Comment on An angry admin shares the CrowdStrike outage experience
modeler@lemmy.world 3 months agoYou need at least two copies in two different places - places that will not burn down/explode/flood/collapse/be locked down by the police at the same time.
An enterprise is going to be commissioning new computers or reformatting existing ones at least once per day. This means the bitlocker key list would need printouts at least every day in two places.
Given the above, it’s easy to see that this process will fail from time to time, in ways like accicentally leaking a document with all these keys.
JasonDJ@lemmy.zip 3 months ago
I think the idea is to store most of the keys in AD. Then you just have to worry about restoring your DCs.
modeler@lemmy.world 3 months ago
I think that’s a better plan than physically printing keys. I’d also want to save the keys in another format somewhere - perhaps using a small script to export them into a safe store in the cloud or a box I control somewhere