in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

UK Bar Council Encryption: Which Disk Encryption To Choose?

The Treasury Solicitor's Department (TSol) has issued guidance for selecting data encryption software and data deletion products.  This is meant to aid Bar Council members, who now must use disk data encryption to "removable devices or removable storage media and laptop computers."

In fact, the guidance states that "level of encryption must [my emphasis] meet the minimum standards sets out below."  It's only a three-page document; you can find it here.

Use FIPS 140-2

TSol offers a list of seven products when it comes to choosing the correct whole disk encryption software.  However, the list is not exhaustive, as TSol points out.  What do these seven products have in common?  The fact that they are FIPS 140-2 validated. (They also mention CCTM, the CESG Claims Tested Mark, but the focus is on FIPS.)

Sidebar: What is disk encryption?

Disk encryption goes by many names: full disk encryption, whole disk encryption, drive encryption, and other myriad combinations using the words "disk" and "drive."  Essentially, it is encryption specifically designed to protect the entire storage device on your computer, as opposed to individual files.

The choice of FIPS 140-2 might be a little odd, since it's actually an American-Canadian standard that is administered by the US's National Institute of Standards Technology.  On the other hand, it does dovetail with the belief in the encryption community that once you have a good process in place, you shouldn't reinvent the wheel for the fear of introducing unforeseen errors.

Other Things to Consider Besides FIPS

There are many other things to consider other than FIPS 140-2, and TSol has pointed the importance of the following:

  • Ensure the vendor is committed to the ongoing development of the product.  For all intents and purposes, this is hardly a consideration for FIPS 140-2 validated encryption software.  The process of receiving validation takes a long time and tens of thousands of US dollars, so the developer of a product that's been validated will usually continue to develop it.

  • Ensure the vendor is committed to issuing patches for vulnerabilities and other issues.  Likewise, companies with validated products have a lot of interest in ensuring that any vulnerabilities that come to light are addressed.

Disk Encryption is not File Encryption

Not mentioned is this small, and sometimes confusing, fact: disk encryption is not file encryption.  As I noted in the sidebar above, disk encryption is about encrypting the storage device on the computer.  This is great in case one's computer or external, portable media is stolen because it prevents access to sensitive data, regardless of what the thief may try.

However, if you decide to copy a file from an encrypted disk to another non-encrypted disk, or to e-mail a file from an encrypted disk, then that particular file is not encrypted anymore on the recipient's end.  This is why some organizations opt to disable USB ports on an encrypted computer, or also sign up for e-mail encryption and other forms of data loss prevention software in addition to using full disk encryption.

In fact, it's for this reason that AlertBoot endpoint security software--for laptops, netbooks, and any devices that makes use of computer hard drives for storage--offers not only FIPS 140-2 validated encryption (using Sophos's SafeGuard which is on the TSol's list) but USB port blocking, automatic encryption of external portable drives, and other security features.

It's all about making it convenient to plug up those other issues that can chip away at your data integrity.


Related Articles and Sites:
http://www.tsol.gov.uk/PanelCounsel/pdf/Encryption_and_Erasure_Guidance_for_Panel_Counsel_October_2010.pdf

 
<Previous Next>

Data Encryption: Data Theft Surpasses Physical Asset Theft

Drive Encryption Software: San Diego Regional Center Loses Unencrypted Backup Tape

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.