Before every flight, the aircraft is taken through a comprehensive preflight inspection routine. In addition to ensuring that nothing is already broken, the inspectors also look for imminent issues. For example, if the door is hard to close, it may be an indicator of metal fatigue that can get amplified into cracks/failures when in air. This relatively obvious and simple act of “anticipating imminent failure” has probably saved countless livesand has ensured that flying is still statistically the safest way to travel.
So, what does this have to do with drive encryption products?
A spinning drive’s mechanical moving parts are subject to wear and will eventually fail. When you deploy a drive encryption product such as McAfee Endpoint Encryption for PC, you are essentially asking it to encrypt every readable sector on the drive. This exercise is equivalent to getting the aircraft into air i.e. it can amplify issues that are not apparent at this time. If the drive fails mechanically during the encryption process, you may be left with unrecoverable data. As an IT professional, you don’t want this to happen to a remote employee or with in-field deployments.
A few years back, we started looking at how we could try and bring the equivalent of the preflight inspection to make drive encryption deployments completely safe. In late 2011, McAfee launched a free, ePO managed product called Endpoint Encryption Go (eeGO). One of the preflight inspection tests it runs is based on a drive health monitoring system called Self-Monitoring Analysis andReporting Technology (S.M.A.R.T ).
When deployed, eeGo interrogates the drive for its health and reports it back to McAfee ePO. This data will help you identify both “failing”and “about to fail” drives.
Enhancements in our v7.0 Release
To help customers use eeGo directly within our products, we enhanced our v7.0 release (Dec'12) by integrating eeGo into encryption deployment workflows. Upgrade to v7.0 (Dec’12) to leverage the eeGo data to drive your encryption deployment workflows in ePO. With v7.0, you can now do the following:
1. Prevent activation of drive encryption on asystem unless it passes the eeGo preflight inspection routine
2. Use eeGo to monitor the health of an encrypteddrive on an ongoing basis.
We strongly recommend that all customers utilize eeGo as away to perform your preflight inspection checks. We also recommend using it to monitor the health of drives on an ongoing basis to prioritize replacements ofdrives that are about to fail. For the technically inclined, have a look at the initial announcement and DanLarson’s blog on eeGo.