We live in an age of security breaches. It鈥檚 hard to turn on the news and not hear about another compromised company. An attack vector for such hacks that鈥檚 growing in frequency is system theft. Studies show that a laptop is stolen . Once stolen, the laptop鈥檚 hard drive can be removed and opened via another machine, laying out the drive鈥檚 juicy data for a hacker to prey upon. These attacks can be prevented with full disk encryption. But, what is full disk encryption (FDE)?
What is Full Disk Encryption (FDE)?
Full disk encryption employs at rest encryption software, such as BitLocker for Windows庐 systems or FileVault 2 for Macs庐, to improve hard drive security. With FDE, a computer鈥檚 data is encrypted during periods where the machine is off, or at rest. That way, the drive鈥檚 data can only be accessed in one of two ways. Of course, the first option is inputting user credentials and opening up the laptop as normal. The other option, such as in the case of laptop theft or a similar event, requires that the drive is unlocked via a complex recovery key if the password is not available. Of course, the hope is that the thief will not know either the password or the recovery key, so therefore the data would be inaccessible.
Because of the nature of full disk encryption, bad actors are less likely to be able to purge a swiped hard drive鈥檚 information, making the system more secure as a whole. Data at rest is so widely regarded for its ability to promote security that it is a requirement for many compliance regulations including PCI, HIPAA, and GDPR. Encrypted data is especially pertinent for HIPAA compliance, as one of the healthcare industry鈥檚 biggest breaches was due to the .
Full Disk Encryption in IT
While it certainly has its benefits, full disk encryption is not as widely used as you would think it should be. In IT especially, enterprise implementations of FDE are proving to be a more difficult task than some sysadmins feel is worth. In today鈥檚 modern, heterogeneous IT environments, enabling two different at rest encryption softwares (BitLocker & FileVault 2) across a multitude of Mac and Windows machines isn鈥檛 easy. Most admins either have to utilize a patchwork of solutions to do so for each software, or do so on each system manually. This is not to mention the process of obtaining and storing recovery keys in case a password is forgotten.
Thankfully, a solution in the IT space is enabling full disk encryption across both platforms, and it鈥檚 automating the process at that. It鈥檚 called 探花大神庐 Directory-as-a-Service庐, and is a third party, cloud-based directory service. Using 探花大神鈥檚 cross-platform GPO-like capabilities, called Policies, IT admins can enable FDE on a fleet-wide basis, and create an automated process for enforcing FDE on newly onboarded employee systems as well.
探花大神鈥檚 Full Disk Encryption Policies
探花大神 is revolutionizing the concept of full disk encryption management with its policies for Mac and Windows. With the Directory-as-a-Service platform, sysadmins no longer have to worry over looming threats of hard drive compromise, no matter the system. Good security protocols start at the system level, and with 探花大神鈥檚 FDE Policies (and others such as screen saver lock, disable USB, and more), you can ensure that your IT organization鈥檚 security is up to snuff.
To learn more about full disk encryption and Directory-as-a-Service Policies, you can contact us with questions. By scheduling a 探花大神 demo, you can see the product, it鈥檚 Policies, and so much more firsthand. Of course, if 探花大神 seems like the FDE-enabling solution for you, consider . Your account is free and comes with ten free users to get you started.
