Decrypting the Secrets of Drive Encryption

Blog / Decrypting the Secrets of Drive Encryption

What is drive encryption and what does it protect against?

Although the term may sound new to some, drive encryption isn’t a particularly new cybersecurity concept. For example, Bitlocker, likely Microsoft’s best known drive encryption tool, has been available since at least 2016. In fact, it’s a proven and effective strategy for reducing risk exposure, which is why other operating systems like iOS or Android have included similar options for several years already as well.

So why has it taken so long to reach the mainstream as a cybersecurity best practice?

Well, primarily because of performance issues. Although drive encryption technology has been available for almost a decade now, the process was driven by software. This meant it was a hit on CPU usage. It wasn’t until a few years ago that manufacturers began including additional circuitry directly on hard drives so users could encrypt their devices without suffering a loss in performance.

How does drive encryption protect you? What security does it offer?

Although the terms cybersecurity and data protection may conjure images of tall, fiery walls of computer code under siege from hackers on some digital battlefield, it’s important to remember that remote attacks aren’t the only way bad actors can get their hands on sensitive information. Criminals who prefer more traditional methods of larceny can instead just straight up steal the device itself, along with the data it contains. Then it’s only a matter or pulling the hard drive out, attaching it to another computer, and presto! Just like that, every byte of information can be read without needing to log in. Any installed software or saved passwords—even those stored in non-traditional formats—can then be decoded at leisure.

An encrypted drive, on the other hand, is much more difficult to break into. When a drive itself has been encrypted, attempting to bypass the operating system when booting up a computer up renders it unreadable, thereby protecting any passwords or sensitive data stored on it.

There are a few caveats, specifically that this form of drive encryption is only effective for protecting physical devices. Virtual Machines (VMs), on the other hand, don’t have a physical hard drive to house the requisite additional circuitry. That doesn’t mean you can’t encrypt a virtual machine,  just that it can only be done via software. As a result, enabling drive encryption will result in reduced performance, so it’s generally not worth doing unless you need to protect your VMs from the hosting organization.

What should I consider when implementing drive encryption?

The extent of encryption required depends on the chances of a bad actor physically getting their hands on a device. Laptops, tablets, and smartphones are particularly vulnerable to theft, so you may want to focus on encrypting any mobile devices your organization uses. Depending on the layout and security features of your office space, servers and desktops may also be candidates. You should also be sure to consider how implementing drive encryption may affect business policies, particularly emergency recovery procedures and if you allow staff to bring their own devices. Like any security feature, drive encryption should not be enabled without full consideration of the potential impact.

If you’d like help implementing a drive encryption program for your organization, including identifying candidate devices, or just want more information, feel free to contact a TRINUS cybersecurity specialist and get yourself some stress-free IT.

This Shakespeare quote comes from All’s Well That Ends Well: “No legacy is so rich as honesty.”

 

Be kind to each other, courtesy your friendly neighbourhood cyber-man.

/Partners /Systems /Certifications

TRINUS is proud to partner with industry leaders for both hardware and software who reflect our values of reliability, professionalism and client-focused service.