Full disk encryption is expected to be the top security technology to be tested or adopted this year, what are the challenges and benefits likely to be?
Performance faster but easier interfaces still very expensive
Full disk encryption (FDE) appears to offer an ideal solution to the increasingly publicised losses of data on laptops, CDs and thumb drives, writes Gary Wood, research consultant at the Information Security Forum. By encrypting all the storage area on a device, FDE removes the need for an end-user to consider whether the information is protected. If a laptop or disc is lost or stolen, the solutions now available are sufficiently robust that the information is safe from all but the best-funded attacker. At the same time as pleasing auditors, regulators and the public, FDE can also prove beneficial for the organisation in the event of a loss and expensive steps to attempt to recover the missing asset can, in some cases, be avoided.
The implementation of full disk encryption has come a long way in recent years. Key management and recovery processes have improved, and the traditional sticking point of making slow laptops even slower is no longer relevant in this world of low-cost dual core processors. Indeed, the next step for many disk vendors is hardware-level encryption in the disk drive itself, a solution already offered by a number of vendors.
Full disk encryption is not a perfect solution, however. Not all available products function well with hibernation a previously simple data recovery exercise may now be impossible or at least very expensive to perform. One should not forget that encryption is most effective when the device is turned off - supporting controls on the end-user device (such as password protected screen-savers) must be still configured to protect a device left unattended while turned on. The most user- and administrator-friendly solutions are still expensive, often costing more than £100 a seat.
Many organisations have already implemented full disk encryption. For those that have not, this year may show whether FDE becomes as essential as malware protection and personal firewalls, or whether is just the latest silver bullet soon to be eclipsed by another regulatory fad.
This was first published in February 2009