Full disk encryption comes to workgroups

How to secure your data through hard drive encryption

Losing your laptop can be expensive in three ways. First, you'll spend hundreds or thousands of dollars to replace the hardware. Second, you'll suffer the time and aggravation of restoring your data, all the while hoping you have everything backed up properly. But most expensive? Surviving the backlash and legal consequences of losing customer data, financial records and private company information.

How expensive can that last penalty be? Some experts put the minimum price at US$50,000 if you lose customer data that requires you to comply with your state's security breach notification law. All states now have these laws in some form or another. But beyond the legal implications, how would you like to contact all your customers and explain how their financial data was on a laptop you left at the airport security checkpoint?

More than 10,000 laptops per week in the United States stay at the checkpoints after their owners walk away in their retrieved shoes. But if you lose a laptop protected with Full Disk Encryption (FDE), you only have to worry about replacing the hardware and restoring your data. Security breach laws don't apply to laptops with full disk encryption installed because the information on the disk cannot be retrieved without the password.

Disk encryption software hides in the part of the hard disk that initializes the hardware. When you start the machine you provide your password to the encryption software before it loads Windows and your applications and data. Most tools then provide your password to Windows as well, but some may not.

When I say "full disk encryption" I mean a third party option above and beyond normal Windows or Macintosh login security. Your Windows password only stops novice hackers. Windows folder encryption doesn't cover everything, because Windows scatters critical information all over your hard disk. Any disk that doesn't have full disk encryption can be broken and the contents read, particularly if stolen for that reason. Sometimes bad guys are after your good data.

Of course, the 10,000 laptops lost in airports aren't stolen by corporate spies. However, the data breach laws apply to all lost laptops, even those slowly decaying in the lost and found pile (two-thirds of laptops lost at airports are never recovered).

Full disk encryption software has long been used by large enterprises that can afford to spend a couple hundred dollars per laptop and the network infrastructure to support the software. The least expensive personal whole disk encryption software at $35 was discontinued by the maker last year. Now your choices are around $100 per laptop, and free.

Since "free" is always good, take a look at TrueCrypt, the free Open Source full disk encryption software. TrueCrypt isn't the only free option, but it's the most popular. Almost 10 million copies of TrueCrypt have been downloaded over the past few years.

Installing encryption on individual laptops works, but isn't very manageable. The user sets the password, which may not be a good password (see Password Strength). The user may then change the password, or not tell the company what the password is, meaning the laptop data can never be recovered if the user leaves or gets hit by that proverbial truck. If you don't have the correct password for your encrypted laptop, you can't get the data. And the software vendor can't help you, so don't ask.

Large enterprises use dedicated network servers to manage the encryption keys and passwords for each laptop. This allows network administrators to recover passwords when lost, the number one reason for help desk calls. Even if the user changes the password, enterprise encryption management systems can recover the data by technical tricks of key escrow and hardware fingerprints and the like.

For the first time, a small company can get those same management advantages without the enterprise pricing. PGP now sells Whole Disk Encryption Workgroup Edition that lets any standard Windows computer perform the encryption key and password management functions when needed. Aimed at companies protecting 10-150 workstations, PGP provides most of the enterprise management features without the need for enterprise servers and databases.

PGP's cost per license is around the same as competitors at $100 or so depending on price discounts and volume. It only sells this product through its 600 or so resellers, not online or through retail. You can find other individual encryption packages through the major online stores or by searching the Web.

If you have a relationship with another vendor that offers full disk encryption products needing servers and the like for management, call them. Most are talking about a managed service offering to handle the individual computer encryption details over the Web.

Many full disk encryption products also allow you to encrypt data stored to CDs, DVDs and USB drives. Some USB hard drives also come with encryption options. But managing and transmitting passwords for removable storage can be tough. Rethink securely sharing common files via online collaboration tools rather than removable drives.

Wikipedia has a great Comparison of Disk Encryption Software listing. A few are free, most are not, but this is a good starting point for your encryption software search. You should notice that Windows offers the BitLocker full disk encryption on two version of Vista only, and promises it on some versions of Windows 7. But BitLocker is a logical volume encryption system that can't be used on the boot volume. That's why I recommend getting a third party product for full data protection.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securitystorageencryption

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments



Sansai 6-Outlet Power Board + 4-Port USB Charging Station

Learn more >

Victorinox Werks Professional Executive 17 Laptop Case

Learn more >



Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?