Quote:
Originally Posted by JoshuaPrismon  [*]You can't do real key management with this tool. If a employee leaves, and leaves large amount of encrypted data, a company should have a way ideally to recover the key. (That's a controversial statement, but more and more companies require/depend on encryption to do business). I am interested in how the community feels about this one. |
I wanted to chime in on this one, as no one has seemed to yet.
As a company, we pay for key software licenses, manage the keys, set policy for keys and provide support for the keys, all in order to encrypt company data. It is part of the employee's identity, yes, but it is their identity here at the company. When they leave, the leave that part behind with the company. Part of our Employee handbook is about not using company assets for personal uses.
That said, I can understand why, in a non-business environment, it would be a sticky issue. If someone brings their own key / email addresses to use on a server, they will want to use that elsewhere. But that sounds more like an administration setting. Businesses will want "restricted key management", where users can upload their keys, but not remove them. Otherwise, allow everyone full access to their keys via "open key management".