Nothing beats a good padlock

For the singular entrepreneur, consultant or home accountant/mother-of-two, encrypting a computer hard drive is likely protection enough in case the machine is taken. Unless the thief thinks there is something very very valuable hidden on that drive, it will likely get reformatted, for uh, resale.

For big companies, however, encryption alone isn’t enough – the issues are much more complex. You have to know where the data comes in and out of the organization, how it is stored, how much is stored, and where it is stored.

It might also be nice to have employees that don’t leave valuable data in the backseats of cars……ok, I’ll won’t harp on the laptop thing anymore this week.

Comments

James says:

Curious what your thinking is in choosing file/container level encyrption over full disk encryption. Have you considered open source offerings such as truecrypt.org?

Thanks for addressing in future blog entry.

James,

I use “file/container” or virtual disk encryption exclusively. Why? Personal preference based on the tradeoff of convenience (full disk) versus flexibility and portability (virtual).

With virtual, I can backup those entire containers to my external drive, periodically, and still know that getting the drive snatched will do me no harm. In addition, I periodically backup those dually stored containers to DVDs, and drop them in a safe deposit box. Yes, I could drop the entire drive there, but then I would need to rotate multiple external drives – and this way I am not exposed to gross mechnical failures either. Not to mention I have found the full disk deal (like FileVault) to be somewhat slow, and prone to failings upon hardware swaps.

I have used the PGP disk product for years (starting on Windows and on the migration to OS X). Haven’t looked at truecrypt, but these disk encryption technologies are pretty mature, and I suspect that solid offerings would exist in the free world.

Cheers, michael

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.