Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 914
  • Last Modified:

Full Disk Encryption vs File Based Encryption

I've been testing full disk encryption and file encryption software to use for about 1000 laptops. The most secure option with fde is to utilize preboot authentication.  Has anyone had any experience using fde with preboot?  There are many challenges using the preboot authentication with multiple users and passwords.  Trying to decide if I should go with the file based encryption.  
0
DT3st3r
Asked:
DT3st3r
1 Solution
 
SteveH_UKCommented:
I don't have any experience with the product you mention, but whether to use file or volume encryption should not primarily be about which works.  They perform different tasks.

Full disk encryption is primarily aimed at safeguarding data when a hard disk is stolen.  Once the laptop is running, it has no value.  Any user account can read any data on the disk, including when it is hacked.

File encryption comes in two flavours:  manual and automatic.  Automatic encryption, such as using Microsoft's EFS technology, encrypts files for a particular user account.  Manual encryption methods require the user to manually encrypt a file.  In both cases, they have dependencies.  EFS depends on a pre-boot security key and the user's account password.  In a manual encryption solution, it will depend on the passphrase used.  Manual encryption often cannot encrypt everything, so if you need the swap file (Windows: pagefile) to be encrypted, it is not useful to you.

Check out another question in progress where I talk more about some cryptography and security issues that are relevant to this question:  

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/SBS_Small_Business_Server/Q_22971306.html
0
 
DT3st3rAuthor Commented:
Thanks for your reply SteveH.  I'm testing "file encryption" software from Credant.  I have to say I'm very impressed at how intuitive and easy to use.  The problem I have with full disk encryption in an enterprise with multiple users accessing the same laptop is the administrative nightmare it will create on the helpdesk side regarding password resets and multiple users trying to use the same laptop.  Thanks for your input.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now