Full disk encryption is expected to be the top security technology to be tested or adopted this year, what are the challenges and benefits likely to be?
Full disk encryption effective, but lost productivity needs to be addresssed
Within large organisations, full disk encryption is already considered necessary to protect files and data - it is becoming an "as standard" technology and has been for some time. Indeed, in certain areas of the IT estate - such as laptops - encryption is now seen as 'unequivocal', writes Ollie Ross, head of research at The Corporate IT Forum.
While high-profile media stories of data losses certainly assist security chiefs to justify the spend on encryption, the companies that participate in The Corporate IT Forum and in our specialist security service tISS, already understand the benefits and the challenges involved.
Users acknowledge that disk encryption can help them comply with data privacy legislation and clearly trust the technology to protect their data against even the most persistent hacker.
Users also point out that because full disk encryption, once implemented, relies very little on the actions of the end user, fewer issues arise. That is not to say there aren't any challenges to overcome - although none are insurmountable.
Some have encountered occasional compatibility challenges depending on what hardware is in use and what applications are currently deployed - and how serious these challenges are depends on how business-critical a non-compatible application is.
In addition to the obvious additional costs, there are also some user challenges relating to additional passwords, impatience with extended boot-up times, lost productivity during the initial encryption implementation process and, of course, getting mobile and field-based workers into the office to encrypt their devices.
A recent discussion offered the following advice for full disk encryption implementation:
• Make someone personally responsible for the effective rollout
• Ensure new or refreshed laptops are built/loaded with an encryption tool before release to the user and that hard disks are checked for physical disk errors prior to applying full disk encryption
• Back up all locally stored data prior to applying encryption
• Communicate how, why and what of solution to all users in plain English and back this up with a person to handle additional questions
• Set user expectations around boot-up time
• Use a centrally managed solution to allow administrators to unlock devices
• Ensure your chosen product has the ability to delegate password resets to front-end service desks
• A monitoring solution is required to enforce the regular attachment of mobile assets
• Formalise recovery procedure/support to mitigate additional adoption issues
• Don't under estimate the need for an appropriate password policy which might differ from the corporate policy
• Perform a post project review and make sure lessons learned are used in future initiatives
This was first published in February 2009