Getting Started With Full Disk Encryption - InformationWeek
Cloud // Cloud Storage
11:51 AM
Connect Directly

Getting Started With Full Disk Encryption

Today, full-system encryption in software is feasible and practical. Here's how to get up and running using solutions from PGP, McAfee, Sophos, and open-source options TrueCrypt and DiskCryptor.

The boot screen for a PGP Desktop-protected system.
(click for image gallery)

The important thing to understand is that once the device is unlocked and booted, it is vulnerable. Locking the system re-instills a modicum of protection, as does sleep mode or total shutdown / hibernation, but while open and running, the system can be compromised. This makes it doubly important for the user to be mindful of the system while it's running, and not to think of system-disk encryption as a security panacea.

As you can imagine, full-system encryption is most useful when you're dealing with a machine that's being taken on the road. It's far less valuable for a computer that's in a fixed location, where physical access can be controlled. In such cases full-disk encryption adds overhead, but not much security.

There are two basic ways to perform full-system encryption. You can get it as part of your operating system, or you can add it after the fact.

OS-level Encryption

Windows, Linux, and BSD all sport some variety of full-disk system-level encryption. In Windows, it's BitLocker, tightly integrated into Vista and 7, although only available in the higher-end SKUs of that product. Many Linux distributions natively support full-disk encryption: Red Hat / Fedora allows you to create new system installations with encryption. Various BSD flavors also sport it: GBDE and GELI on FreeBSD, for instance.

Having the encryption subsystem as part of the OS itself is two-edged. On the one hand, it means you don't have to install anything to get started; everything you need is right there. On the other hand, it also means you're limited by whatever features the OS maker deigned to include, and expanding on their functionality may be difficult.

Linux's dm-crypt subsystem, for instance, is open source (like Linux itself) and can be expanded upon as long as you have some understanding of the code. Likewise, BitLocker has an API with some exposed functionality, but for the most part it's intended to be used in the manner directed by Microsoft.

Third-Party Solutions

The breadth of commercial solutions out there means you can add full-system encryption to pretty much any system after the fact. Keep in mind that most third-party solutions require that you dedicate to them some degree of server resources, for the sake of central management/.

PGP Whole Disk Encryption was originally developed as a free product, but has since been rolled into a for-pay offering, and is generally one of the first products mentioned when discussion turns to commercial-grade encryption. It supports a full gamut of professional features, including support for any smartcard that uses the PKCS-11 library, and allows for automated rollouts of encrypted systems -- something that's valuable if you're adding encryption after the fact to a whole fleet of existing notebooks. A server is mandatory, though. According to the Whole Disk Encryption product sheet, "PGP Whole Disk Encryption is centrally managed by PGP Universal Server which requires a dedicated hardware server."

2 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll