in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Encrypt Entire Hard Disk Drives For Full Protection

There is something to be said about the convenience of full hard drive encryption software like AlertBoot, as opposed to the use of file encryption software.  Granted, both are excellent ways of protecting sensitive data.  However, one is more foolproof than the other.  (I'm referring to hard drive encryption, of course.)

Also known as full disk encryption (or whole disk encryption), hard drive encryption does exactly what its name implies: it encrypts the contents of an entire hard drive.  However, the wording here is very important because it implies something that hard drive encryption doesn't do.

Hard Drive Encryption Encrypts Data But Not Your Files

If an unencrypted hard drive resembles a box where you can place sensitive documents, an encrypted hard drive is like a safe with locks.  I find this analogy to be very helpful in explaining how full disk encryption does not encrypt your files.

Remember, encryption is the process of scrambling data.  This means that, if files are encrypted, that file undergoes a change (the scrambling process).  If you copy that encrypted file to a USB memory stick or send it via e-mail, the file will remain scrambled.

However, this is not so with hard drive encryption.  That is, the file will remain encrypted as long as it stays within that hard drive, but if the file is taken off the drive, then the file not be encrypted anymore.

And that's why the locked safe box analogy works to illustrate the point.  Placing a document in a safe doesn't materially change the document itself.  The protection is afforded by the safe.  Take the document out of the safe and it faces a significantly higher risk of its contents being read like normal, regular files.

Minimize the Risk of Not Encrypting Sensitive Files

And yet I noted at the top of the page that hard drive encryption is foolproof.  How? you may be asking.

The answer has to do with the way computers create temporary files, and the availability of excellent search software.
Temporary files are created whenever you work on a digital document.  You probably can't see them, since the settings for the latest versions of Windows are automatically set to "do not show," but opening a Microsoft Word file and just typing one letter will create a temporary file, a file with a name that ends in ".tmp."

These are created left and right as significant changes are made to the original document, and usually carry the same information as the actual file.  Temporary files do not overwrite themselves, so plenty of these are created over a given hour.  These files are supposed to delete themselves once you close the original…but it doesn't always work that way.

This means you may potentially have hundreds, maybe thousands, of temporary files on your computer.  Whether the information in those files are sensitive, nobody knows.  In the past, it would have meant having to open every single one of them in order to find out, and this afforded a form of protection known as "practical obscurity:"  It's annoying to open thousands of files knowing that there may be nothing of interest there, so most people don't even bother.

Today, however, there is plenty of (cheap) software out there that will do the search for you.  For example, software that peers into files to see if 9-digit numbers can be found, potentially numbers that represent SSNs.  Credit cards are usually 16 digits, longer if they happen to be American Express.  The software can account for dashes, spaces, etc.  Finding sensitive information has become a piece of cake.

Who's going to take the time to encrypt temporary files?  No one, and this could be a potential data breach source.  If you encrypt entire hard drives, though, this won't be a problem.  You do need to remind yourself to encrypt any files getting off of that drive, though.

Performance Hits? Not Applicable for Most People

If I may go on a tangent, I was a supporter of the seti@home project when it started gaining momentum, back in 1998.  The seti@home project is a distributed computer processing project that analyzes space signals from the Arecibo observatory (They're looking for E.T.  No, for real; they are).

I wouldn't have done it, though, if my computer were to experience a performance hit.  But that was never an issue because I mostly used my computer for typing reports and running small spreadsheets.  Even if I were to type 300 words a minute, the computer was probably doing the equivalent of twiddling its thumbs a million times between my keystrokes.

Likewise, performance hits coming from full disk encryption are minimal at best for the average computer user.  Computer performance used to be an issue in the past (like 10 years ago) because the hard drive continuously encrypts data as you're creating and modifying documents.  But with modern computer hardware, you shouldn't notice performance hits unless you make it a point to track that stuff.

All in all, hard drive encryption represents an excellent way of safeguarding your electronic data.

 
<Previous Next>

External Hard Drive Encryption Is Easy To Do

Is Disk Encryption Software Lacking On Missing South Wales Council USB Memory Stick?

Comments

Encrypt Entire Hard Disk Drives For Full Protection - AlertBoot Endpoint Security said:

Pingback from  Encrypt Entire Hard Disk Drives For Full Protection - AlertBoot Endpoint Security

April 11, 2009 9:35 AM
 

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.