Does PGP phone home?
– Yes. Like PointSec, it sends limited information (whether whole disk is encrypted or not). • How can we prove that a flash drive has been encrypted? – There’s no easy way to do this. Only local logs contain the information. With PGP, end users have a high degree of control over the software; PointSec is controlled by administrators only. • That being the case, isn’t it okay to use open source TrueCrypt okay, then? – There’s a recently discovered exploit (“Stoned” bootkit) in the wild that allows one to circumvent TrueCrypt system drive encryption (http://www.h-online.com/security/Bootkit-bypasses-hard-disk-encryption–/news/113884). TrueCrypt is lacking in logging as well. It comes down to how much liability the dept is willing to take burden – using commercial products lowers liability, in general. • Do you support both PGP and PointSec? – Yes. Even if you’re using a different version of PGP than OAAIS, you may use their infrastructure for public key storage. Do not have to buy into
