Full disk encryption is expected to be the top security
technology to be tested or adopted this year, what are the
challenges and benefits likely to be?
Full disk encryption effective, but lost productivity needs to
be addresssed
Within large organisations, full disk encryption is already
considered necessary to protect files and data - it is becoming an
"as standard" technology and has been for some time. Indeed, in
certain areas of the IT estate - such as laptops - encryption is
now seen as 'unequivocal', writes Ollie Ross, head of research at
The Corporate IT Forum.
While high-profile media stories of data losses certainly assist
security chiefs to justify the spend on encryption, the companies
that participate in The Corporate IT Forum and in our specialist
security service tISS, already understand the benefits and the
challenges involved.
Users acknowledge that disk encryption can help them comply with
data privacy legislation and clearly trust the technology to
protect their data against even the most persistent hacker.
Users also point out that because full disk encryption, once
implemented, relies very little on the actions of the end user,
fewer issues arise. That is not to say there aren't any challenges
to overcome - although none are insurmountable.
Some have encountered occasional compatibility challenges
depending on what hardware is in use and what applications are
currently deployed - and how serious these challenges are depends
on how business-critical a non-compatible application is.
In addition to the obvious additional costs, there are also some
user challenges relating to additional passwords, impatience with
extended boot-up times, lost productivity during the initial
encryption implementation process and, of course, getting mobile
and field-based workers into the office to encrypt their
devices.
A recent discussion offered the following advice for full disk
encryption implementation:
• Make someone personally responsible for the effective
rollout
• Ensure new or refreshed laptops are built/loaded with an
encryption tool before release to the user and that hard disks are
checked for physical disk errors prior to applying full disk
encryption
• Back up all locally stored data prior to applying
encryption
• Communicate how, why and what of solution to all users in
plain English and back this up with a person to handle additional
questions
• Set user expectations around boot-up time
• Use a centrally managed solution to allow administrators to
unlock devices
• Ensure your chosen product has the ability to delegate
password resets to front-end service desks
• A monitoring solution is required to enforce the regular
attachment of mobile assets
• Formalise recovery procedure/support to mitigate additional
adoption issues
• Don't under estimate the need for an appropriate password
policy which might differ from the corporate policy
• Perform a post project review and make sure lessons learned
are used in future initiatives
Read more advice from the Computer Weekly Security Think Tank
>>