Full disk encryption is a data protection method that is used to encrypt every single data file on a hard disk. It is generally used as an added measure for encrypting data within an organization and in conjunction with other data protection methods. Full disk encryption is also used to protect the data that is stored on the hard drive of laptop computers and other portable devices within an organization so when they are used in a remote work area, the data can also be accessed only by the remote user through the use of an authentication device.
How Full Disk Encryption Works
Full disk encryption systems employ strong encryption algorithms that are used to automatically encrypt data as soon as it is stored on the hard drive of a computer or other portable storage device. This type of encryption system is used to ensure that the end user does not forget to encrypt data or select only pieces of data to be encrypted. This way there is no question about what type of data should
be encrypted and provides reassurance that the encryption policies of the organization are being carried out.
Disadvantages of Full Disk Encryption
One drawback of full disk encryption is that it does not encrypt data during the process of transmission when the information is being shared between devices or stored on portable devices such as a flash drive or external hard drive. It also does not protect data that is being transferred over the email from a computer that contains full disk encryption.
Another disadvantage is sometimes full disk encryption requires the entire computer operating system to be decrypted before you can boot up the computer. This means the decryption key has to be accessed before you can get to the interface that requests a password for access to the system.
Advantages of Full Disk Encryption
When an organization employs full disk encryption it is no longer up to the user to decide which files to encrypt for data protection. Whatever files are on the hard drive, they are automatically encrypted and require a password or smart card for access. Everything is encrypted including the computer’s temporary files which are capable of revealing sensitive data.
Full Disk Encryption can also prevent the wrong user from accessing the data with a smart card. The smart card is the authentication device that allows the system to retrieve the key that will decrypt the files on the hard drive. The key provides added security because the data can immediately be rendered useless by destroying the cryptography key.
Full disk encryption systems allow for all of the functions to be managed from a central location within the organization. This includes functions such as decryption key management, access control to the mobile devices, lock-outs if necessary, reporting and recovery of lost passwords or smart cards.