skip navigation
Home » Content » P-Guides, Articles and Reviews

Full Disk Encryption

Download

Full Disk Encryption.pdf (76.65 KB)

August 2, 2010 - These days data protection is a critical issue for many businesses, as an increasing amount of valuable confidential information travels across various environments and is stored on a wide range of endpoint devices, such as PCs, laptops, removable hard drives and USB sticks.

Data theft can do a lot of damage and even potentially destroy a company, no matter whether it's a small privately owned business or a large enterprise. That's why businesses around the world pay so much attention to protecting their systems.

There are many ways of ensuring office and server computer security - from hardware protection to various tools included in security suites. But one of the most effective means of data theft prevention is full disk encryption (FDE).

Full disk encryption protects computers by encrypting every single bit of data on a disk and requiring a password or a USB flash drive with the decryption key at boot up to prevent unauthorized access. If the computer is lost or stolen, all the data, including the operating system, is unreadable without the decryption key or password. This makes FDE a lot more secure than regular file and folder encryption, where only certain data is protected, leaving the whole system vulnerable to theft, hackers and malicious software attacks. That's why full disk encryption is highly recommended when a robust security solution is required.


Benefits of FDE:
Here are the key benefits of full disk encryption (FDE):

  • Practically everything, including the page file and temporary files, is encrypted. This technology minimizes the risk of any confidential data being obtained by unauthorized users;
  • Pre-boot authentication support;
  • Deleting the cryptography keys makes all data, as it can't be read without the decryptor key.

There is a wide variety of full disk encryption products on the market – from tools that are part of comprehensive security suites designed for business users to separate FDE products. Here is an overview of the most popular full disk encryption solutions.


BitLocker Drive Encryption:
BitLocker Drive Encryption is an FDE solution from Microsoft. It is included with the Ultimate and Enterprise editions of Windows Vista and Windows Seven, as well as Windows Server 2008 and Windows Server 2008 R2. By default it uses the AES encryption algorithm (CBC mode with a 128 bit key), combined with the Elephant diffuser for additional disk encryption.

BitLocker can be run in the following modes:

  • Transparent Operation Mode that is based on Trusted Platform Module (TPM) 1.2 support that allows the user to log onto Windows normally, as the disk encryption key is sealed by the TPM chip
  • User Authentication Mode that requires the user to provide authentication to the pre-boot environment (pre-boot PIN)
  • USB Key Mode that requires the user to insert a USB flash drive containing the decryptor key
  • Provides the end-user local Administration rights- presenting the opportunity to shut FDE off. The above-mentioned modes can be used either separately or combined as desired.


One of the disadvantages of BitLocker Drive Encryption is that it is not available on all Windows versions, so businesses that do not use Windows Vista and Windows Seven Enterprise and Ultimate editions need to look for a third-party FDE solution.  Another disadvantage is that BitLocker gives the end user local admin rights which gives the end user the ability to turn off the encryption functionality.  Also, BitLocker does not provide reporting, so if a laptop goes missing it makes it nearly impossible to prove that it is indeed encrypted. 

Sophos SafeGuard Device Encryption:
SafeGuard Device Encryption is a module of Sophos Endpoint Security and Data Protection, an integrated security solution for businesses. The suite includesanti-virus and anti-spyware protection, client firewall, data loss prevention content monitoring, management of removable storage devices, integrated network access control, full disk encryption, and it detects and blocks unauthorized software.

SafeGuard Device Encryption is designed to protect confidential data on laptop and desktop computers for internal and external hard disks and offers the following benefits:

  • Full data protection against unauthorized access, loss or theft on laptops and desktops with full disk encryption;
  • Advanced keyring functionality that enables easy recovery of encrypted media;
  • Central administration that ensures compliance and make it easier for administrators to manage the environment;
  • The flexibility to be deployed in non-centrally-managed environments

    Its features include strong encryption algorithms, encryption of swap and hibernation files to maximize security, user-friendly customizable pre-boot logon screen, and biometric fingerprint authentication.

Symantec Endpoint Encryption:
According to the Symantec website, Symantec Endpoint Encryption 7.0provides advanced encryption for desktops, laptops, and removable storage devices. It offers scalable, company-wide security that prevents unauthorized access by using strong access control and powerful encryption. Symantec Endpoint Encryption provides a central management console that enables safe, central deployment and management of encryption to endpoint devices.

The key benefits of Symantec Endpoint Encryption are:

  • Accidental data loss prevention;
  • Full encryption of data on hard disks;
  • Boot protection, pre-boot authentication and event logging;
  • Scalable, centralized management for easy deployment and administration;
  • Multi-factor authentication for increased security 


One of the major advantages of Symantec's full disk encryption solution is the availability of the Endpoint Encryption – Removable Storage Edition, that is designed to prevent unauthorized access to removable storage devices, such as USB flash drives and SD cards.

TrueCrypt:
Small and medium-sized businesses that are on a tight budgets but still need to use full disk encryption software might want to consider TrueCrypt– a free, open-source disk encryption software that supports Windows XP, Vista, 7, as well as Mac OS X and Linux. Despite the fact that it's free, TrueCrypt's features can match up to those of the paid products:

  • Creation of a virtual encrypted disk within a file that is monted as a real disk
  • Encryption of an entire partition or storage device, such as USB flash drive or hard drive
  • Encryption of a partition or drive where Windows is installed (pre-boot authentication)
  • Transparent automatic real-time encryption
  • Parallelization and pipelining support that allows data to be read and written as fast as if the drive was not encrypted
  • Hidden volume (steganography) and hidden operating system support;
  • Strong encryption algorithms


All of the above-mentioned full disk encryption products offer comprehensive protection, are practical and feasible. However, IT department specialists need to remember that even though full disk encryption greatly reduces the risk of data being compromised, a lot depends on the way the technology is implemented. That's why it is highly recommended to educate the end users to ensure the correct usage of FDE software.

In addition to these leading FDE solution options, your technology reseller can be a valuable resource for you to use when navigating FDE. Let your technology reseller do some of the heavy lifting for you when you are having licensing or technical support issues, and if they are not meeting your expectations, let Productive demonstrate their level of service .As a specialized software reseller, Productive offers a unique approach when assisting their customers. When customers use Productive as their first point of contact, Productive is able to advocate on their behalf. Contacting Productive with an issue is very straight forward, simply call 800-726-4099, or email help@productivecorp.com.
 

About Productive Corporation
Productive Corporation is a specialized software reseller that helps small and medium businesses across North America with software initiatives in security, storage and infrastructure.  We provide subject matter expertise, access to technical support, and relevant content for IT staffs in the Mid-Market.