Tip

Channel Forecast: '07 looks bright for full disk encryption

This year's high-profile cases involving the loss of personal information from organizations such as the Veterans Administration, HP

    Requires Free Membership to View

, GE, Ford, Starbucks and many others -- large and small -- all have one thing in common: they resulted from the theft of laptops that contained the information. An August 2006 survey of nearly 500 technology companies reported that 81% had lost laptops holding sensitive data. The Privacy Rights Clearing House estimates that between Feb. 15, 2005 and Nov. 3, 2006, the number of personal information records lost from all causes was 97,148,596. These losses are having repercussions, including legislation, terminations and legal action.

Given these problems and the huge risk that they pose for organizations of every type, you can expect that your customers will be moving to protect their data against the potential theft of its host laptop. One promising way to help them achieve this is with the use of full disk encryption (FDE), in which all files stored on the laptop are seamlessly encrypted.

The important words here are all and seamlessly. Earlier systems, such as Microsoft's Encrypting File System (EFS), require the user to mark sensitive files with an encryption attribute to cause them to be encrypted. Thus, EFS depends on the user to take a specific action. FDE encrypts all files without any special action on the user's part. In the best case, the only interaction required from the user is to enter a password when the computer is booted. Because all files on the laptop are encrypted, usually with AES or Triple DES, no data will be compromised if the laptop is stolen.

There are two ways to implement FDE. In the first, encryption is handled entirely in hardware. The Seagate Momentus 5400 FDE.2 drive is an example. The user supplies a password at boot time and the drive uses it to transparently encrypt all data written to the disk; data read from the drive is decrypted on the fly using the same password. Because the crypto functions are performed by the drive's electronics, performance is comparable to a normal drive. A disadvantage of these drives is that loss of the password results in loss of the data.

The second way of implementing FDE is in software. Microsoft's BitLocker software, available in some versions of its Vista OS is one example, but there are many others. Because these systems depend on the CPU to do the encryption, there are some performance penalties, but they generally provide a recovery mechanism for lost passwords.

About the author
Jon Snader is a TCP/IP and VPN expert whose background includes work in networking, security, communications and radio network controllers. He is the author of VPNs Illustrated: Tunnels, VPNs and IPSec and Effective TCP/IP Programming: 44 Tips to Improve Your Network Programs, both published by Addison-Wesley. You can reach him via his Web site or via email. As an expert on SearchNetworkingChannel.com, he's also available to answer your VPN questions.


This was first published in December 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.