Full Disk EncryptionRSS

As the mobile workforce heads out with their laptops, how can an organization keep the company information stored on those laptops safe?  This is the question that disk encryption products try to answer.  Although there are many file/folder level encryption products (also known as vaults), this page will focus on Full Disk Encryption (FDE) products.

 

Full Disk Encryption is the process by which every bit of data that goes on a disk is encrypted. This can be performed by software or hardware.  Everything on a disk, including the operating system, is encrypted. There are also products that can encrypt everything but the system partition or boot partition of the OS, but can fully encrypt a second hard drive.  To boot from a fully encrypted disk on a standard personal computer requires hardware assistance as there is otherwise no other way for the BIOS to decrypt and transfer program control to an encrypted master boot record (MBR). There are software programs that can encrypt bootable operating system partitions but they must still leave the MBR, and thus part of the disk, unencrypted.

 

FDE has several added benefits compared to regular file or folder encryption, or encrypted vaults. For example, Everything including the swap space and the temporary files are encrypted, ensuring no confidential data is inadvertently left unprotected.  Also, with FDE the decision of which files to encrypt is not left up to users.  And it provides a method for immediate data destruction, as simply destroying the cryptography keys renders the contained data useless.  Purging or physical destruction is still advised in instances where the data needs to be protected from future attacks. However, FDE does not necessarily replace the requirement for file/folder level encryption. This is because once the FDE drive boots up, all the data is available in a decrypted format.  If a network connection to the running laptop can be obtained, then the data is exposed.

 

Many mobile computer manufacturers include a Trusted Platform Module (TPM) chip in their current product set.  The TPM provides the means for hardware and software to generate and store keys for use in digital certificates and encryption, securely and in an encrypted format. The TPM also provides the cryptographic engine to perform encryption / decryption, and digital signature operations.  No person ever sees the private keys used for encryption in TPM-enabled applications, as they are stored on and processed by the TPM itself.  Some FDE products support and/or require TPM.

Secure Communication Systems, Inc.
Commercial
Pricing Model

Secure Communication Systems’ SecureDisk™ technology utilizes a proprietary ASIC engineered to encrypt/decrypt the entire hard disk bit-by-bit including the Boot Sector, Operating System, Temp and Swap files. Encryption/decryption operations o ...

Modified
Enova Technology Corporation
Commercial
Pricing Model

Enova®'s patented X-Wall ASIC family has been engineered to encrypt/decrypt the entire hard disk bit-by-bit including the Boot Sector, Operating System, Temp and Swap files. Encryption/decryption operations occur in real-time to ensure zero performanc ...

Modified
Hitachi Software Engineering, Ltd.
Commercial
Pricing Model

Controlling sensitive information flow begins with a well-thought-out total security plan — a corporate scheme that sticks to compliance issues, ties in clear policy directives and ends with thorough end-user training. HIBUN Advance Edition (HIBUN AE), th ...

ModifiedNever
Commercial
Pricing Model

ROCSECURE is a division of Rocstor; pioneering in the secure encryption of digital content in any standard digital format. resolving security issues before they arise As businesses become increasingly dependent on data security, the reliability and availa ...

Modified
Tryten Technologies, Inc.
Commercial
Pricing Model

Encryption Plus Hard Disk is vital in protecting sensitive data. While Windows provides minimal security protection to prevent unauthorized logins, password cracking tools such as lopht crack can break through a Windows password in hours or even minutes. ...

ModifiedNever
TrueCrypt Foundation
Open Source
Pricing Model

WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues This page exists only to help migrate existing data encrypted by TrueCrypt. The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows X ...

Modified
TrueCrypt
Commercial
Pricing Model

As Architect of an Open World, Bull has designed and developed globull, an innovative device to respond to the need for high levels of security in mobile computing. A device you can trust globull lets your users take their work environment with them where ...

Modified
PGP Corporation
Commercial
Pricing Model

PGP® Whole Disk Encryption provides enterprises with comprehensive, nonstop disk encryption for Microsoft and Apple Mac OS X, enabling quick, cost-effective protection for data on desktops, laptops, and removable media. The encrypted data is continuou ...

Modified
Wave Systems Corp.
Commercial
Pricing Model

Self-encrypting hard drives are the future, but most companies can’t get there overnight. Even so, your organization may be legally required to encrypt sensitive data. Encryptor gets you through the transition. It encrypts drives that can’t d ...

Modified
Wave Encryptor
AlertBoot Inc.
Commercial
Pricing Model

AlertBoot offers a cost-effective, web-based secure disk encryption service for companies of any size who want highly scalable, easy-to-deploy hard disk encryption, USB encryption and laptop data security. Centrally managed via the Internet, AlertBoot is ...

Modified
AlertBoot Managed Encryption
Commercial
Pricing Model

With McAfee Complete Endpoint Protection — This highly affordable, all-in-one solution provides endpoint security for all the devices in your enterprise: PCs, Macs, Linux systems, servers, virtual systems, smartphones, and tablets. Quickly and easily laye ...

Modified
Complete Endpoint Protection — Business
Commercial
Pricing Model

The Check Point Full Disk Encryption Software Blade provides automatic security for all information on endpoint hard drives, including user data, operating system files and temporary and erased files. For maximum data protection, multi-factor pre-boot aut ...

Modified
Full Disk Encryption Software Blade
Commercial
Pricing Model

The ViaSat Eclypt® Freedom is an external USB hardware-encrypted hard drive that can store, archive, or back-up data and easily transport to different computers. Used by governments, military forces, and law enforcement organizations worldwide, this secu ...

Modified
Eclypt Freedom Encrypted External Hard Drive
Commercial
Pricing Model

In the event of theft, loss, or attack, this portable flash drive ensures that your data is completely protected and secure. Eclypt technology integrates sophisticated authentication, entire-disk encryption and data storage into tamper resistant internal ...

Modified
Eclypt Nano Encrypted External Flash Drive

© Computer Network Defence Limited 2021