FDE: Top 5 Questions

Opinion 2011-11-03 15:17

Top five questions to answer before purchasing full-disk encryption software

The mobile computing environment has created one of the greatest information risks posed to large organisations in modern times. It is a hard task for data security systems to be everything to everyone – a provider with the best operating system (OS) or most powerful directory service may not be the best provider for your business needs. It can be argued that from a business perspective it makes good sense to use what you already have at your disposal with many enterprise OS packages offering full disk encryption (FDE) software as standard. But is putting all your eggs in one basket and relying on a single full disk encryption solution the best approach, without considering any alternatives?

If like many organisations you are currently in the process of migrating to a new OS, now is the best time to think about which model is best for your organisation. Garry McCracken, Vice President Technology Partnerships at WinMagic Inc provides five top tips to consider before deciding on the best data encryption provider for your business.

  1. What is the real cost to your business?

The cost of a standard FDE software package that has limited security capability will result in costing a business more in terms of time, effort and money in the long term. A common assumption is that the cost of using a FDE package that comes as standard is £0. But this does not take into account the time and effort it will take for an IT administrator to re-configure the limitations contained within some FDE software. In order to access the full security features, some computers will need to activate a Trusted Platform Module (TPM) microchip. If this takes your average administrator two minutes per computer to configure activation, then the costs of time spent can soon escalate. Before committing to anything consider the following scenario:

£.083/minute (based on the cost to employ an IT professional at £50/hour) x two minutes (time spent per computer) = £1.66 per computer just to begin configuration with the TPM

If you are an organisation who has 500 computers then you are already looking at a cost of £830 before actually installing any of the FDE software that comes as standard with your enterprise OS.

  1. What about computers that don’t have a TPM chip?

Computers that do not have a TPM chip will have to be booted up using an encryption key accessible on a mobile storage device, such as USB thumb drive. Thumb drives can be lost which will restrict access to a computer or alternatively they are stored with the computer which negates any of the FDE benefits in place. The loss of USB thumb drives can lead to additional costs in retrieval or even fines from the Information Commissioner’s Office (ICO) should a breach of data be reported and found to be as a result of negligence. There is also the cost of loss of productivity to consider as users wait to regain access to a secure computer or to find a USB thumb drive every time they want to boot up their system.

  1. Does your FDE solution support all your workstations?

Even the leading enterprises will most likely have workstations that are running an old OS such as Windows XP or Max OS X. Does your standard FDE solution support these systems and secure them to the same standards of your more up to date workstations? Organisations will need to assess whether they can justify the risk and real cost of a data breach through having workstations on the network that do not support the standard FDE package and whether these can be allowed to go unprotected.

  1. Can you be certain that data encryption will be implemented on to storage devices such as external hard drives, USB Thumb drives, CDs and DVDs?

A FDE network needs to be secure across all forms of removable data storage devices. You only need to pay attention to recent media reports to see that there is a regular occurrence of lost or stolen hard drives, USB thumb drives, CD’s or DVD’s. If your standard FDE solution does not provide data encryption for these devices, then how can it be providing a secure service that you can have confidence in? Many businesses require data to be shared across different locations and computers and there are options available, such as self encrypting drives (SEDs) that meet the Trusted Computing Group Opal specifications. These devices encrypt data as it is transferred, however these are another additional cost to the standard FDE software package.

  1. What is the real cost to the organisation when a data breach occurs?

Organisations need to consider what will be cost in terms of damaged reputation, negative press coverage and fines implemented by governing bodies such as the ICO, should a data breach occur that could have been easily avoided through having the correct FDE solution in place. Can a standard FDE solution stand up to an investigation to identify whether the fundamental security principles have been overlooked, bypassed or ignored altogether, whether the cause is intentional or accidental? Organisations need to acknowledge potential scenarios they may encounter and prepare for when not if a data breach occurs. They should perform their own cost calculations and think about the long term impact a data breach could have to their business before deciding on the correct FDE software.

 

Garry McCrackken (CISSP) is vice president of technology partnerships at WinMagic Inc.

 

Tags:
Security
Software
Full-disk encryption
encryption
WinMagic
Garry McCrackken

Related Articles

Blue Solutions sheds heavyweights
Distributor looks to nurture relationships with new entrants; pushes recurring revenue model
InfoSec 2012 channel roundup
News from the annual IT security showcase
Channel Q&A: Terry Burt
2e2's head honco talks Salma Hayak, John Lewis and lycra