Avid Pro Audio Community

Avid Pro Audio Community

How to Join & Post  •  Community Terms of Use  •  Help Us Help You

Knowledge Base Search  •  Community Search  •  Learn & Support


Avid Home Page

Go Back   Avid Pro Audio Community > Pro Tools Software > macOS

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 05-21-2018, 04:38 AM
skipper99 skipper99 is offline
Member
 
Join Date: May 2018
Location: UK
Posts: 2
Default GDPR and Avid's advice to turn off Filevault

Hi Folks,

So GDPR kicks in this month and the company I work for are moving toward ensuring all laptops are encrypted in order to comply with GDPR requirements to ensure data security. For the Macs specifically, that requires enabling Filevault.

As we have a number of Apple MacBooks running Pro Tools within the business, this puts us in a bit of a quandry.

One one side we've got the requirements of the GDPR regulations to satisfy meaning we have to ensure all corporate laptops are encrypted to protect data (if the macbooks are lost/stolen etc)

On the other side, the official Avid advice is to turn off Filevault (see Avid Knowledge Base article - "Mac FileVault and Creative Applications" and the official Avid macOS Optimisation guides)

In Avids advice, turning off Filevault is required in order to prevent DAE -9035 errors - but i'm wondering how common are those errors out in the field??

Has anyone experience (good or bad) of having Filevault enabled on a Mac whilst running Pro Tools?

Any feedback would be much appreciated!

Skip.
Reply With Quote
  #2  
Old 05-21-2018, 06:04 AM
reichman's Avatar
reichman reichman is offline
Member
 
Join Date: Aug 2000
Location: New York
Posts: 2,411
Default Re: GDPR and Avid's advice to turn off Filevault

No one knows because none of us have FileVault on. Interesting problem though. Do report back when you find out.
__________________
Nathaniel Reichman
Producer/Re-recording Mixer - New York
Nathaniel Reichman | IMDB | LinkedIn
Reply With Quote
  #3  
Old 05-21-2018, 06:43 AM
Marcel Risberg's Avatar
Marcel Risberg Marcel Risberg is offline
Member
 
Join Date: Apr 2007
Location: Stockholm, Sweden
Posts: 396
Default Re: GDPR and Avid's advice to turn off Filevault

Hi Skip. Welcome to the forum. Good question.

I don't have an answer for you but I'd be interested in knowing too. Not that I use Pro Tools on a laptop anymore but for reasons regarding theft I've encrypted all of my local and remote drives at my location - that is, all but the system drives using FileVault.

I've not encountered any more problems than before, since encrypting the data drives, no new performance issues - just the usual ones. No noticeable difference with Pro Tools either when comparing encrypted HFS and APFS partitions. (Though another story: encrypted APFS partitions are more likely to fail definitely, compared to encrypted HFS partitions, if problems occur - due to the less evolved rescue / repair tools made available by both Apple and third party as of yet. Be sure to backup everything.)

A modern, or at least an Intel CPU, should have an instruction set called AES-NI (Advanced Encryption Standard New Instructions).

Quote:
Originally Posted by en.wikipedia.org/wiki/AES_instruction_set
The purpose of the instruction set is to improve the speed of applications performing encryption and decryption using the Advanced Encryption Standard (AES).
As of my understanding, the Mac file encryption uses AES.
__________________

Marcel Risberg
Production sound and audio post - ljuddesign.se
Enthusiastically sharing knowledge and experience at Stockholm Film School.

🛠 Pro Tools Ultimate 2019.10 · HD Native · HD Omni
🎚 EuControl x.x.x · Artist Control · Mix · Control App
🦑 MacPro5,1 · 12C24T @3.46GHz · 48GB · SSDs · macOS 10.13.6 (17G5019)
📺 Separate video playback machine
🥇 Covered by ZDT/TLC · Keeping DAW OS clutter free
Reply With Quote
  #4  
Old 05-24-2018, 01:23 AM
skipper99 skipper99 is offline
Member
 
Join Date: May 2018
Location: UK
Posts: 2
Default Re: GDPR and Avid's advice to turn off Filevault

Thanks for the couple of responses so far - useful to know its not just me that appreciates the position.

Can anyone else help here or have any suggestions or experience (good or bad)

What would be even better, would be for someone from Avid Support to clarify the apparent contradiction between legal GDPR requirements and use of Filevault?

I don't believe we can be the only people/company with this concern....

Skip.
Reply With Quote
  #5  
Old 05-24-2018, 02:04 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,965
Default Re: GDPR and Avid's advice to turn off Filevault

I have FV turned on and all my external work drives are encrypted as well. Never had any issues.
__________________
PTHDn 2024.3 (OSX13.6.5), 8x8x8, MacPro 14,8, AJA LHi, SYNC HD, all genlocked via AJA GEN10, 64GB RAM, Xilica Neutrino, Meyersound Acheron
Reply With Quote
  #6  
Old 05-24-2018, 08:12 AM
Rich Breen Rich Breen is offline
Member
 
Join Date: Dec 1969
Location: Burbank, CA USA
Posts: 2,380
Default Re: GDPR and Avid's advice to turn off Filevault

Fox just sent their "Content Security Officer" out this week for a visit - among other things, they're asking all composers/subcontractors to encrypt all external drives that may have Fox content on them. Not too excited about this, but I'll probably be trying to comply soon. Curious what others are doing, and if this is affecting workflow when moving between studios.
__________________
http://www.richbreen.com

----------------------------------------
Mac Studio / Ventura, PT 2023.12.HDX, Avid HD I/Os and Metric Halo ULN8, 3xS1/Dock
Also running a Mac Studio Ultra / Ventura / HDX / MTRX / S6
Reply With Quote
  #7  
Old 05-24-2018, 10:07 AM
Frank Kruse Frank Kruse is offline
Member
 
Join Date: Dec 2002
Location: old europe
Posts: 5,965
Default Re: GDPR and Avid's advice to turn off Filevault

Quote:
Originally Posted by Rich Breen View Post
Fox just sent their "Content Security Officer" out this week for a visit - among other things, they're asking all composers/subcontractors to encrypt all external drives that may have Fox content on them. Not too excited about this, but I'll probably be trying to comply soon. Curious what others are doing, and if this is affecting workflow when moving between studios.
Hi Rich, it's really super-easy. I've been doing this for years. I have noticed no impact on performance. This is mainly to protect the content from human error (drive in bag left at a bus station, or lost by courier) and also brute force (someone breaks into your studio and steals your computer with an entire season of the next GOT on it).

Strong pass phrases are obviously your friend. Makes no sense to use "p@ssw0rd" and for such a drive.
__________________
PTHDn 2024.3 (OSX13.6.5), 8x8x8, MacPro 14,8, AJA LHi, SYNC HD, all genlocked via AJA GEN10, 64GB RAM, Xilica Neutrino, Meyersound Acheron
Reply With Quote
  #8  
Old 05-24-2018, 10:41 AM
Darryl Ramm Darryl Ramm is online now
Member
 
Join Date: Nov 2010
Location: USA
Posts: 19,510
Default Re: GDPR and Avid's advice to turn off Filevault

I hope the studios are looking at password/passphrase management as well.

Password managers can help here with one secure careful password used to protect the password manager (and nothing else) and then the password manager used to generate long random passwords/passphrases. The one I like most is Dashlane.

Think through how using filevault will affect your backups and recovery plans and ideally test that. If you are using CCC (highly recommended) to make encrypted boot disk backups follow these instructions https://bombich.com/kb/ccc5/working-...ult-encryption

---

Pro Tools disk cache and fast SSDs all help make encryption more practical. Make sure disk cache is set to suitable size.
Reply With Quote
  #9  
Old 05-25-2018, 08:03 AM
Rich Breen Rich Breen is offline
Member
 
Join Date: Dec 1969
Location: Burbank, CA USA
Posts: 2,380
Default Re: GDPR and Avid's advice to turn off Filevault

Quote:
Originally Posted by Frank Kruse View Post
Hi Rich, it's really super-easy. I've been doing this for years. I have noticed no impact on performance.....

Yeah, I guess I'm wondering specifically about performance hits on large tracking dates; recording say 60 tracks at 96k - wondering if anyone's noticed a performance hit with encryption on vs off...


I suppose I'll just have to try it and see how it goes.


Also, when delivering a final archive of a project, then how does one deal with password management? Password managers are fine if it's all in house, but if you're passing off the encrypted drive to a studio, do you just hand it to 'em and write the password down on a piece of paper and let them deal with it? I guess so, but it all seems a bit hairbrained to me...


Just wondering how others are dealing with this new reality.
__________________
http://www.richbreen.com

----------------------------------------
Mac Studio / Ventura, PT 2023.12.HDX, Avid HD I/Os and Metric Halo ULN8, 3xS1/Dock
Also running a Mac Studio Ultra / Ventura / HDX / MTRX / S6

Last edited by Rich Breen; 05-25-2018 at 08:14 AM.
Reply With Quote
  #10  
Old 05-25-2018, 09:08 AM
Darryl Ramm Darryl Ramm is online now
Member
 
Join Date: Nov 2010
Location: USA
Posts: 19,510
Default Re: GDPR and Avid's advice to turn off Filevault

Quote:
Originally Posted by Rich Breen View Post
Also, when delivering a final archive of a project, then how does one deal with password management? Password managers are fine if it's all in house, but if you're passing off the encrypted drive to a studio, do you just hand it to 'em and write the password down on a piece of paper and let them deal with it? I guess so, but it all seems a bit hairbrained to me.

How they want you to deal with that is up to them. Sending content over a secure remote connection or having you copy it to a staging server etc. But if physically leaving encrypted content on removable media then a password manager will help not hurt you... by letting you manage separate unrelated passphrases for each physical drive. And no I would never attach that in plain text to the drive and carry it around. Once the drive is physically delivered to a secure location you can email that random passphrase to them, or carry it to there on your password manager encrypted on your smartphone.



Sent from my iPhone using Tapatalk
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
How do you turn off Avid Sign In on 12.5 start up? monty585 Pro Tools 12 8 04-13-2016 05:20 PM
Avid HD Thunderbolt Core Won't turn on IBNMusic Pro Tools HDX & HD Native Systems (Mac) 0 11-10-2015 05:54 PM
Advice or Avid Barry Johns Pro Tools 10 1 12-11-2011 08:36 PM
Avid Transfer of Ownership: Turn-around time sws2h Pro Tools 10 0 10-31-2011 06:00 AM
Will PT9 run with FileVault (Mac OS)? Alexander K Pro Tools 9 10 03-25-2011 07:35 AM


All times are GMT -7. The time now is 11:14 AM.


Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com