Full disk encryption comes to workgroups

How to secure your data through hard drive encryption

Losing your laptop can be expensive in three ways. First, you'll spend hundreds or thousands of dollars to replace the hardware. Second, you'll suffer the time and aggravation of restoring your data, all the while hoping you have everything backed up properly. But most expensive? Surviving the backlash and legal consequences of losing customer data, financial records and private company information.

How expensive can that last penalty be? Some experts put the minimum price at US$50,000 if you lose customer data that requires you to comply with your state's security breach notification law. All states now have these laws in some form or another. But beyond the legal implications, how would you like to contact all your customers and explain how their financial data was on a laptop you left at the airport security checkpoint?

More than 10,000 laptops per week in the United States stay at the checkpoints after their owners walk away in their retrieved shoes. But if you lose a laptop protected with Full Disk Encryption (FDE), you only have to worry about replacing the hardware and restoring your data. Security breach laws don't apply to laptops with full disk encryption installed because the information on the disk cannot be retrieved without the password.

Disk encryption software hides in the part of the hard disk that initializes the hardware. When you start the machine you provide your password to the encryption software before it loads Windows and your applications and data. Most tools then provide your password to Windows as well, but some may not.

When I say "full disk encryption" I mean a third party option above and beyond normal Windows or Macintosh login security. Your Windows password only stops novice hackers. Windows folder encryption doesn't cover everything, because Windows scatters critical information all over your hard disk. Any disk that doesn't have full disk encryption can be broken and the contents read, particularly if stolen for that reason. Sometimes bad guys are after your good data.

Of course, the 10,000 laptops lost in airports aren't stolen by corporate spies. However, the data breach laws apply to all lost laptops, even those slowly decaying in the lost and found pile (two-thirds of laptops lost at airports are never recovered).

Full disk encryption software has long been used by large enterprises that can afford to spend a couple hundred dollars per laptop and the network infrastructure to support the software. The least expensive personal whole disk encryption software at $35 was discontinued by the maker last year. Now your choices are around $100 per laptop, and free.

Since "free" is always good, take a look at TrueCrypt, the free Open Source full disk encryption software. TrueCrypt isn't the only free option, but it's the most popular. Almost 10 million copies of TrueCrypt have been downloaded over the past few years.

Installing encryption on individual laptops works, but isn't very manageable. The user sets the password, which may not be a good password (see Password Strength). The user may then change the password, or not tell the company what the password is, meaning the laptop data can never be recovered if the user leaves or gets hit by that proverbial truck. If you don't have the correct password for your encrypted laptop, you can't get the data. And the software vendor can't help you, so don't ask.

Large enterprises use dedicated network servers to manage the encryption keys and passwords for each laptop. This allows network administrators to recover passwords when lost, the number one reason for help desk calls. Even if the user changes the password, enterprise encryption management systems can recover the data by technical tricks of key escrow and hardware fingerprints and the like.

For the first time, a small company can get those same management advantages without the enterprise pricing. PGP now sells Whole Disk Encryption Workgroup Edition that lets any standard Windows computer perform the encryption key and password management functions when needed. Aimed at companies protecting 10-150 workstations, PGP provides most of the enterprise management features without the need for enterprise servers and databases.

PGP's cost per license is around the same as competitors at $100 or so depending on price discounts and volume. It only sells this product through its 600 or so resellers, not online or through retail. You can find other individual encryption packages through the major online stores or by searching the Web.

If you have a relationship with another vendor that offers full disk encryption products needing servers and the like for management, call them. Most are talking about a managed service offering to handle the individual computer encryption details over the Web.

Many full disk encryption products also allow you to encrypt data stored to CDs, DVDs and USB drives. Some USB hard drives also come with encryption options. But managing and transmitting passwords for removable storage can be tough. Rethink securely sharing common files via online collaboration tools rather than removable drives.

Wikipedia has a great Comparison of Disk Encryption Software listing. A few are free, most are not, but this is a good starting point for your encryption software search. You should notice that Windows offers the BitLocker full disk encryption on two version of Vista only, and promises it on some versions of Windows 7. But BitLocker is a logical volume encryption system that can't be used on the boot volume. That's why I recommend getting a third party product for full data protection.

Join the PC World newsletter!

Error: Please check your email address.

Tags storagesecurityencryption

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

James E. Gaskin

Network World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?