Is full-disk encryption for you?
GCN QuickFind No. 860
- By David Cassel
- Oct 19, 2007
Of course, full-disk encryption isn't always the only way to go for complete coverage. "There are products that are not full-disk encryption that can actually do a very good job," said John Girard, a vice president and distinguished analyst at Gartner.
"There are times when you do want people to be able to access all the applications and all the operating system," said Eric Hay, a field engineering director at Credant Technologies. Credant's Mobile Guardian solution even received one of the designated full-disk encryption software agreements from the Defense Department ' even though instead of full-disk encryption, the company offers what it calls policy-based intelligent encryption. Such encryption, Hay said, makes it easier for multiple users to share a single laptop.
Credant's solution lets administrators set policies for their users' encryption ' which
moves the responsibility away from users. "You don't want them making security decisions. We know where that'll go," Hay said.
This approach is not without its potential points of failure. Burton analyst Trent Henry said users can cause big problems if they're implementing their own encryption. "It can be very easy for users to inadvertently put documents outside their encrypted folders. If the laptop is lost, you can't be sure all the sensitive information was encrypted. Users are notorious for making mistakes."
Another proponent of partial encryption is Jim Peterson, chief scientist at PKWare, maker of the SecureZip software. "A data-centric approach should be considered as an alternative to ensure that data remains persistently secure both at rest and in transit," he said. Encrypting only pertinent data "provides greater flexibility in how and where data is protected," he said.