Cloud // Cloud Storage
News
12/8/2009
11:51 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Getting Started With Full Disk Encryption

Today, full-system encryption in software is feasible and practical. Here's how to get up and running using solutions from PGP, McAfee, Sophos, and open-source options TrueCrypt and DiskCryptor.




The boot screen for a PGP Desktop-protected system.
(click for image gallery)

The important thing to understand is that once the device is unlocked and booted, it is vulnerable. Locking the system re-instills a modicum of protection, as does sleep mode or total shutdown / hibernation, but while open and running, the system can be compromised. This makes it doubly important for the user to be mindful of the system while it's running, and not to think of system-disk encryption as a security panacea.

As you can imagine, full-system encryption is most useful when you're dealing with a machine that's being taken on the road. It's far less valuable for a computer that's in a fixed location, where physical access can be controlled. In such cases full-disk encryption adds overhead, but not much security.

There are two basic ways to perform full-system encryption. You can get it as part of your operating system, or you can add it after the fact.

OS-level Encryption

Windows, Linux, and BSD all sport some variety of full-disk system-level encryption. In Windows, it's BitLocker, tightly integrated into Vista and 7, although only available in the higher-end SKUs of that product. Many Linux distributions natively support full-disk encryption: Red Hat / Fedora allows you to create new system installations with encryption. Various BSD flavors also sport it: GBDE and GELI on FreeBSD, for instance.

Having the encryption subsystem as part of the OS itself is two-edged. On the one hand, it means you don't have to install anything to get started; everything you need is right there. On the other hand, it also means you're limited by whatever features the OS maker deigned to include, and expanding on their functionality may be difficult.

Linux's dm-crypt subsystem, for instance, is open source (like Linux itself) and can be expanded upon as long as you have some understanding of the code. Likewise, BitLocker has an API with some exposed functionality, but for the most part it's intended to be used in the manner directed by Microsoft.

Third-Party Solutions

The breadth of commercial solutions out there means you can add full-system encryption to pretty much any system after the fact. Keep in mind that most third-party solutions require that you dedicate to them some degree of server resources, for the sake of central management/.

PGP Whole Disk Encryption was originally developed as a free product, but has since been rolled into a for-pay offering, and is generally one of the first products mentioned when discussion turns to commercial-grade encryption. It supports a full gamut of professional features, including support for any smartcard that uses the PKCS-11 library, and allows for automated rollouts of encrypted systems -- something that's valuable if you're adding encryption after the fact to a whole fleet of existing notebooks. A server is mandatory, though. According to the Whole Disk Encryption product sheet, "PGP Whole Disk Encryption is centrally managed by PGP Universal Server which requires a dedicated hardware server."

Previous
2 of 5
Next
Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.