Is full-disk encryption worth it? Pokémon
Don’t you love headlines that can be answered so easily? From Infoworld, one of my favourite sources of whitepapers which I read for a hobby because I’m a nerd:
The Ponemon Institute’s research study, entitled “The TCO of Software vs. Hardware-based Full Disk Encryption,” claims to provide an answer. The study, conducted last year, polled more than 1,300 IT and IT security professionals in four countries — the United States, the United Kingdom, Germany, and Japan — for detailed information about their use of and expectations for hardware-based full-disk encryption.
Perhaps it’s because I had a long day, but I reread that paragraph at least five times, and I kept seeing “Pokémon Institute”.
The results, recently reanalyzed with new insights provided in a follow-up paper, showed that full-disk encryption came at a fair cost, in big part because of the time and labor involved in deploying it. But the perceived benefits for using full-disk encryption far outweighed those costs.
An interesting read, but nothing surprising. Whole drive encryption would have added tremendous computational overhead to already slow machines back in the day, but today there really aren’t any good [technical] reasons for eschewing (gesundheit) it.
From an enterprise perspective, the biggest arguments I’ve heard against it have been those initial deployment costs, and the added potential complexity for data recovery. That’s not a problem though, because everyone backs up. R-right?
Then there’s the issue of vendor support, or lack thereof. Mac OS X, the BSDs and all major Linux distributions ship with whole drive encryption as a configuration option, but Microsoft’s BitLocker is only offered on the non-consumer flavours of Vista, 7 and 8.
It’s regrettable Microsoft places more importance on artificial product differentiation than the privacy of their home customers’ data. No catching ‘em all today.