in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

The Difference Between Disk Encryption, File Encryption, And Password Protection: A Very Short Primer On Encryption And Related Data Security Products

And I do mean short.  I’ve met a lot of people who didn’t quite understand the difference between hard drive encryption software and file encryption software, or that were assuming one is the other.  It seems to me that such confusion can only lead disappointment with encryption products, so here’s a really, really basic primer on what’s what.  I've kicked up "password protection" in the list below since it's of notable interest.

Password Protection
A lot of companies and agencies announce, when their laptop computer is lost or stolen, that it had password protection.  It’s the worst kind of “security” you could possibly have for your data.  In fact, I call the term “password protection” a misnomer because it doesn’t really afford you any protection.

The real-world counterpart for password protection is hiding stuff beneath your mattress.  Now you understand why data security professionals tear their hair out whenever they read that something was password protected.  The game’s over if someone decides to look under the mattress.

And, surprisingly enough, bypassing password protection is about as easy as lifting up a mattress.  All you have to do is pull out the computer’s hard disk and plug it into another computer.  That’s it. 

Encryption
A process for keeping data a secret.  The only way to unearth the secret is to provide the correct key.  I won’t go into the details of how it works, but essentially it will take an entry like “keep this a secret, OK?” and turn it into “wKsn a@kn q si1n,z$ !nZ.”  Provide the key, and that crazy jumble of words, numbers, and symbols will turn back into the original text.  Modern strong encryption is so advanced that, if someone were to try every combination possible to crack the crazy jumble, they’d have to take all the computers in the world (including supercomputers) we have now and run them for centuries to take a guess at what the jumble means.
Data Encryption
Ambiguous terminology.  It could mean either disk encryption or file encryption since both deal with data.  I personally don’t think it’s anymore descriptive than the term “encryption.”  If anyone is trying to sell you a product that does “data encryption” you may want to ask whether it’s disk encryption or file encryption.  As you’ll see below, they protect your data in different ways.
Disk Encryption
Disk encryption is the encryption of an entire disk -- not just specific files.  In other words, if you open up your computer and pop out the hard drive, all the contents of that physical hard drive are encrypted.

Disk encryption is also known as hard drive encryption, full disk encryption, whole disk encryption, and partial combinations of these three (hard disk encryption, full hard disk encryption, etc.).  If anyone or anything alludes to an entire disk being encrypted, chances are this is what they’re talking about.

The real-world counterpart to disk encryption is the use of a safe (strongbox, if you prefer) with a built-in lock.  That is, if you place any documents and close the door of the safe, the documents are protected.  The only way to get back those documents is by knowing the combination or having the key to the lock, or busting the safe’s door open.

Likewise, any files that you save on a computer or digital device with full disk encryption will be encrypted (read: protected) automatically due to the fact that disk encryption is being used.  However, if you decide to e-mail that same file to someone else, it will not be protected anymore, just like taking a document out of a safe means that document is now not secure.

File Encryption
File encryption is the encryption of specific files only.  So, if you have only two documents on your computer, you can choose to encrypt one but not the other.  Unlike disk encryption, which I mentioned above, you actually have to make a decision on what you’re going to have encrypted. (This does not necessarily mean that you have to remember which files to encrypt every time.  There are managed data encryption service providers like AlertBoot that allow the use of “policies” to automate the process.  For example, your Excel files will be encrypted automatically but not any jpegs saved to your computer).

Unlike disk encryption, since the actual file is encrypted, passing around the files (via e-mail or otherwise) will still ensure the security of those files.

File encryption is also known as content encryption.

There is no real-world counterpart to file encryption except encryption itself.  It might be useful, though, to think of file encryption as translating a document into a language only you know.  So, if you leave the translated document on a table and someone picks it up, that person can’t make heads or tails out of it.

Folder Encryption
Is the same concept as disk encryption, in that anything that’s saved to a particular folder (or, directory, if you prefer) is encrypted.  Take the file out of the folder, and it’s not encrypted anymore.
Knowing When To Use What
When it comes to encryption products, there are pros and cons.  For example, disk encryption is great in the event your laptop gets stolen.  On the other hand, if you send a sensitive file to the wrong person via e-mail, you can’t rely on disk encryption to protect you; file encryption is what you want.  If you’re looking into USB disk data security to protect external hard drives, your options are the same as those for a laptop or desktop computer, since the data to be protected resides in the same component: the hard disk.

Sometimes it will be hard to know what your specific data security needs are, and you’ll need to consult with a professional.  You may need different encryption products to be used at the same time; it certainly is not unheard of to use both disk and file encryption on the same machine, although at first glance it sounds like overkill.

Regardless of what you decide to use, the one thing to take from this one article is that you should never, ever under any circumstances come to the conclusion that password protection is protection.

<Previous Next>

Court Reporter’s Laptop Computer Without File Encryption Is Stolen In Home Burglary

Looking For Disk Encryption Software For Computers At Home? You May Want A Managed Encryption Service

Comments

AlertBoot Endpoint Security said:

Approximately 2000 teachers, assistants, and support staff in Manchester, England are irate over the

November 28, 2008 9:09 PM
 

AlertBoot Endpoint Security said:

Several blogs have reported that Starbucks employees are receiving letters asking them to watch out for

November 29, 2008 1:25 PM
 

AlertBoot Endpoint Security said:

Thieves stole hard drives and backup tapes containing the payroll information of over 20,000 people in

December 9, 2008 2:21 PM
 

AlertBoot Endpoint Security said:

I logged on to see what data security news was circulating today, when one caught my eye: Tom Cruise

December 12, 2008 1:03 AM
 

AlertBoot Endpoint Security said:

Oregon Health &amp; Science University has alerted nearly 900 patients that a laptop computer belonging

December 17, 2008 12:12 AM
 

AlertBoot Endpoint Security said:

When it comes to protecting your external hard drives using encryption, you&#39;ve got two options: external

December 31, 2008 11:51 PM
 

AlertBoot Endpoint Security said:

DataBreaches.net has a link to NH AG&#39;s website, where a letter from the North Pacific Group is on

January 3, 2009 9:05 PM
 

AlertBoot Endpoint Security said:

The University of Oregon has announced that participants of their Youth Transition Program (YTP) should

January 13, 2009 11:52 PM
 

AlertBoot Endpoint Security said:

So, your company has finally decided to use full disk encryption software like AlertBoot, a centrally

February 4, 2009 2:02 PM
 

AlertBoot Endpoint Security said:

Educational Testing Services (ETS), the purveyors of fine tests such as the SAT and GMAT, notified the

February 12, 2009 5:35 PM
 

AlertBoot Endpoint Security said:

Data at rest encryption basically means protecting data that&#39;s not moving through networks. The protection

March 13, 2009 7:16 PM
 

AlertBoot Endpoint Security said:

Whipps Cross University Hospital in the UK has announced that a computer was stolen. The computer did

March 23, 2009 11:08 PM
 

AlertBoot Endpoint Security said:

Pacific University in Oregon is alerting students, faculty, and staff that a laptop computer was stolen

March 30, 2009 8:16 PM
 

AlertBoot Endpoint Security said:

The Nevada encryption law regarding personal information went into effect on October 1, 2008, meaning

April 11, 2009 10:05 PM
 

AlertBoot Endpoint Security said:

Last week I commented how, if you have the basis for all your company assets on seven laptops, it makes

April 13, 2009 9:52 PM
 

AlertBoot Endpoint Security said:

Looks like the data troubles for the UK National Health Services won&#39;t ebb away any time soon. The

April 23, 2009 9:06 PM
 

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.