Full-disk encryption performance issues
GCN Quickfind No. 862
- By David Cassel
- Oct 19, 2007
One question that always comes to the minds of administrators when thinking about full-disk encryption ' will it slow down users' systems? After all that work of decrypting data and programs upon start-up must slow the computer the crawl, yes?
Maybe not. Most industry analysts say FDE lag is not a big worry on current systems.
"The software products do have some overhead," said John Girard, a vice president and distinguished analyst at Gartner, "but the average person is not going to see the difference. They're just reading their e-mail and working on documents. For the vast majority of people, if they have enough RAM and a good hard drive and it's not fragmented, they're not going to see much of a difference."
The Burton Group's Trent Henry agreed. "Five years ago, when I talked to users they'd complain that the decryption process cost them 15 to 20 percent of their system performance. Today the results from users and vendors suggest the performance impact has become less of a problem than it was in the earlier days.
"You're certainly accessing the disk a lot more ' but that's what they're made for," Henry said.
At least one user doesn't seem to notice the difference. The California Franchise Tax Board encrypts data on its computers using Encryption Plus from GaurdianEdge, and hasn't felt the pinch of slow performance from doing so. "It's on my system ' and I don't notice it," said California's Franchise Tax Board systems security analyst Chris Rushkin.
Vendors testify that, for the most part, any noticeable performance impact is a thing of the past. "On any newer machine you'd see that that degradation should, across the board, have decreased dramatically" from use on older equipment, said David Vergara, marketing director at CheckPoint, which sells the Pointsec FDE software.
"We did a performance review with a third-party consultant who took a look at the Pointsec-enabled machine and one that was unencrypted. I think it was like a 3 to 5 percent performance degradation between the two machines ' and that was our old model."
Hardware-based encryption seems to be minimally affected by encryption as well.
"There is no performance impact because it happens at the full speed of the drive, reading and writing,' said Joni Clark, notebook marketing manager at Seagate, which sells hard drives that automatically encrypt their contents. 'It's built into the drive and you're not stealing any CPU cycles. At a very raw level you would see some performance delta ' maybe a 2 percent impact at a raw level. But the user himself will not notice anything. It's that small."