It's always interesting when Google releases code under an open source license. And this time, the code, Cauliflower Vest, is delivered for enterprises that wish to deploy Mac OSX's newest encryption technology.
Caulilower Vest, which is released under Apache 2.0, is an end-to-end encryption solution for customers deploying Mac OSX Lion' Servers Filevault 2 technology. The project fills an enterprise need, Google maintains.
Google made the announcement on its open source blog yesterday.
"FileVault 2 is a major, welcome addition to Mac OS X starting with Lion, as full disk encryption is an important part of securing your computer and its data. While the new FileVault 2 offering is very well suited to consumers, some enterprises may require additional features that are not provided out of the box. For example, FileVault 2 encryption is initiated voluntarily by users, lacks enforcement, and, by default, escrows recovery keys to Apple’s central server. It also relies on individual Apple IDs, which cannot be managed as a group."
Google claims it has deployed the solution internally, but not clear if the company will support Mac OSX admins that deploy it. "Employees at Google self-enable FileVault 2 using Cauliflower Vest - it’s tested and ready to help you make FileVault 2 part of your enterprise," Google announced on its blog.
The project web site indicates that the released code includes a GUI client to enable encryption, an escrow service, a web GUI for management and a CLI tool to initiate a recovery key without any end user action required.
It "is an end-to-end Mac OS X FileVault 2 recovery key escrow solution," according to information on the project site. " While stock OS X FileVault 2 is consumer focused, the goal of this project is to provide enterprise features."
The key features include the "ability to forcefully enable FileVault 2 encryption, automatically escrow recovery keys to to a secure Google App Engine server, and delegate secure access to recovery keys so that volumes may be unlocked or reverted," the web site says.