Channel Forecast: '07 looks bright for full disk encryption

This year's high-profile cases involving the loss of personal information from organizations such as the Veterans Administration, HP, GE, Ford, Starbucks and many others -- large and small -- all have one thing in common: they resulted from the theft of laptops that contained the information. An August 2006 survey of nearly 500 technology companies reported that 81% had lost laptops holding sensitive data. The Privacy Rights Clearing House estimates that between Feb. 15, 2005 and Nov. 3, 2006, the number of personal information records lost from all causes was 97,148,596. These losses are having repercussions, including legislation, terminations and legal action.

Given these problems and the huge risk that they pose for organizations of every type, you can expect that your customers will be moving to protect their data against the potential theft of its host laptop. One promising way to help them achieve this is with the use of full disk encryption (FDE), in which all files stored on the laptop are seamlessly encrypted.

The important words here are all and seamlessly. Earlier systems, such as Microsoft's Encrypting File System (EFS), require the user to mark sensitive files with an encryption attribute to cause them to be encrypted. Thus, EFS depends on the user to take a specific action. FDE encrypts all files without any special action on the user's part. In the best case, the only interaction required from the user is to enter a password when the computer is booted. Becaus

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Channel Issues & Commentary The pros and cons of offering specialized security services PCI compliance: Web application firewall vs. code review How to leverage integrated security and storage Making the most of selling antivirus services Should VARs embrace the monoculture? How to recession-proof your information security business Top five security service provider tips of 2007 How to maintain healthy relationships with small security vendors Incident response services: A five-step program for security VARs Find the best security engineers for your managed services Wireless LAN Security Must-haves for wireless network security: WLAN switches, intrusion detection and more How to increase the RF footprint and bandwidth of a wireless network How to manage guest user authentication when building a wireless network Cracks in WPA? How to continue protecting Wi-Fi networks Wireless network security: 802.11i and WPA basics Ten steps to wireless LAN security Demand for mobile security, management unaffected by Symantec delay Wireless network security upgrade offers additional sales opportunities Upper-layer wireless security Debate: Is malware or lost hardware the greater driver for mobile security? Information Security Service Provider Concerns Survey: Financial services sector may soon start spending on security HP partners with Fortify Software for secure application lifecycle offering New IBM-Avaya partnership to cover unified communications security AirPatrol launches wireless security partner program IBM launches social networking community for partners Kaspersky Lab and Juniper Networks extend affiliation SonicWall announces new managed service provider program Merging the channels: McAfee and Secure Computing half a year later Offering cloud computing security services to customers Event log management programs boosted by standards, survey finds

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

e all files on the laptop are encrypted, usually with AES or Triple DES, no data will be compromised if the laptop is stolen.

There are two ways to implement FDE. In the first, encryption is handled entirely in hardware. The Seagate Momentus 5400 FDE.2 drive is an example. The user supplies a password at boot time and the drive uses it to transparently encrypt all data written to the disk; data read from the drive is decrypted on the fly using the same password. Because the crypto functions are performed by the drive's electronics, performance is comparable to a normal drive. A disadvantage of these drives is that loss of the password results in loss of the data.

The second way of implementing FDE is in software. Microsoft's BitLocker software, available in some versions of its Vista OS is one example, but there are many others. Because these systems depend on the CPU to do the encryption, there are some performance penalties, but they generally provide a recovery mechanism for lost passwords.

About the author
Jon Snader is a TCP/IP and VPN expert whose background includes work in networking, security, communications and radio network controllers. He is the author of VPNs Illustrated: Tunnels, VPNs and IPSec and Effective TCP/IP Programming: 44 Tips to Improve Your Network Programs, both published by Addison-Wesley. You can reach him via his Web site or via email. As an expert on SearchNetworkingChannel.com, he's also available to answer your VPN questions.