Why SMBs Should Adopt Full-Disk Encryption

Paul Mah

Small and mid-sized businesses are paying a lot more attention to security now than in the past, according to Symantec 2010 Global SMB Information Protection Survey. On this front, I recently took a look at the LOK-IT secure flash drives; and IronKey . Both products enhance security by using hardware encryption technology to prevent unauthorized parties from accessing their contents.


Stolen or misplaced USB flash drives are but one possible chink in the armor against information loss. On the other hand, the sheer portability and increased use of laptops mean that they are even more prone to theft. In fact, the greater amount of information contained in a typical laptop means that a stolen one could be even more problematic than a lost flash drive.


SMBs serious about protecting themselves should consider adopting use of full disk encryption (FDE), which entails encrypting the entire hard disk of the computing device.


Debunking the objections


The truth about FDE is that many of the initial barriers against adopting it are no longer valid, says a recent article on Search Midmarket Security. In "Laptop full disk encryption: Debunking myths", tests by an independent third party on behalf of CheckPoint Software were cited. Of the three major software FDE products on the market, the performance degradation that was measured averaged less than 10 percent. Referring to this figure, contributor Mike Chapple argued that "In the grand scheme of things, this is not a major performance impact, especially in light of the security benefits to the organization."


Another myth would be how the use of FDE interferes with the ability to perform disk defragmentation, resulting in poor hard disk drive performance over prolonged periods of time. The major FDE products available today do provide applications with direct access to disk, however, which means that administrators can continue to schedule the disk defragmentation as necessary.


My opinion is that the use of solid-state drives will continue to increase, eventually eclipsing that of traditional HDDs. Their superior performance and the fact that SSDs do not require defragmentation in the first place will be the final straw in the debate against these outdated reasons to not implement FDE.


The real challenge of FDE


The most complex piece of the puzzle when it comes to implementing FDE is really about management of the encryption key as well as properly educating staffers on the technology. Key management entails ensuring that organizations retain the ability to access encrypted data should users forget their passwords, due to an unfortunate demise, or even when employees are fired.


In addition, staffers need to be aware that FDE is not a magic bullet to for all security-related woes. For one thing, the use of FDE doesn't protect against spyware siphoning off confidential information, or when users inadvertently negate such defenses by disabling their login passwords for the sake of convenience.


Various FDE options


The easiest way to achieve software-based FDE would be to make use of Microsoft BitLocker, which can be found in the Enterprise and Ultimate version of Windows 7 and Windows Vista. The licensing cost might unfortunately be outside the budget of some SMBs, though, and I shall be taking a look at another solution by Check Point shortly.


Beyond the use of data encryption, I would love to hear practical ways that SMBs can protect themselves against information loss. Feel free to add your comments below.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Jul 4, 2010 1:16 PM Edy Almer Edy Almer  says:


Some important challenges with Disk Encryption are around operations. You have to pretty much disable all authentication and encryption to allow patch management and software distribution, and password/credential recovery becomes an operational issue.

Safend has an alternative to pre-boot authentication based Full Disk Encryption.



Jul 4, 2010 4:09 PM David Maher David Maher  says:


Another point to mention is that depending on the FDE solution selected there are other benefits such as removable media encryption (usb drives, sd cards, etc) which allows you to protected data copied to them but also the ability to share the encrypted media with others in the business in a secure manner.  For an SMB who wants to protected their data this is an important issue.

I'd also suggested looking at Becrypt's DISK Protect solution.



Jul 23, 2010 10:28 AM Steve Steve  says:

This may also be another solution.

I ran accross this website that offers great data security with encryption.

Jul 23, 2010 10:34 AM Steve Steve  says: in response to David Maher

II guess I should have gave the web site.



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.