Menu

Full Disk Encryption

Encryption seems like a simple way of protecting data but it is a process of encoding information or data in which only the authorized person can get access to it. It is most useful for laptops and personal computers. Full disk encryption is used to automatically protect the entire data stored in the hard disk of a laptop or PC. The authorized person can get access to the data by using passwords, token, and smart cards.

There is a huge difference in full data encryption and file or folder encryption. A data is automatically encrypted when it is stored in the hard disk whereas in file encryption the users decide which data to encrypt. Full data encryption is more secure than file encryption.

The major weakness of full data encryption is that it does not protect in transit, like data stored in an external hard drive, USB, emails and data shared between devices.

Encryption Dos 

DO prep the machine. Before installing encryption, it is vital to ensure that the system or machine is clean and running properly. If the system is facing any problem related to the disk than the specific code to the encryption engine will not be readable. Before installing the encryption, the users should defragment the hard drive, run check disk, back up the data, administer all the patches, and optimize the performance.

DO consider background installation. Before installing the encryption, the user should consider a system that enables background installation or allows the users to work during the installation.

DO test on a pilot group. It would be great if the user caries a pilot test before installing it to the entire system. It can be carried for various reasons such as ironing out potential problems, gauging user’s resistance and scope of full deployment. The user may get confused about installing and fails to set up the enrollment properly. Carrying a pilot test will help them install encryption to the system successfully.

DO consider your authentication options. There are various authentication mechanisms a user can use that can be a password, PINs, smart cards, and tokens. Organizations use two different passwords, one for the reboot and one to enter the network domain. The user can also use a single sign-on option too.

DO consider support for removable media. More attention is provided to removable media encryption with the popularity of USB media drives. Most of the full data encryption vendors are now offering encryption for removable media.