SANS Day 1 Summary

I attended the SANS Secure Storage and Encryption Summit ’06 in McLean Virginia today. Since I expect more people reading a blog start at the top of the page and work backward, I figured I’d put this explanation here.
I’m posting some notes from the sessions. They aren’t in any particular order. Hopefully they are somewhat useful. If not, I’m sorry, I am not going to a have a chance to re-read and edit the posts.
The conference made me somewhat concerned. It seems everyone is focusing on full disk encryption products. We just finished purchasing a digital certificates from Verisign (not implemented yet) for a large sum of money. We’re planning to go EFS right now using those certificates. I’m worried we aren’t going in the right direction.
I realized that I am aware of EFS’s limitations and know how to implement in a secure way on XP sp2. While I am still concerned about issues such as reportability, the initial time of encryption, and knowing that the sensitive data is encrypted, I think it may be ok.
Each Government agency wants us to go buy the encryption program they chose. Its less work for them. We could have have pockets of users with different version of encryption all over the enterprise. It is not workable.
Interesting days are ahead.