Disk Encryption: How to Buy FDE

Characteristics of an effective FDE solution and critical selection criteria, according to experts.

Also see the companion article Full Disk Encryption Dos and Don'ts.

Characteristics of an Effective FDE (Full Disk Encryption) Solution

According to IDC, a sister company to CSO's publisher, an optimal FDE system should have the following characteristics:

  • Centrally managed and controlled
  • Rapidly deployed and maintained
  • Policy driven
  • Completely transparent to the user
  • Easily supported by help desk or IT personnel
  • Provide support for removable media
  • Expandable, allowing new managed encryption applications to be added, as needed
  • Extensible, enabling organizations to add managed encryption to existing enterprise applications

Selection Criteria

According to a presentation by Eric Leighninger, chief security architect at Allstate Insurance, selection criteria he used when choosing an FDE system included:

  • Strong key management
  • Storage of encrypted keys separate from encrypted data
  • Controlled views to keying material (separation of duties)
  • Key recovery (onsite, offsite and disaster recovery)
  • Interoperability with enterprise software
  • Support for removable media
  • Low performance degradation
  • Background encryption processing capability
  • Fault tolerance (power outages or user shutdown does not affect encryption process)
  • Support for suspend and hibernation states
  • Compliance with FIPS 140-2, a U.S. government computer security standard
Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies