the third party. When the machines are brought in-house they automatically transition from an unmanaged state to an ePO managed state.