Should all hard drives be encrypted?
Clear as mud
Workshop Given the origins of computing in the coding and decoding of messages, it’s fair to say that the heritage of encryption is as noteworthy as what we now call IT. Indeed the principles of algorithmic codification of data, and the maths behind them, go back way beyond the illustrious efforts of Alan Turing and his ilk in the Second World War.
It’s ironic then, that given all the kerfuffle around data privacy (much of it merited), we are making so little use of encryption for local data on our desktops and laptops. The phrase ‘in clear’ refers to any data that has not been encoded in some way, and while most folks are familiar with the little padlock that appears in a Web browser when a secure communication is taking place, for the majority of time we appear perfectly happy to walk around with laptops stuffed full of sensitive data, or indeed with a USB stick or two in our pockets and bags, containing temporary copies of files, most of which (sticks or files) we have probably forgotten were there.
“Shouldn’t it all just be encrypted?” asks the innocent observer. It’s a fair question – products have existed for many years from the likes of PGP, and these days Microsoft Windows builds it into the operating system, in the shape of BitLocker (as do Apple and various flavours of Linux). However, a number of valid reasons exist as to why we’re not encrypting our drives, internal or external. Putting all-too-human traits of laziness and postponement to one side for a moment, let’s take a look at them.
For a start, encryption does have an overhead. Algorithmically, there is such thing as a ‘base level’ of weak encryption, in that more simple techniques do ensure the casual viewer cannot access data unless they really want to – a laptop thief, for example, may be more interested in selling the device on than knowing too much about what it stored. However, simpler algorithms are not sufficient to protect against whoever might try to break the code, which means they can’t really be used in any situation where sensitive data is involved. More complex algorithms are more processor-intensive, as anyone knows who has tried to run full-disk encryption on an underpowered machine.
Thus the question is why not just encrypt the sensitive data? The trouble with this model is that it leaves things in the hands of the sometimes unreliable user. I don’t know about you, but I can think of times when I probably should have created a password-protected Zip file before sending a certain document out into the ether, or loading it onto a USB stick. The decision-making process is further complicated by knowing what is sensitive and what isn’t, particularly given that sensitivity can change based on circumstances.
The end result is that historically, if the options have been all or nothing when it comes to encrypting locally stored information, the default has tended to be 'nothing'. It is questionable whether this could ever change without encryption being built into the device itself – which comes back to the question of raw power to run the algorithms. In the past, full disk encryption was just too resource-hungry to be usable, particularly given the fact that the (frequently accessed) swap file also needs to be encrypted in real time.
More recent desktop computers are powerful enough to drive, and in some cases enhance harder-to-crack encryption algorithms such as AES, enabling the option of running encrypted devices as standard. This takes away the need to worry about whether or not a certain piece of data should be encrypted, and indeed it removes the risk of forgetting. But full-disk encryption brings with it another challenge, that of key management. For an individual user installing their own software it’s not such an issue – you set up your own password and keep tabs on it in the normal way (hopefully not by writing it on a post-it and sticking it on the wall). Meanwhile, for a company, keys need to be managed at a central point. While tools exist for this, someone needs to maintain them and respond to user requests when keys are forgotten.
But locking down the computer may not be enough, as the next weakest link is the USB port and those pesky thumb drives. Do these need to be locked down too, perhaps only allowing encrypted drives to be connected? Or is that another step too far for Joe Average? For these reasons, many organisations it may find this too complicated to implement as a blanket corporate standard. For every device or USB stick we lock down, there will always be another five that remain capable of storing information in clear, from MP3 players and phones to SD cards.
For many others however, what with regulation looming larger across a number of sectors, there may be no choice. Not only does encryption help support compliance, it also offers a “get out of jail free” card with respect to some legislation, for example it avoids the obligation to disclose theft of sensitive data as required by some US states.
Drive encryption is only one part of the answer of course – data needs to be protected during transmission and in use, as much as it does when sitting on a hard drive. But while it certainly fills a gap technologically, it remains to be seen whether it will become something we just expect, rather than something we bolt on.
If you have any thoughts on this, do let us know. ®
Yeah, it should be done but.....
Well, at my company all laptops need to be encrypted. We used whole disk encryption, so you need to enter a password in order to boot the machine. Seemed relatively painless. However, if your hard drive crashes (been there, done that) life gets complex in a hurry.
Also, in a multiboot environment, there are also additional complexities. Like how to share data between 2 protected partitions. Um, I could use a clear data partition, but that kind of defeats the whole purpose doesn't it? Password encrypt individual files on the data partition? As the article said, that could be weak.
Store data in the cloud? Yeah, right!
Anyway, it's a good idea, but there are issues.
Yes of course, every hard drive needs it.
Not only protects complete hard drive encryption everything stored on it from nosy outsiders, it also prevents them from adding nasty stuff to your OS, using WinPE or Knoppix. So besides confidentiality, it also adds protection to the integrity of your systems.
After that, go for a policy that forces the encryption of everything that is copied from a company computer to any USB stick.
After that go for DLP to protect from confidential being data sent out to websites, e-mail addresses or over IM. Or you begin with that.
I use truecrypt on my machines - I encrypt the whole drive. I haven't seen any kind of performance hit and the only inconvenience is typing an extra password at boot. As far as I'm aware, this is pretty secure and I also have the paranoids option of adding more hidden volumes with plauable denaiability sub volumes hidden inside them.
Obviously, this doesn't cover me using USB sticks etc, but I feel confident enough that if my computers did get stolen, none of my data would be able to be (easily) recovered without my password.
Should be mandatory for laptop users
I have form as I once 'lost' a laptop. Spent a long time worrying that the data had been compromised; e.g. whole contact list, emails going back to the ark, letters to the bank... I was really lucky as I don't *think* that it was misused and hope that someone formatted the hard disc. Never again though...
Full disc encryption does have one massive advantage; once it is set up you can forget about it. That's really important when comparing it to other encryption schemes such as encrypting individual files, partitions, etc. where you need to be aware of what's going on. Another major advantage on a Mac is that the standard Time Machine backup works properly (TM doesn't work with VileVault).
I recently installed the PGP Whole Disc Encryption on a MacBook Pro. Apart from the 9 hours to encrypt the hard disc -- where you can still use the machine, just not turn it off or sleep it -- there was little hassle. It does have some impact on performance when compared with FileVault, but not too much. The real advantage is that the machine now works well with Time Machine and also you can share web services for development purposes (which used to be a right PITA with FileVault).
Whole disc encryption (with long pass phrases) should be mandatory for anyone with a laptop computer.
RE: Swap File
In most cases the swap file does need to be, at all. With the possible exception for low-end laptops, every computer nowadays has multiple gigs of RAM. How often do you really need to work with more data than that at once anyway?
Encrypted or not, disks are already much slower than RAM. If you're using the disk as memory either something is really wrong, or you just don't care about performance.