Should all hard drives be encrypted?

Clear as mud

  • alert
  • submit to reddit

Business security measures using SSL

Workshop Given the origins of computing in the coding and decoding of messages, it’s fair to say that the heritage of encryption is as noteworthy as what we now call IT. Indeed the principles of algorithmic codification of data, and the maths behind them, go back way beyond the illustrious efforts of Alan Turing and his ilk in the Second World War.

It’s ironic then, that given all the kerfuffle around data privacy (much of it merited), we are making so little use of encryption for local data on our desktops and laptops. The phrase ‘in clear’ refers to any data that has not been encoded in some way, and while most folks are familiar with the little padlock that appears in a Web browser when a secure communication is taking place, for the majority of time we appear perfectly happy to walk around with laptops stuffed full of sensitive data, or indeed with a USB stick or two in our pockets and bags, containing temporary copies of files, most of which (sticks or files) we have probably forgotten were there.

“Shouldn’t it all just be encrypted?” asks the innocent observer. It’s a fair question – products have existed for many years from the likes of PGP, and these days Microsoft Windows builds it into the operating system, in the shape of BitLocker (as do Apple and various flavours of Linux). However, a number of valid reasons exist as to why we’re not encrypting our drives, internal or external. Putting all-too-human traits of laziness and postponement to one side for a moment, let’s take a look at them.

For a start, encryption does have an overhead. Algorithmically, there is such thing as a ‘base level’ of weak encryption, in that more simple techniques do ensure the casual viewer cannot access data unless they really want to – a laptop thief, for example, may be more interested in selling the device on than knowing too much about what it stored. However, simpler algorithms are not sufficient to protect against whoever might try to break the code, which means they can’t really be used in any situation where sensitive data is involved. More complex algorithms are more processor-intensive, as anyone knows who has tried to run full-disk encryption on an underpowered machine.

Thus the question is why not just encrypt the sensitive data? The trouble with this model is that it leaves things in the hands of the sometimes unreliable user. I don’t know about you, but I can think of times when I probably should have created a password-protected Zip file before sending a certain document out into the ether, or loading it onto a USB stick. The decision-making process is further complicated by knowing what is sensitive and what isn’t, particularly given that sensitivity can change based on circumstances.

The end result is that historically, if the options have been all or nothing when it comes to encrypting locally stored information, the default has tended to be 'nothing'. It is questionable whether this could ever change without encryption being built into the device itself – which comes back to the question of raw power to run the algorithms. In the past, full disk encryption was just too resource-hungry to be usable, particularly given the fact that the (frequently accessed) swap file also needs to be encrypted in real time.

More recent desktop computers are powerful enough to drive, and in some cases enhance harder-to-crack encryption algorithms such as AES, enabling the option of running encrypted devices as standard. This takes away the need to worry about whether or not a certain piece of data should be encrypted, and indeed it removes the risk of forgetting. But full-disk encryption brings with it another challenge, that of key management. For an individual user installing their own software it’s not such an issue – you set up your own password and keep tabs on it in the normal way (hopefully not by writing it on a post-it and sticking it on the wall). Meanwhile, for a company, keys need to be managed at a central point. While tools exist for this, someone needs to maintain them and respond to user requests when keys are forgotten.

But locking down the computer may not be enough, as the next weakest link is the USB port and those pesky thumb drives. Do these need to be locked down too, perhaps only allowing encrypted drives to be connected? Or is that another step too far for Joe Average? For these reasons, many organisations it may find this too complicated to implement as a blanket corporate standard. For every device or USB stick we lock down, there will always be another five that remain capable of storing information in clear, from MP3 players and phones to SD cards.

For many others however, what with regulation looming larger across a number of sectors, there may be no choice. Not only does encryption help support compliance, it also offers a “get out of jail free” card with respect to some legislation, for example it avoids the obligation to disclose theft of sensitive data as required by some US states.

Drive encryption is only one part of the answer of course – data needs to be protected during transmission and in use, as much as it does when sitting on a hard drive. But while it certainly fills a gap technologically, it remains to be seen whether it will become something we just expect, rather than something we bolt on.

If you have any thoughts on this, do let us know. ®

New hybrid storage solutions

More from The Register

next story
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
Apple's big bang: iPhone 6, ANOTHER iPhone 6 Plus and WATCH OUT
Let's >sigh< see what Cupertino has been up to for the past year
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Get your Indian Landfill Android One handsets - they're only SIXTY QUID
Cheap and deafening mobes for the subcontinental masses
Apple's SNEAKY plan: COPY ANDROID. Hello iPhone 6, Watch
Sizes, prices and all – but not for the wrist-o-puter
A SCORCHIO fatboy SSD: Samsung SSD850 PRO 3D V-NAND
4Gb/s speeds on a consumer drive, anyone?
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.