|
 |
|
General Information
|
Add To My Personal Library |
March 13, 2009
• Vol.31 Issue 10
Page(s) 35 in print issue
|
Full-Disk Encryption
The Use Of FDE Is Growing—Is It Right
|
| Key Points
• There are a number of benefits to FDE, such as faster virus scans and safer password handling.
• FDE is now in other types of offerings besides specialized software, such as self-encrypting hard disks, PC chipsets, and even on an operating system.
• Issues related to FDE include the ability to decrypt the data if it’s needed, backups, and training and management challenges. | A recent study from Forrester Research notes that one in five security groups plans to adopt FDE (full-disk encryption) over the next year. When combined with the percentage of companies already using the technology, the research firm believes that enterprise adoption will near 50% this year.
With adoption on the upswing, many data center managers are considering the technology, and for good reason. Because FDE is true to its name—encrypting every piece of data on a disk or disk volume—there are a number of benefits to the technology, especially when compared to traditional software encryption, notes David James, vice president of advanced product engineering at Fujitsu (www.fujitsu.com).
“We’ve seen improvements like a virus scan that’s five times faster than software encryption,” he says. “The software encryption schemes have also got some other problems from a security point of view.”
An example, he says, is that software requires encryption keys to be present in the main memory, so they’re there when the system is running. But that makes them open to being accessed by malware. With hardware-based FDE, passwords are transferred to the drive before the OS boots, a much better security tactic.
FDE can be based in a number of technologies, such as controllers, software, and switches, so enterprises will need to consider all of the options before making a choice.
Reasons For Choosing FDE
FDE can be used on both laptops and desktops, and there are two main business drivers for adoption, says Nagraj Seshadri, senior product marketing manager at Utimaco Safeware (www.utimaco.com), part of the Sophos Group. One is compliance with data security regulations, and the other is intellectual property protection. But even without regulatory directives, FDE makes sense for more robust security, believes Seshadri.
“Increasingly, state regulations, such as those enacted by Massachusetts, greatly expand the scope for FDE to cover every business, regardless of size, that owns or stores personal information,” he says. “In general, it is a security best practice for enterprises to encrypt desktops, laptops, and servers, even if they don’t seem to fall under a specific regulation.”
Until recently, FDE has only been available as specialized software, says Seshadri, but it is now in other types of offerings such as self-encrypting hard drives, PC chipsets, and even on an operating system.
“Software FDE solutions are becoming simpler to install and maintain,” he notes. “Enterprises need to evaluate the offerings carefully to determine their suitability.” Each type has its advantages, he adds, but there are aspects of FDE to consider, such as suitability with existing systems, emergency password and data recovery scenarios, user-transparent data sharing, central administration, and audit sharing.
Self-encrypting drives, in particular, are a compelling option for SMEs, notes Henry Fabian, executive director of core marketing at Seagate (www.seagate.com). With these type of drives, companies can return leased systems without having to spend days overwriting the drives or paying a service fee to ensure the data is destroyed.
Fabin says, “They can get the full value out of the drive after they have used it by returning it for warranty or repair, rather than destroying the drive because of concern of their customers’ data falling into the wrong hands. Self-encrypting drives should be one part of a comprehensive security plan.”
Potential Challenges
As with any technology rollout, there can be challenges with FDE implementation, and much like other types of systems and applications, FDE isn’t a “one size fits all” solution, notes Keith Jones, senior partner at Jones Dykstra & Associates, a technology consulting firm.
“The biggest general issue is the ability to decrypt the data if it’s needed,” he says. For example, an employee may leave the company, and a supervisor could have trouble retrieving files off the person’s laptop if the computer can’t be decrypted, according to Jones.
He points out that computer forensics can also be affected if an IT department needs to perform investigations on data. Jones says, “Encryption typically puts a speed bump into our investigation because we have to decrypt the data before we get to analyze it.”
Backups might also present some issues, adds Taher Elgamal, chief security officer at Axway (www.axway.com), a business integration provider. He says, “FDE has the least amount of interoperability issues among security technologies since the operations are local. It is only when laptop backups are performed that challenges occur.”
FDE uses a type of user password to protect encryption keys, he notes, so an enterprise needs to manage the keys, which can be an additional management layer.
Finally, there’s the training challenge, adds Ram Krishnan, senior vice president of products and marketing for GuardianEdge (www.guardianedge.com): “The main challenge with implementing the solution is not so much the encryption technology; it is incorporating the solution into the organization’s internal processes.”
For example, he notes, FDE will be involved in handling provisioning, deployment and support, enabling end-user ease of use and transparency, help desk calls, and facilitating flexible audit and reporting processes.
“When integrating FDE, it is key to select a cost-effective product that fits into your existing IT architecture and is easily managed,” Krishnan adds.
Looking Ahead
In general, the technology has all of the features it already needs to be used at enterprises of every size, believes Fujitsu’s James: “The fact that there’s no performance impact and that it works very well for large companies, as well as smaller ones that have just a handful of machines, will keep up the interest level. We see 2009 as the year of getting the message out that FDE has a huge number of benefits.” 
by Elizabeth Millard
View the chart that accompanies this article.
(NOTE: These pages are PDF (Portable Document Format) files. You will need Adobe Acrobat to view these pages. Download Adobe Acrobat Reader)
|
|
