Full disk encryption not a quick and easy fix

F ull...

Full disk encryption (FDE) is tipped to be the top security technology for IT departments in 2009, but it may not offer a quick and easy fix.

IT user organisations and security experts warn that while encryption could keep auditors, regulators and other stakeholders happy, IT departments should not rush into it.

The biggest benefit of FDE is that it makes it unnecessaryfor organisations to separate their sensitive data from their non-sensitive data andit offers protection against all but the most sophisticated hackers.

It is becoming easier for organisations to justify the cost of encryption, but many are failing to take time to plan carefully enough to avoid the pitfalls.

There are still challenges with FDE, but none are insurmountable says Ollie Ross, research head at IT user group, The Corporate IT Forum.

Challenges include compatibility problems with existing applications, user resistance because of the additional passwords, andthe extended boot times needed.

But organisations can avoid most technical and user problems by testing and training staff before deploying encryption, says Gartner analyst John Girard.

Training can explain benefits, manage user expectations and allow organisations to formalise recovery procedures, and encrypting at each refresh can avoid lost productivity, says Ross.

FDE is only effective if companies manage the security credentials of their staff properly, so policy enforcement is vital, says Alessandro Moretti, co-chair of the (ISC)2 European Advisory Board.

ITorganisations cannot dismiss FDE, so it would be best for them to start moving towards it as soon as possible, saysGirard

Those which recognise that they need to spend time on testing, training, deployment and management overheads will reap the most benefits.

Read more on IT risk management