Search the Community
Showing results for tags 'encryption at rest'.
Found 1 result
Our university hospital IT is mandating that all Mac servers that contain PHI be encrypted using FileVault. There is a longstanding and strong recommendation by FMI and posts on this board advising against this for FM server, although there are also some dissenting voices. The relevant passage on the FM Knowledge base pages (http://help.filemaker.com/app/answers/detail/a_id/9650) reads: "FileVault: FileVault is a feature that performs on the fly encryption and decryption of data on your hard drive.. However, this added level of security requires additional processing power. Because of this, it is recommended that FileVault not be used in conjunction with FileMaker Server and your FileMaker databases." (Last Updated: Jan 13, 2016 01:47 PM PST) 2 points to mention: First, no discussion of actual incompatibility or corruption risk, just a requirement for extra processing power, suggesting this is simply a possible performance issue. Some of the comments I heard at Devcon and read here suggest much more serious issues - I would appreciate any information or discussion on the specifics here. Second, the way FileVault is described, i.e., "on the fly encryption ... decryption" suggests this entry and general discussions recommending against FV use are based on the old FileVault v1, which was replaced with FileVault2 in Lion (!) quite a few years ago. According to a discussion yesterday with Apple tech support (with escalation) the current FV2 uses encryption at rest, not on the fly, making it similar/equal to FM's own encryption offering, and this has been the case since 2011. (http://www.cnet.com/news/about-filevault-2-in-os-x-10-7-lion/) Nevertheless, a discussion with FM tech support yesterday revealed that FM's position on FV is unchanged, and they did not answer my question if this was based on testing with FV2 (with encryption at rest, which should have no performance or other impact on FMserver after the initial boot up) or simply reflects that FM has not revisited this problem since FV2 came out in 2011. I would appreciate some clarity on this issue. My IT security people are not satisfied with the explanations I tried to give them describing FM's position and are not willing to substitute their current requirement with a third party solution they know nothing about, unless I can give them a coherent and documented explanation.