It is my pleasure to join this community. A sleek new iMac 27 inch 2013 has been shipped.
A SSD as the only mass storage is populated in that iMac.
The user did not yet start to store sensitive data on ssd.
The question is what needs to be done now (yet before users start to use ssd
for writing own sensitive data) in order to achieve two goals listed below?
1. If some day in the future (middle, or long term) this imac should be resold
the sensitive user data can be removed from ssd before ownership change
2. If some day in the future the appliance should need
to be sent to any repair service the sensitive user data is save from unauthorized access.
The full reliability of sensitive user data removal and protecting those
data from unauthorized access while the appliance in foreign hands for any reason
has in this case the highest priority.
The used measure of protection must not show any negative impacts
in other computing aspect while using this appliance.
Please see the ssd and all resulting impacts as central point of the question.
There are plenty of discussions in web to be found in regards to
reliability of data removal on ssd and to reliability of data encryption on ssd.
For a newbie however it is not easy to see what of been pointed out is still valid today.
I guess the full disk encryption by a ssd external software solution might be oversized
- only the sensitive user data needs to be protected. Furthermore such approach - full disk encryption -
seems to have sever impacts in other computing aspects.
Similarly the ssd internal encryption solution.
On the another hand achieving the goal by folder/files encryption seems to
be tricky as well. One needs namely to know what are all used cache files and folders
utilized by operating system and all the software in use. So I am in doubt.