FileVault 2: manage Apple’s native disk encryption tool
Enterprise organizations today support a mobile workforce, enabling end users to access organizational data from within and outside the organizational network. As both the technology and the access to technology leave the organization's facilities, IT administrators need solutions to ensure data is secure.
Typically, this data security is provided through a full disk encryption solution, used to encrypt the data that is stored on the device. A full disk encryption solution provides a password—called the encryption key—and secures the data that resides on the device's storage. Without the encryption key, unauthorized individuals are unable to read any data from the drive.
Beginning with Mac OS X 10.7, Apple built a full disk encryption solution called FileVault 2 into the operating system. FileVault 2 provides end users the capability to enable and disable FileVault 2 encryption on their devices. In order to provide IT administrators similar methods for ensuring security on a large-scale through native tools, the Casper Suite has the ability to enable, disable, report on status, and escrow recovery keys to a central location. With OS X Mavericks, the Casper Suite extends these methods, providing IT administrators new capabilities to remediate issues with the recovery key, regularly change recovery keys, ensure appropriate users have FileVault 2 access, and require the use of FileVault 2 disk encryption.
How the Casper Suite leverages new FileVault 2 capabilities in OS X Mavericks:
- New ways to report on the state of machines and the keys they are using
- Advanced ways to swap recovery keys
- Filevault key redirection
- Report on FileVault 2 security posture
- Leverage new fdesetup verbs