Skip to main content

Full Disk Encryption

As the mobile workforce heads out with their laptops, how can an organization keep the company information stored on those laptops safe?  This is the question that disk encryption products try to answer.  Although there are many file/folder level encryption products (also known as vaults), this page will focus on Full Disk Encryption (FDE) products.

 

Full Disk Encryption is the process by which every bit of data that goes on a disk is encrypted. This can be performed by software or hardware.  Everything on a disk, including the operating system, is encrypted. There are also products that can encrypt everything but the system partition or boot partition of the OS, but can fully encrypt a second hard drive.  To boot from a fully encrypted disk on a standard personal computer requires hardware assistance as there is otherwise no other way for the BIOS to decrypt and transfer program control to an encrypted master boot record (MBR). There are software programs that can encrypt bootable operating system partitions but they must still leave the MBR, and thus part of the disk, unencrypted.

 

FDE has several added benefits compared to regular file or folder encryption, or encrypted vaults. For example, Everything including the swap space and the temporary files are encrypted, ensuring no confidential data is inadvertently left unprotected.  Also, with FDE the decision of which files to encrypt is not left up to users.  And it provides a method for immediate data destruction, as simply destroying the cryptography keys renders the contained data useless.  Purging or physical destruction is still advised in instances where the data needs to be protected from future attacks. However, FDE does not necessarily replace the requirement for file/folder level encryption. This is because once the FDE drive boots up, all the data is available in a decrypted format.  If a network connection to the running laptop can be obtained, then the data is exposed.

 

Many mobile computer manufacturers include a Trusted Platform Module (TPM) chip in their current product set.  The TPM provides the means for hardware and software to generate and store keys for use in digital certificates and encryption, securely and in an encrypted format. The TPM also provides the cryptographic engine to perform encryption / decryption, and digital signature operations.  No person ever sees the private keys used for encryption in TPM-enabled applications, as they are stored on and processed by the TPM itself.  Some FDE products support and/or require TPM.

Data Guard Systems Inc

AlertBoot offers a cloud-based full disk encryption, file encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile devic ...

AlertBoot

Disk EncryptionIncreased remote working makes it more important than ever to secure computers and the data on them. With the huge number of laptops lost, stolen, or misplaced every day, a crucial first line of defense against the loss or theft of devices ...

Sophos Central Device Encryption
Check Point Software Technologies Ltd

Check Point endpoint security includes data security, network security, advanced threat prevention, forensics, endpoint detection and response (EDR), and remote access VPN solutions. To offer simple and flexible security administration, Check Point’s enti ...

Check Point Endpoint Security
Hitachi Solutions

HIBUN Data Encryption encrypts data on hard drive, removable media, and file server to protect the secrecy of the information.

HIBUN Data Encryption

 Armory Drive is as easy to use as other USB drives but adds encryption and multifactor authentication to help safeguard your data. Plug your Armory Drive USB armory into your computer. Use Armory Drive's iPhone app to unlock your microSD card inside ...

Armory Drive
Check Point Software Technologies

Harmony Endpoint provides comprehensive endpoint protection at the highest security level, crucial to avoid security breaches and data compromise. Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’ ...

Harmony Endpoint Protection

The Viasat Eclypt Freedom is an encrypted, portable drive that gives fast access to secure data. Accredited by government organizations around the world to protect important data, the Eclypt Freedom uses advanced hardware-based full disk encryption. In t ...

Eclypt Freedom Encrypted External Hard Drive

Trellix Endpoint Security provides your prioritized security needs—from preventing threats and hunting them to tailoring security controls. Machine learning to identify and prevent new malwareMachine-learning behavior classification detects zero-day thre ...

Trellix Endpoint Security
AlertBoot Inc.

AlertBoot offers a cost-effective, web-based secure disk encryption service for companies of any size who want highly scalable, easy-to-deploy hard disk encryption, USB encryption and laptop data security. Centrally managed via the Internet, AlertBoot is ...

AlertBoot Managed Encryption
Wave Systems Corp.

Self Encrypting Drives are the most secure, best-performing and most transparent encryption option for protecting data on laptops. These drives automatically encrypt all data written to the drive, so you don’t have to decide what’s important enough to enc ...

Wave Self-Encrypting Drive Management

Symantec Endpoint Encryption protects sensitive information and ensures regulatory compliance. It encrypts all files on the hard drive, sector-by-sector, for maximum security. It supports Windows, Mac, tablets, self-encrypting drives, and removable media ...

Symantec Endpoint Encryption

Trustway Globull is a highly-secure external drive that allows users to address mobility issues and respond to the need for high levels of security — up to defense-level security.

Trustway Globull

ROCSECURE is a division of Rocstor; pioneering in the secure encryption of digital content in any standard digital format. resolving security issues before they arise As businesses become increasingly dependent on data security, the reliability and availa ...

Enova Technology Corporation

Enova X-Wall is an embedded hardware Real-time Crypto System ASIC (Application Specific Integrated Circuit) engineered specifically to handle high throughput disk I/O and providing real-time encryption and decryption using DES (Data Encryption Standard),3 ...

X-Wall Cryptographic IC Family
WinMagic Inc

SecureDoc will help you achieve your business goals by keeping track of all data and devices through one console. This endpoint encryption solution also supports various hardware and software platforms, including Windows, Mac, mobile devices, portable med ...

SecureDoc Endpoint Encryption
SecurStar GmbH

Full disk encryption with pre-boot authentication Ideal to encrypt an entire computer /notebook/ partition or just a single Hard drive. With DCPP the Hard drive (including the operating system) is encrypted 100%, therefore unauthorized person will not be ...

BeCrypt Limited

Disk Protect is a full disk encryption solution for business, designed to protect data-at-rest held on desktops, laptops, tablets and servers from theft or loss. The solution transparently encrypts device data and uses strong authentication to prevent una ...

DISK Protect
Seagate Technology, LLC

Seagate Secure™ encryption hard drives keep your data safe even if your drives are lost, stolen, or misplaced. * Instant Secure Erase renders all data on the hard drive unreadable in less than a second via a cryptographic erase of the data encryption ke ...

Seagate Secure

BitLocker Drive Encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers. BitLocker provides the most protection w ...

Windows Bitlocker

The Viasat Eclypt Core encrypted internal hard drive protects data at rest in commercial-off-the-shelf (COTS) laptop and desktop computers in enterprise and tactical environments, as well as data stored in vehicles, aircraft, and ships. During high-risk o ...

Eclypt Core Encrypted Internal Hard Drive