Picture by anyaberkut | iStock
TABLE OF CONTENT |
Encryption has been the ultimate choice for ensuring data privacy since its early stages hundreds or even thousands of years back. We in IT industry know very well the importance of data encryption, but we also know very well the potential complications thus we generally tend to avoid data encryption solutions. Such complications may include changes in end-user experience, risk of data corruption, additional authentication steps, user denying corporate access to data, and more. But still we need it to protect our most valuable asset and to check that box in the compliance checklist.
Many companies and organizations have one or more IT regulations to which they have to comply (and remain compliant). Majority of such regulations mandate that sensitive data has to be properly protected. Take HIPAA for example where it mentions the following as one of its Technical Safeguards:
"Information systems housing PHI must be protected from intrusion.
When information flows over open networks, some form of encryption must be utilized.
If closed systems/networks are utilized, existing access controls are considered sufficient and encryption is optional."
GDPR also now is an essential regulation that huge portion of businesses has to comply with. According to GDPR, companies have to take security measures to protect their sensitive data. These are in particular measures that prevent unauthorized persons from gaining access to this data.
Furthermore, PCI DSS mentions FDE as a valid measure to protect stored cardholder data. Take the following from Requirement #3.4.1:
“If disk encryption is used (rather than file- or column-level database encryption), logical access must be managed separately and independently of native operating system authentication and access control mechanisms (for example, by not using local user account databases or general network login credentials). Decryption keys must not be associated with user accounts.”
Protecting data becomes of much relevance when it is residing on mobile endpoints (e.g., laptops). Despite the increasing use of smartphones and tablet PCs, both traditional and 2-in-1 laptops are still the preferred choice for most mobile workforce in businesses today. With ongoing improvements in technology, those laptops are getting more and more room to store data. Gone are the days of a few gigabytes of disk space where nowadays you see new laptops come with at least 500 GBs if not a terabyte, two or even more. The risk of data loss therefore is definitely maximized.
Besides, to be more relevant in our discussion to corporate environments and business needs, you might have to consider FDE too for non-portable endpoints – desktops, workstations and perhaps even servers. And yes, virtual machines are no difference and has to be FDE-encrypted in several cases! So you want to make sure all grounds are covered as the essence of data protection is the same regardless of endpoint type.
The Windows operating system offers in general an adequate level of information privacy in many cases. But little or no protection is there natively in cases of lost or stolen computers. This is another serious setback that when thrown into the mix calls louder for finding a solid solution.
FDE technology is one where the entire internal hard disk is encrypted bit-by-bit and sector-by-sector, including kernel files, system drivers, page and swap files, and everything else. Being a non-intrusive process, the user can go about doing their work normally, unaffected. It is also completely transparent to the end-user, operating system and applications so normal system operations remain unchanged.
There are a few enterprise-class FDE solutions in the market today, and the Germany-based DriveLock SE is a global leader in this field.
Adopted by huge number of customers, DriveLock FDE solution today is protecting hundreds of thousands of endpoints worldwide. Customers are enjoying the features below.
Being a top endpoint security vendor, DriveLock SE delivers to you a robust FDE solution that is easy to configure and deploy, and smooth to administer, operate and support.
But do not go away just yet as our story does not end here!
To further help you towards building a versatile defense-in-depth solution, DriveLock SE also offers on top of the same platform file and folder encryption, removable storage encryption, application whitelisting, device control, and security awareness and education solutions. All based on the same management core, adding more components to the platform will help businesses better protect their data, defend against cyberattacks while maximizing their return on investment (ROI).