PGP Universal Server WDE Event Alerting
With the tools we currently have with PGP US, we struggle to measure compliance and ensure that everyone is encrypted. We have recently upgraded our Universal Server to correct the policy flaw that allowed users to pause the encryption process. We have seen some instances where PGP will pause the encryption process on its own due to disk errors (item #4).
In a managed environment, this isn't supposed to happen:
In PGP Universal Server managed environments, if PGP WDE encounters a hard drive or partition with bad sectors, PGP WDE will log an event in the server logs and continue disk encryption.
In working with Symantec on this, it seems there isn't a specific threshold but if there are "many" errors PGP will pause (this is reported corrected in 10.2.1(MP5)). The client will obviously report that its pasued as a status to the Universal Server and possibly send an event to the server logs. If you aren't looking out for this specific client (or had some other process to catch it) you wouldn't know that it was paused. You wouldn't know you had a possible compliance issue. It would be nice (since the server can send out email) to be able to configure WDE event alerting. Such as:
- Encryption paused
- Decryption started
- Failed login attempts
These alerts could go to a specific user or group of users (configurable) that would be able to follow up on them. This email itself should be configurable to make it possible to send emails to ticketing systems to auto generate a case for someone to follow up. Some systems require emails to be in a specific pattern to generate cases automatically.