Monday, July 21, 2008

Guaranteed!!! Peace of mind... with Disk Encryption

“700 laptops with crucial, sensitive Military secrets have been stolen in U.K.” ….. This was reported by a leading news daily on Saturday 19th July 2008.

Imagine the threat of this data falling into the wrong hands….

Imagine a similar situation befalling your organization?

Are you prepared to thwart such an eventuality?

If the answer to the above question is no, then DISK ENCRYPTION will help you overcome such situations and will ensure your peace of mind.

What is Disk Encryption?

Disk encryption is a special case of data at rest protection when the storage media is a sector-addressable device (e.g., a hard disk, USB drive, Zip drive or a flash card/drive). It is a technique that allows data to be protected even when the OS is not active, for example, if data is read directly from the hardware as compared to access restrictions commonly enforced by an OS.

What are the types of Encryption?

Encryption can happen at the following levels:
1. Full Disk encryption- ideal for devices on the move like laptops, notebooks, palmtops, USB sticks.
2. Partition level encryption
3. Encrypted Containers stored in the regular file system also called as HIDDEN VOLUMES
4. File System level Encryption

Most Disk Encryption systems use a combination of the below mentioned techniques:
• Cipher Block Chaining(CBC)

• Electronic Code Book(ECB)
• Cipher Feedback(CFB)
• Output Feedback(OFB)
• Counter(CTR)
• Cryptographically Secure Pseudorandom number generators(CSPRNG)
• Message Authentication Codes(MAC)

Advantages of Disk Encryption:
1. Assures that intellectual property and sensitive or legally protected information is accessible only to authorized users.
2. Meet regulatory compliance requirements through strong, centrally managed encryption
3. Ensures confidentiality of data
4. Protects data even when OS is not in use.
5. Ensures that data cannot be accessed by unauthorized users
6. Makes the disk/data unusable in the event of unauthorized access.
7. Encryption/Decryption is done transparent to the users.

No comments: