Enterprise Strategy Group | Getting to the bigger truth.TM

Forensics, Litigation, and Full Disk Encryption

A few years ago, I boldly predicted that PC encryption would go through a technical transition. My instincts told me that software-based encryption from companies like PGP, McAfee (SafeBoot), and Check Point Software (PointSec) would be usurped by laptops and desktops with standards-based (i.e., TCG standards) Self-Encrypting Drives (SEDs).

This seemed like a “no brainer” based upon industry history. For years new Intel chips would include new functionality, as did each Windows release. If encryption came as a standard feature on Seagate, Hitachi, Fujitsu, and Western Digital drives, it was logical that this would become the default configuration. Besides, SEDs are faster and more secure than software, so regulatory compliance activity was sure to add fuel to the SEDs fire.

Fast forward to 2010 and I readily admit that my timing was off. Check Point, McAfee, PGP, and others continue to sell tons of software encryption licenses while few have adopted self-encrypting drive-based systems. Why?

  1. The standard took too long to gain critical mass. Seagate came out with its own SED based upon a pre-ratified TCG standard but others lagged behind. As a result, Seagate, a company in the widget business, had to champion a mindset change. Seagate just didn’t have the marketing chops for this.
  2. System vendors could care less. Ask a Dell salesperson about encryption and he or she will show you a list of options including software and SEDs. In other words, no one is pushing SEDs at the point of sale.
  3. Software hasn’t caught up. If I have 20 thousand PGP licenses, I probably have a pretty robust management infrastructure behind them. Unless SEDs can be easily migrated into this environment, it is probably not worth the effort.

So does all this mean that SEDs are dead? Not at all. In fact there may be a SEDs renaissance any time now. The reason is simple. Some software-based encryption doesn’t protect data if PCs are in “sleep” or “hibernate” mode. Given the start-up time of Windows, many users take full advantage of sleep/hibernate modes, so this is a serious hole. Combine this with the fact that many organizations provide users with administrator access to their PCs and you’ve got a real problem — you can’t claim that a lost or stolen PC was actually protected if this loophole — and user behavior — exists.

Since SEDs overcome this issue, lawyers, auditors, and compliance officers may demand that new PCs come with self-encrypting drives onboard. Sounds extreme, but security-oriented purchasing behavior is already pretty pervasive.

From a security perspective, SEDs are a great option. Combine this with regulatory and litigation pressure and they may gain momentum after all. Software vendors take note, you may be dragged into supporting SEDs sooner than you think.

Related posts:

  1. How about Vista for full disk encryption?
  2. Is Full-Disk Encryption (FDE) A Commodity?
  3. Symantec Moving to Define an Encryption Architecture
  4. Check Point and Protect Data: What it means
  5. CA Enters Encryption Key Management Market

Tags: , , Laptop, PC, Self-encrypting drives

All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.

Add a comment

Search
© 2010 Enterprise Strategy Group, Milford, MA 01757 Main: Fax:

Switch to our mobile site