Feds Go For Full Disk Encryption - Others Should Follow Their Lead
Now that the federal government is requiring full disk encryption (FDE) of all laptops, will corporations, other governments and large non-profits follow suit? Let’s hope so. If last year’s theft of a laptop with personal information on 28 million veterans and their spouses wasn’t enough to convince security administrators of the need for FDE, they should browse the Privacy Clearinghouse Chronology of Data Breaches or the Lost and Stolen Laptop entries at the Realtime IT Compliance Community blog.
Too often, users are prepared to assume information theft will not happen to them. It’s something like developers who don’t think their applications will get hacked. We need to remove security decisions from those who cannot or do not reasoned, balanced choices with regards to security. FDE is one way. The benefits of FDE, according to the Full Disk Encryption Blog are:
1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data.2. With full disk encryption, the decision of which files to encrypt is not left up to users.
3. Support for pre-boot authentication.
Also, key recovery is a feature available in some FDE systems so lost keys does not mean permanently lost data.
Yes, there is a performance impact with FDE, some comparative statistics on six encryption options are available at http://www.xml-dev.com/blog/index.php?action=viewtopic&id=250.
The decision to deploy FDE should be done in the context of a risk management plan that takes into accoun the cost as well as the impact of the risk, including compliance impacts.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
