Windows BitLocker vs. hardware encryption of hard drive (performance?)

Posted on 2012-09-14
Medium Priority
Last Modified: 2012-09-27
Looking into buying a new laptop (Windows 7) and want opinions about using software to encrypt the hard drive. The last 2 laptops I bought were Lenovas with Self-Encrypting Drives (SED). In other words, they're hard drives that are automatically encrypted at the hardware level (both the disk and the BIOS are password protected).

However, it seems like very few laptops are available with SED, and I'd like to consider other options than Lenova.

I understand BitLocker is built into Windows 8, so I assume it's implementation is pretty seamless and (I assume/hope) optimized for efficiency. Still, it seems like there's no way software encryption, performed by the CPU, is going to be comparable to SED.

Or, in the "real world," am I wrong, and the differences are negligible?
Question by:cdakz
  • 2
LVL 84

Accepted Solution

David Johnson, CD, MVP earned 1000 total points
ID: 38400641
Two different methods to do the same thing. In a corporate network using bitlocker has the advantage that the recovery key is stored in Active Directory. This way the company still has access to the data upon the employee leaving the company or otherwise relinquishing the laptop.

The differences are negligible as far as disk access is concerned.
LVL 57

Assisted Solution

McKnife earned 1000 total points
ID: 38407758

If you buy a laptop with win8 preinstalled, make sure it's the pro edition. The cheapest edition does not feature bitlocker. By the way, I think there will be quite a few laptop brands that offer self encrypting drives, but I might be mistaken.
Then finally, there are more options, not only bitlocker but truecrypt and many more freewares.

Performance wise: there are sources that say "no one notices" while others tell you they measured disk performance slowdowns at a remarkable rate, see http://www.ghacks.net/2009/11/26/bitlocker-versus-true-crypt-performance/
You should simply give it a try to get a feeling for it.
You can be sure that SED or whatever it's called will be the best, performance wise while you can't be sure if you would notice.
LVL 57

Expert Comment

ID: 38443153
Any feedback would be nice.

Author Closing Comment

ID: 38443602
The answers provided the assurance I needed that bitlocker was probably good enough for prime-time, assuming a decent processor.<br /><br />Also, FWIW, there do NOT seem to be many manufacturers w/ self-encrypting disks. I researched this a couple of months ago, and a the time anyway, there were very few offerings.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question