That’s the 64 thousand dollar question when a laptop goes missing. Loss of data can lead to substantial financial harm, and can seriously impact a company’s reputation. But if the data was encrypted, the damage is limited to the hardware. Otfried Köllhofer, Vice President of Product Management at CenterTools Software, outlines the key issues surrounding encryption, and explains how to select the right tool.
In December 2014, an unencrypted laptop belonging to the Boston Baskin Cancer Foundation was stolen from an employee’s home. This may have exposed more than 100,000 personal records, including patient and employee details. Small and midsize enterprises often lack the technical skills and resources to adequately protect sensitive data stored in public clouds, on USB sticks, or on laptops. From 2016, the EU’s General Data Protection Regulation (GDPR) will govern how public- and private-sector organizations handle personal data. But even before its introduction, we can help you protect your data when hardware assets are mislaid or stolen: the simple answer is hard drive encryption.
Why it’s vital to encrypt hard drives
In some cases, it is enough to encrypt the data that is most critical, and to leave the rest unchanged. As a result, many organizations choose to deploy file encryption software, applying simply to the folders that contain sensitive documents or personal data. All other data remains freely accessible, and can be used normally. File encryption is particularly suitable when several employees share a device, as it supports user-specific access rights. If a laptop is lost, however, file encryption does not provide complete protection. Temporary files or previous versions of encrypted documents may be tucked away in an unencrypted folder, and could fall into the hands of criminals.
For more robust protection, organizations need a tool that encrypts entire hard drives, including the operating system and/or whole partitions. When users log on, the encryption software prompts them for their credentials just once. Once authenticated, they receive full access to the computer.
A solution combining file, folder and hard drive encryption offers end-to-end security – delivering maximum protection from external and internal attacks.
Implementing hard drive encryption
Before implementing hard drive encryption, administrators must centrally configure the encryption software and install it on all desktop PCs and laptops within the organization (via central policies). Encrypting a hard drive normally takes between two and five hours (depending on the size of the drive).
High-quality encryption software allows devices to be assigned to predefined groups. This allows administrators to restrict encryption to the hard drives within the laptop group, for example. Group-based management also improves transparency, making it easier to identify device loss. Ideally, the tool should also enable administrators to remotely wipe the hard drive.
Hard drive encryption standards
Vulnerabilities can be minimized by applying an encryption technique that can withstand intensive cryptoanalysis. It should also be immune to brute-force attacks – when automated software generates a large number of possible passwords. Advanced Encryption Standard (AEC) techniques have no known weaknesses, and are regarded as state-of-the-art.
It is essential to choose encryption software from a specialized vendor, and to verify that it supports central administration of all devices. Microsoft or Apple system tools are simply not adequate.
Central administration makes it easier to replace forgotten passwords, and to check the status of all encrypted computers. Some tools also enable all data on lost or stolen devices to be erased with a single click (remote wipe).
It makes business sense to invest in hard drive encryption
Implementing hard drive encryption comes at a price. Software costs are based on the number of supported devices. Installing, configuring and implementing encryption software enterprise-wide incurs further expense.But when set against the potentially grave consequences of data loss in terms of fines, penalties, and loss of reputation, it makes sound business sense to invest in hard drive encryption.
DriveLock security software offers best-in-class encryption, with all of the features described here – and much more besides. Why not use it to create robust protection for your critical data?
This story was provided by Centertools Software SE