Full disk encryption is expected to be the top security technology to be tested or adopted this year, what are the challenges and benefits likely to be?
Increased mobility makes full disk encryption more important, but so is end-user policy management
The security officer is becoming increasingly aware of the importance of controls for end-user computing, writes Alessandro Moretti, co-chair of the (ISC)2 European Advisory Board, The Information. With end-users becoming more mobile thanks to the advances of technology, the numbers of laptops in an organisation is increasing. Therefore, the number one end-user security spend in 2009 is forecast to be full disk encryption, as current partial disk encryption techniques can be bypassed by the end-user that saves files in unencrypted folders or the security configuration is weak (for example, the encryption key is stored in system files).
Moving to full disk encryption may address some of these issues but it won't fully address the fundamental concern-the user and management policies that go along with it. Full disk encryption still relies on the end-user not recording his or her password on a sticky note or card stored in the laptop bag. The full disk encryption solution is only going to be as good as the management of the security credentials that go with it.
It's my estimation that a full disk encryption solution integrated with strong (two-factor) authentication could deliver the desired results but this will come with an increased demand on budget. Budget which could be spent on the control of even cheaper mobile storage than a laptop, the increasingly prolific portable storage devices.
With end-users having easy access to electronic cameras, mobile phones and memory sticks, preventative controls are needed to control information leakage. These range from simple USB port-blocking solutions, to fully loaded digital rights management implementations. The number one priority for end-user computing spend in 2009 will more likely be linked to controlling portable storage devices.
This was first published in February 2009