Full Disk EncryptionRSS

As the mobile workforce heads out with their laptops, how can an organization keep the company information stored on those laptops safe?  This is the question that disk encryption products try to answer.  Although there are many file/folder level encryption products (also known as vaults), this page will focus on Full Disk Encryption (FDE) products.

 

Full Disk Encryption is the process by which every bit of data that goes on a disk is encrypted. This can be performed by software or hardware.  Everything on a disk, including the operating system, is encrypted. There are also products that can encrypt everything but the system partition or boot partition of the OS, but can fully encrypt a second hard drive.  To boot from a fully encrypted disk on a standard personal computer requires hardware assistance as there is otherwise no other way for the BIOS to decrypt and transfer program control to an encrypted master boot record (MBR). There are software programs that can encrypt bootable operating system partitions but they must still leave the MBR, and thus part of the disk, unencrypted.

 

FDE has several added benefits compared to regular file or folder encryption, or encrypted vaults. For example, Everything including the swap space and the temporary files are encrypted, ensuring no confidential data is inadvertently left unprotected.  Also, with FDE the decision of which files to encrypt is not left up to users.  And it provides a method for immediate data destruction, as simply destroying the cryptography keys renders the contained data useless.  Purging or physical destruction is still advised in instances where the data needs to be protected from future attacks. However, FDE does not necessarily replace the requirement for file/folder level encryption. This is because once the FDE drive boots up, all the data is available in a decrypted format.  If a network connection to the running laptop can be obtained, then the data is exposed.

 

Many mobile computer manufacturers include a Trusted Platform Module (TPM) chip in their current product set.  The TPM provides the means for hardware and software to generate and store keys for use in digital certificates and encryption, securely and in an encrypted format. The TPM also provides the cryptographic engine to perform encryption / decryption, and digital signature operations.  No person ever sees the private keys used for encryption in TPM-enabled applications, as they are stored on and processed by the TPM itself.  Some FDE products support and/or require TPM.

Entrust Entelligence™ Disk Security, based on the award-winning Pointsec for PC technology, can enable automatic full disk encryption for laptop and desktop security. Full disk encryption protects all data on the disk, including the operating system ...

VendorEntrust
Pricing ModelCommercial
Modified
AlertBoot

AlertBoot offers a cloud-based full disk encryption, file encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile devic ...

VendorData Guard Systems Inc
Pricing ModelCommercial
Modified
SafeGuard Encryption

Sophos SafeGuard Enterprise Encryption 7, formally SafeGuard Easy, introduces the most complete data protection solution on the market today, protecting data on multiple devices and operating systems. Whether your data resides on a laptop, a mobile device ...

VendorSophos PLC
Pricing ModelCommercial
Modified

Check Point Endpoint Security™ is the first and only single agent that combines all essential components for total security on the endpoint: highest-rated firewall, antivirus, anti-spyware, full disk encryption, media encryption with port protection, netw ...

VendorCheck Point Software Technologies Ltd
Pricing ModelCommercial
Modified

The CompuSec® HSM is the hardware based encryption security suite for Desktop PCs that provides Access Control, Hard Disk Encryption, Email Security, VPN Client, File and Media Encryption, and Single Sign On. The product is developed on a 32-bit PCI board ...

VendorCE-Infosys
Pricing ModelCommercial
Modified

FREE CompuSec® is a Security Suite that protects Notebook, Desktop and Tablet PCs. It provides Access Control, Single Sign On, Hard Disk Encryption, CD encryption, file encryption, network encryption and VoIP encryption. This version of CompuSec® is free ...

VendorCE-Infosys
Pricing ModelFreeware
Modified

Wave Systems' EMBASSY Trust Suite (ETS) delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today. ETS 6 features a variety of secure business productivity capabilities with an easy-to-use securit ...

VendorWave Systems Corp.
Pricing ModelCommercial
Modified

PGP Whole Disk Encryption provides enterprises with comprehensive, nonstop disk encryption, enabling quick, cost-effective protection for data on PCs, laptops, and removable media. The encrypted data is continuously safeguarded from unauthorized access, p ...

VendorCE-Infosys
Pricing ModelCommercial
Modified

The ViaSat Eclypt® Core encrypted internal hard drive protects data-at-rest in commercial-off-the-shelf (COTS) laptop and desktop computers. During high-risk operations, this self-encrypting hard drive protects your valuable data on manned and unmanned mo ...

VendorViasat
Pricing ModelCommercial
Modified

Windows® BitLocker™ Drive Encryption (BitLocker) is a data protection feature available in Windows Vista® Enterprise and Windows Vista® Ultimate for client computers, and in Windows Server® 2008. BitLocker addresses the threats of data theft or exposure f ...

VendorMicrosoft
Pricing ModelFreeware
Modified

SafeGuard Enterprise has the most flexible centralized policy and key management functionality available today: Delivers centralized data security control across mixed IT environments Provides consistent implementation and enforcement of com ...

VendorSophos PLC
Pricing ModelCommercial
Modified

Seagate Secure™ encryption hard drives keep your data safe even if your drives are lost, stolen, or misplaced. * Instant Secure Erase renders all data on the hard drive unreadable in less than a second via a cryptographic erase of the data encrypti ...

VendorSeagate Technology, LLC
Pricing ModelCommercial
Modified

Mobile Armor's DataArmor™ software provides data protection, authentication, compliance, and advanced administration for all Windows, Linux, Blackberry, Palm, and Windows Mobile devices within your enterprise. With high-speed integrated encryption and uns ...

VendorMobile Armor, Inc.
Pricing ModelCommercial
Modified
McAfee Endpoint Encryption

Endpoint Encryption allows you to transparently secure a broader scope of confidential information, including customer data, intellectual property, legal and financial records, and employee communications — with no system performance degradation. Gartner ...

VendorMcAfee
Pricing ModelCommercial
Modified

An assured full disk encryption solution securing data on desktop and laptop PCs from theft and loss BeCrypt DISK Protect is BeCrypt’s Data at Rest solution to secure an organisation’s data, whether on desktops or laptop PCs. With greater amounts of da ...

VendorBeCrypt Limited
Pricing ModelCommercial
Modified

SECUDE secure notebook is secure hard drive encryption software with user authentication of configurable levels. Its innovative security mechanisms offer perfect power-off protection, and guarantee the highest security for both operating system and files ...

VendorSECUDE International AG
Pricing ModelCommercial
Modified

ProtectDrive 8.2 is a full-disk encryption solution that encrypts the entire hard drive of laptops, workstations and servers, as well as USB flash drives, to protect data in the case of the theft or loss of a hardware device. ProtectDrive 8.2 eliminate ...

VendorSafeNet Inc
Pricing ModelCommercial
ModifiedNever

Full disk encryption with pre-boot authentication Ideal to encrypt an entire computer /notebook/ partition or just a single Hard drive. With DCPP the Hard drive (including the operating system) is encrypted 100%, therefore unauthorized person will not be ...

VendorSecurStar GmbH
Pricing ModelCommercial
Modified
Check Point Full Disk Encryption

Based on market-leading Pointsec® technologies, Check Point Endpoint Security Full Disk Encryption™ is proven in enterprises, businesses and government agencies around the world, providing the highest level of data security for laptops and PCs t ...

VendorCheck Point Software Technologies
Pricing ModelCommercial
Modified

SecureDoc Disk Encryption provides full disk encryption to protect sensitive information stored on laptops, desktops and PDAs. By offering integration with popular tokens and PKI at preboot time (after bios POST but before the OS loads) with dual and trip ...

VendorWinMagic Inc
Pricing ModelCommercial
ModifiedNever

© Computer Network Defence Limited 2019