Toolbox

Disk Encryption: How to Buy FDE

Characteristics of an effective FDE solution and critical selection criteria, according to experts.

October 21, 2009 —

Also see the companion article Full Disk Encryption Dos and Don'ts.

Characteristics of an Effective FDE (Full Disk Encryption) Solution

According to IDC, a sister company to CSO's publisher, an optimal FDE system should have the following characteristics:

• Centrally managed and controlled
• Rapidly deployed and maintained
• Policy driven
• Completely transparent to the user
• Easily supported by help desk or IT personnel
• Provide support for removable media
• Expandable, allowing new managed encryption applications to be added, as needed
• Extensible, enabling organizations to add managed encryption to existing enterprise applications

Selection Criteria

According to a presentation by Eric Leighninger, chief security architect at Allstate Insurance, selection criteria he used when choosing an FDE system included:

• Strong key management
• Storage of encrypted keys separate from encrypted data
• Controlled views to keying material (separation of duties)
• Key recovery (onsite, offsite and disaster recovery)
• Interoperability with enterprise software
• Support for removable media
• Low performance degradation
• Background encryption processing capability
• Fault tolerance (power outages or user shutdown does not affect encryption process)
• Support for suspend and hibernation states
• Compliance with FIPS 140-2, a U.S. government computer security standard

• Email
• Print
• Comments
• Digg This
• SlashDot

• Full Disk Encryption Dos and Don'ts
• Wireless Intrusion Detection and Prevention Systems: Selection Criteria
• Unified Threat Management Appliances: How to Choose 'Em and Use 'Em