Is Drive Encryption Worth the Effort?
While you may not have heard of drive encryption, you’ve probably been using it for some time. How it works is simple. Most workplace grade computers have a special component called a Trusted Platform Module (TPM). Armed with a TPM, your work computer’s operating system can work its magic. Once the initial set up is done, it gets to work encrypting all of the data on the storage drive. What does this do for us? All of the data on the drive will be unreadable when the process completes. Why would we bother doing this? We need to be able to read the data! There’s a catch. All data on the drive will be unreadable, except by the computer that encrypted it. Now that we’ve covered the basics of drive encryption, is it worth all the time and effort?
Why to Encrypt Drives
To answer that question, let’s look at why we would use drive encryption. The goal of encrypting an entire drive is to keep sensitive data out of the wrong hands. Because mobile devices and laptops can be easily stolen, encrypting their storage is a must. What about desktops and servers? While theft of a desktop or server is much more obvious, it does happen. There’s no harm in preparing for the unexpected. What good does drive encryption do if the thief is stealing the very computer that encrypted the data? It is true that the encryption keys will be on the TPM. Odds are that the thief will remove the storage drive from the original device. By plugging the storage drive into another computer, the thief will attempt to read data on the drive. This is where drive encryption stops them.
When to Use Drive Encryption
Lastly, when should we deploy drive encryption? Realistically, everywhere possible. A common counterargument to not using drive encryption is that sensitive data isn’t supposed to be stored in a certain place. For example, employees aren’t supposed to store any data on their computer. Rather, the data should be stored on a network drive. Why leave it up to chance? Accidents do happen, and sensitive data can easily end up where it’s not supposed to be. Protect yourself from unnecessary liability and exposure. Encrypt the drive just in case. Drive encryption doesn’t cost anything. Spend the time and do it.
Implementing Drive Encryption
Most operating systems have drive encryption functionality built in. Professional editions of Microsoft Windows include BitLocker. Mac includes FileVault. Linux users have several choices. If you’re the skeptical type, there are also tons of third party solutions available. We recommend VeraCrypt. As a word of caution – make sure to keep any backup keys that are created during the encryption process. If your TPM malfunctions, you will need a copy of the key to recover the data. Without these backup keys, you’re out of luck.
Stay safe out there.
Article originally appeared on www.almacenetworks.com