Full disk encryption comes to workgroups

How to secure your data through hard drive encryption

Losing your laptop can be expensive in three ways. First, you'll spend hundreds or thousands of dollars to replace the hardware. Second, you'll suffer the time and aggravation of restoring your data, all the while hoping you have everything backed up properly. But most expensive? Surviving the backlash and legal consequences of losing customer data, financial records and private company information.

How expensive can that last penalty be? Some experts put the minimum price at US$50,000 if you lose customer data that requires you to comply with your state's security breach notification law. All states now have these laws in some form or another. But beyond the legal implications, how would you like to contact all your customers and explain how their financial data was on a laptop you left at the airport security checkpoint?

More than 10,000 laptops per week in the United States stay at the checkpoints after their owners walk away in their retrieved shoes. But if you lose a laptop protected with Full Disk Encryption (FDE), you only have to worry about replacing the hardware and restoring your data. Security breach laws don't apply to laptops with full disk encryption installed because the information on the disk cannot be retrieved without the password.

Disk encryption software hides in the part of the hard disk that initializes the hardware. When you start the machine you provide your password to the encryption software before it loads Windows and your applications and data. Most tools then provide your password to Windows as well, but some may not.

When I say "full disk encryption" I mean a third party option above and beyond normal Windows or Macintosh login security. Your Windows password only stops novice hackers. Windows folder encryption doesn't cover everything, because Windows scatters critical information all over your hard disk. Any disk that doesn't have full disk encryption can be broken and the contents read, particularly if stolen for that reason. Sometimes bad guys are after your good data.

Of course, the 10,000 laptops lost in airports aren't stolen by corporate spies. However, the data breach laws apply to all lost laptops, even those slowly decaying in the lost and found pile (two-thirds of laptops lost at airports are never recovered).

Full disk encryption software has long been used by large enterprises that can afford to spend a couple hundred dollars per laptop and the network infrastructure to support the software. The least expensive personal whole disk encryption software at $35 was discontinued by the maker last year. Now your choices are around $100 per laptop, and free.

Since "free" is always good, take a look at TrueCrypt, the free Open Source full disk encryption software. TrueCrypt isn't the only free option, but it's the most popular. Almost 10 million copies of TrueCrypt have been downloaded over the past few years.

Installing encryption on individual laptops works, but isn't very manageable. The user sets the password, which may not be a good password (see Password Strength). The user may then change the password, or not tell the company what the password is, meaning the laptop data can never be recovered if the user leaves or gets hit by that proverbial truck. If you don't have the correct password for your encrypted laptop, you can't get the data. And the software vendor can't help you, so don't ask.

Large enterprises use dedicated network servers to manage the encryption keys and passwords for each laptop. This allows network administrators to recover passwords when lost, the number one reason for help desk calls. Even if the user changes the password, enterprise encryption management systems can recover the data by technical tricks of key escrow and hardware fingerprints and the like.

For the first time, a small company can get those same management advantages without the enterprise pricing. PGP now sells Whole Disk Encryption Workgroup Edition that lets any standard Windows computer perform the encryption key and password management functions when needed. Aimed at companies protecting 10-150 workstations, PGP provides most of the enterprise management features without the need for enterprise servers and databases.

PGP's cost per license is around the same as competitors at $100 or so depending on price discounts and volume. It only sells this product through its 600 or so resellers, not online or through retail. You can find other individual encryption packages through the major online stores or by searching the Web.

If you have a relationship with another vendor that offers full disk encryption products needing servers and the like for management, call them. Most are talking about a managed service offering to handle the individual computer encryption details over the Web.

Many full disk encryption products also allow you to encrypt data stored to CDs, DVDs and USB drives. Some USB hard drives also come with encryption options. But managing and transmitting passwords for removable storage can be tough. Rethink securely sharing common files via online collaboration tools rather than removable drives.

Wikipedia has a great Comparison of Disk Encryption Software listing. A few are free, most are not, but this is a good starting point for your encryption software search. You should notice that Windows offers the BitLocker full disk encryption on two version of Vista only, and promises it on some versions of Windows 7. But BitLocker is a logical volume encryption system that can't be used on the boot volume. That's why I recommend getting a third party product for full data protection.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags storage

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?