This year's high-profile cases involving the loss of personal information from organizations such as the Veterans Administration, HP, GE, Ford, Starbucks and many others -- large and small -- all have one thing in common: they resulted from the theft of laptops that contained the information. An August 2006 survey of nearly 500 technology companies reported that 81% had lost laptops holding sensitive data. The Privacy Rights Clearing House estimates that between Feb. 15, 2005 and Nov. 3, 2006, the number of personal information records lost from all causes was 97,148,596. These losses are having repercussions, including legislation, terminations
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
and legal
action.
Given these problems and the huge risk that they pose for organizations of every type, you can expect that your customers will be moving to protect their data against the potential theft of its host laptop. One promising way to help them achieve this is with the use of full disk encryption (FDE), in which all files stored on the laptop are seamlessly encrypted.
The important words here are all and seamlessly. Earlier systems, such as Microsoft's Encrypting File System (EFS), require the user to mark sensitive files with an encryption attribute to cause them to be encrypted. Thus, EFS depends on the user to take a specific action. FDE encrypts all files without any special action on the user's part. In the best case, the only interaction required from the user is to enter a password when the computer is booted. Because all files on the laptop are encrypted, usually with AES or Triple DES, no data will be compromised if the laptop is stolen.
There are two ways to implement FDE. In the first, encryption is handled entirely in hardware. The Seagate Momentus 5400 FDE.2 drive is an example. The user supplies a password at boot time and the drive uses it to transparently encrypt all data written to the disk; data read from the drive is decrypted on the fly using the same password. Because the crypto functions are performed by the drive's electronics, performance is comparable to a normal drive. A disadvantage of these drives is that loss of the password results in loss of the data.
The second way of implementing FDE is in software. Microsoft's BitLocker software, available in some versions of its Vista OS is one example, but there are many others. Because these systems depend on the CPU to do the encryption, there are some performance penalties, but they generally provide a recovery mechanism for lost passwords.
About the author
Jon Snader is a TCP/IP and VPN expert whose background includes work in networking, security,
communications and radio network controllers. He is the author of VPNs
Illustrated: Tunnels, VPNs and IPSec and Effective
TCP/IP Programming: 44 Tips to Improve Your Network Programs, both published by Addison-Wesley.
You can reach him via his Web site or via email. As an expert on SearchNetworkingChannel.com, he's
also available to answer your VPN
questions.
This was first published in December 2006