Posted on 08-02-2017 12:09 PM
Hi Nation!
I'm curious to hear what pros and cons you've discovered or reasoned in regard to having both institutional and individual FileVault keys.
I can think of one of each...
Pro: IT has a fallback option if individual key escrow fails.
Con: A master key to your fleet exists (can be mitigated with appropriate controls around access).
What have you found?
Posted on 08-02-2017 12:38 PM
We use both, and yeah, the Institutional key really should be a closely guarded secret. Only a couple of people in our organization actually have the password for it. I'm one of 2. I've rarely needed it, but on the few occasions I needed to unlock a Mac that for some reason did not have an Individual Recovery key on file, or otherwise wasn't working, the Institutional key did the trick.
But you're correct, it does represent a security risk, so measures need to be taken to control access to it. In those cases where it was needed, we've needed the affected Mac shipped to me, sometimes from outside the country or from another state, because I will absolutely not give the password to any of our techs, under no circumstances.
Also important to keep in mind is that access to the key itself is only part of the equation. Without the password that was used to generate the key, one can't create an unlock keychain to use on a machine. If you protect access to both, you should be ok.